Newsletter subscription Legal notice Site map

EN

Practice areas > EU Regulatory Law > Data Protection Law >

LAWYERS
Monika KuschewskyPartner - mkuschewsky@vbb.com
NEWS
18/08/2010Van Bael & Bellis successfully assisted Chinese Taipei and Japan in the WTO dispute settlement proceeding concerning the implementation of the Information Technology Agreement (ITA) by the EU.
30/06/2010Van Bael & Bellis successfully represented two companies in pre-stressing steel cartel investigation.
28/06/2010Van Bael & Bellis comments on the proposed reform of the competition rules applicable to horizontal cooperation agreements
16/06/2010Van Bael & Bellis’ Fifth Edition of “Competition Law of the European Community” receives glowing review.
11/06/2010Jean-Francois Bellis to chair session on " Developments in the application of EU antitrust law".
09/06/2010Van Bael & Bellis assisted Italian Sofidel S.p.A. in relation to the Belgian aspects of its acquisition of the UK LPC Group.
25/05/2010Andrzej Kmiecik, partner at Van Bael & Bellis to chair conference on new vertical restraints regime.
19/05/2010Van Bael & Bellis represents Elpida in first-ever settlement with the Commission in a cartel case.
19/05/2010Van Bael & Bellis assisted a German-based international energy projects developer in relation to a large photovoltaic installation on the rooftops of the supermarkets of one of Belgium's largest retailers.
12/04/2010Van Bael & Bellis listed as part of Belgian elite in Life Sciences Patent Litigation.

Data Protection Law

Data protection compliance is gaining increasing importance for our clients in today’s world. The volume of personal data processed is ever growing and new technologies radically change the way in which personal data are handled. This has enhanced the risk for data loss and mismanagement, which can lead to fines, criminal sanctions and enforcement action in the EU and elsewhere. Our clients realise that only a comprehensive data protection strategy will ensure compliance with relevant data protection laws. In addition, an effective data protection strategy has the added benefits of maintaining a company’s reputation and strengthening relationships with customers and employees. Data protection compliance constitutes good business practice and can improve information management within an organisation and protect core business assets.

Van Bael & Bellis’ leading European data protection law practice advises on data protection compliance, both at the EU level and in the majority of the EU Member States. We have broad experience in carrying out multinational data protection projects and audits and regularly develop and implement tailor-made compliance programmes. With our multi-jurisdictional team of lawyers, Van Bael & Bellis is particularly well suited to assist companies, faced with the challenges arising from the complex and varying national legislation across Europe in developing a practical and global approach. We coordinate compliance projects centrally, thus ensuring consistency, and provide a single point of contact for our clients.

We actively seek to understand our clients’ business so that we can be both creative and practical and go beyond mere legal analysis. We have found that active engagement with our clients’ processes, philosophy and business goals enables us to develop the most effective compliance solutions.

Van Bael & Bellis has advised many clients, including major multinationals, from various industries and sectors on data protection issues, both at an EU and national level, and can thus draw from our experience to provide advice which is relevant to our clients’ business needs. Our multi-jurisdictional team of lawyers has developed an important network of contacts with many regulatory authorities and organisations, which gives us in-depth local knowledge and understanding of authorities’ requirements and priorities.

Our services comprise:

Audits
Compliance programmes
Training
Data security
Registration
Legal advice

Audits

Van Bael & Bellis has long-standing experience in conducting data protection compliance audits, both in multiple and single jurisdictions. No matter how complicated our clients’ organisation and data flows, we will devise an appropriate audit method and process so as to obtain a clear overview of our clients’ data processing activities, operations and systems and existing level of compliance. The scope of the audit will vary, depending on our clients’ requirements. We can conduct the audit ourselves, including on-site visits and interviews, or assist clients so that they can carry out the audit in-house. The audit process may comprise:

drafting audit questionnaires or guidelines;
providing audit training; and
reviewing existing policies, contracts and procedures.

We will analyse the audit results and set out our findings in an audit report, identifying the compliance issues, risks and weaknesses. We work closely with our clients to determine the additional steps and measures required to achieve data protection compliance and to devise a compliance programme or strategy.

We also assist clients in conducting privacy impact assessments (PIAs), which analyse the data protection compliance risks and concerns of a particular practice, process, tool, system or technology before it is implemented.

Carrying out a PIA is not only recommended by data protection authorities, but is also cost-efficient, as companies find that a PIA can ensure that potential problems are identified at an early stage and expensive future changes are avoided.

Compliance programmes

Only a comprehensive compliance programme or strategy will ensure compliance with relevant data protection laws on an on-going basis. We create tailor-made programmes and solutions in close collaboration with our clients, taking into account their business requirements.

Where a data protection compliance audit has been conducted, the compliance programme will be developed based on the audit findings, and Van Bael & Bellis will advise on suitable compliance measures.

A compliance programme typically consists of several elements, which can often affect the entire organisation. Van Bael & Bellis can assist in the preparation and implementation of particular compliance measures, including:

advising on data protection organisation;
drafting data protection policies and more specific guidelines;
developing fair processing notices to inform data subjects and obtain their consent if required;
devising suitable safeguards for international data transfers (such as drafting cross-border data transfer agreements or binding corporate rules, advising on adherence to the Safe Harbour principles and alternative methods);
reviewing and drafting outsourcing agreements or other contracts

Training

It is important to ensure that employees that are handling personal data are aware of the applicable rules and policies, understand them and apply them properly. To facilitate this, Van Bael & Bellis:

develops training programmes and training materials for its clients;
conducts tailor-made training seminars and workshops to answer the day-to-day questions that arise in relation to the clients’ handling of personal data; and
assists in developing employee awareness-raising campaigns.

Data security

New and evolving technologies allow businesses to utilise and benefit from their personal data in a variety of ways. However, with new technology, there is always a risk of security breaches, where personal data are lost, stolen or improperly used. Security breaches often damage a company’s reputation, and sometimes lead to criminal or administrative sanctions and civil liability (damage claims).

Van Bael & Bellis:

regularly advises clients on and drafts adequate security policies and procedures in line with the legal requirements and the approach of data protection authorities;
assists in managing security breach events;
advises on appropriate remedial action; and
prepares breach notifications and deals with data protection authorities.

Registration

In many countries, the processing of personal data is subject to registration requirements vis-à-vis the national data protection authorities. The procedures differ from country to country and must be carried out in the language of the country concerned.

Van Bael & Bellis:

advises clients on registration requirements in particular jurisdictions;
reviews existing registrations;
prepares the necessary registration documents; and
processes the registrations on behalf of its clients.

In some countries, data protection authorities may conduct audits and investigations. Van Bael & Bellis:

assists clients in such proceedings; and
represents its clients before the data protection authorities.

Legal advice

Our clients often call upon our services for advice on specific data protection issues, including at a pan-European level. We provide advice from individual questions to broader issues or projects, such as the implementation of whistleblowing schemes or monitoring of employees at work. For each question, we provide practical and personalised answers within strict deadlines, as we recognise the pressure our clients often face.

We also provide clients with checklists and overviews of the applicable rules and requirements in a particular jurisdiction, including at a pan-European level, and the approach of national data protection authorities to particular issues. We also inform our clients about important developments in data protection law in particular areas of interest to them.

Frequent questions from our clients relate to:

International data transfers
Outsourcing
HR
Direct marketing and CRM
New technologies

Avenue Louise 165 Louizalaan, B-1050 Brussels, Belgium | T +32 (0)2 647 73 50 | F +32 (0)2 640 64 99 | brussels@vbb.com
15, boulevard des Philosophes, CH-1205 Geneva, Switzerland | T +41 (0)22 320 90 20 | F +41 (0)22 320 94 20 | geneva@vbb.com
Copyright 2009 All Rights Reserved | Van Bael & Bellis