Content available in English.

Rotterdam, February 18, 2019 - In the past three years, privacy software company PrivacyPerfect added many customers all over Europe and beyond. Today, the company announces the appointment of Sander Schoneveld as its new CEO. In this role, Sander will help to grow the business further across Europe in line with the existing growth strategy. Evert de Pender, who has been at the helm of the company since 2015, will remain on the company’s Board.

Before the enforcement of the GDPR in May 2018, not many organisations were aware of the GDPR. However, this regulation has affected businesses worldwide and has drastically changed the way in which organisations collect, store and use data. Since the GDPR has been in force for a while now, the urgency for an effective privacy compliance program is higher than ever. In this blogpost series, we will explain in detail how to create, to execute and to communicate a successful GDPR privacy compliance program within your organisation.

Impact assessments are essentially risk management tools, whether they are concerned with the environment, society, business, or personal data. In case of personal data, Article 35 of the GDPR requires controllers to conduct a data protection impact assessment (“DPIA”) prior to undertaking processing activities that are likely to pose high risk to the rights and freedoms of natural persons. This is essentially a holistic risk assessment taking into account the nature, scope, context and purposes of the processing. 

No matter what sector your business is in, how large or small an organisation you are, or whether your products and services are B2C or B2B, today, with increasing consumption occurring online, it is imperative that your online marketing strategy is relevant, up-to-date and effective. 

Do you sometimes feel that internet works like magic; do certain incidents seem inexplicable to you, such as getting flooded with advertisements about products you may have idly surfed days ago? Whether you are a technical genius or technologically challenged, if you spend any of your time online, you have probably seen pop-up screens while surfing online, that require you to agree to the use of something called “Cookies”. Do you carelessly agree to the use of cookies, or do you take time to read the Cookie policy?


The concept of ‘consent’ should be a fairly self-explanatory one. It is not a unique idea; in fact, consent simply signifies the “meeting of minds” and has forever been one of the core principles of contract law. However, recent times have witnessed unsettling discussions surrounding ‘consent’ spanning across divergent areas of the socio-legal spectrum. In this blog post our focus is however limited to ‘consent’ in the paradigm of EU data protection law. 

The GDPR has been in force for five months. While most publications focus on the (hefty) sanction regime, the GDPR is mainly about accountability. It provides data subjects with rights to take control over their own personal data and obliges organisations to facilitate these rights. It also requires organisations to have much more insight into their own data processing activities. This is primarily reflected in three documentation obligations: for processing activities, for data protection impact assessments and for data breaches.

Over the past year, we have been working on improving the Link personal data and data sources function. It took us more time than we hoped for, because it appeared hard to make the user interaction really simple. From early November, we will make available the new Group editor. This enhances current functionality in order to give more freedom of expression and greatly facilitates the actual grouping activity.

Before conducting an international data transfer, organisations need to check the GDPR very carefully. International data transfers should not only be compliant with Chapter 5 but also with all other requirements of the GDPR (following from Article 44 GDPR). Also, in order to transfer personal data outside the EU, organisations need to follow the layered approach of the European Data Protection Board.

The European Economic Area (EEA) is the combination of European Union (EU) and European Free Trade Association (EFTA) states, except for Switzerland. The EEA has now incorporated the GDPR into the EEA agreement. This was done by an EEA Joint Committee Decision dated 6th July 2018, which came into force on 20th July, 2018.