DPO Consultancy

Last week, we combined our regular internal knowledge sharing session with a Christmas celebration. Being an internationally oriented organisation, it means some of our colleagues will be celebrating their Christmas with family and friends abroad and will be working from there, so we had an early Christmas in the Netherlands this year! Our colleagues Aditya T. and Emine Bilsin shared great insights on working on and with #AI, and on how it impacts #dataprivacy with our clients and how to use it in your benefit. After that, our colleague Deniz Naz Kaya updated us about how we can most optimally share our #knowledge internally, with our own knowledge database. We then shared some personal information with our own ‘Ranking the Stars’ which learned us new insights about our colleagues. After handing out our (again internationally oriented) Christmas gifts, it was time for some culinary indulgence with an international Christmas-themed barbecue, provided by our former colleague Jeremy Bode. Although we have another month to go this year, we are already looking forward to 2025!

We’ve got it! After the announcement we were appointed FD Gazelle, we finally got to pick up the award. Jelmer Pieters and Ronald Appelman went to Utrecht yesterday to join the FD Gazelle award show. And of course, they took their moment to shine on behalf of the whole team!   We’re looking forward to 2025, to help even more organizations with #dataprivacy compliance! #FDGazelle

🌍 Insights from Anu Bradford’s Keynote at the DPC in Brussels On day 2 of the IAPP Data Protection Congress, Anu Bradford delivered an inspiring keynote on the three digital empires shaping the global digital ecosystem: • US: Market-driven, with tech giants like Meta (3B+ users) exporting their influence worldwide. • China: State-driven, building the digital backbone for other jurisdictions through infrastructure like cables and data centers. • EU: Rights-driven, leveraging its consumer market to export regulations globally through the “Brussels Effect.” Anu highlighted the horizontal battles between these empires and the vertical battles between governments and tech companies. The most critical fight, however, is for democracy. Losing the horizontal battle to authoritarian models or the vertical battle to unregulated tech companies could have profound consequences for democratic values worldwide. This keynote was a powerful reminder of the need for accountability, rights-driven approaches, and a commitment to ensuring technology serves people, not just power. How do you see these global dynamics shaping the future of regulation and democracy? #DPC24 #IAPP #Democracy #GDPR #Brusselseffect

🌍🚀 Day 1 at the IAPP Data Protection Congress in Brussels! What an inspiring and thought-provoking start to the conference. Today’s sessions delved deeply into the challenges and opportunities surrounding AI regulation, with a clear focus on the EU AI Act. Here’s a quick recap of the highlights: 1️⃣ AI Act in Action: Visualizing Complexity The first session used 12 infographics to brilliantly demystify the AI Act. A powerful reminder that clear communication is key when navigating complex legislation. 2️⃣ Who’s Regulating AI? Too Many Cooks in the Kitchen? This session tackled a big challenge: how do we regulate AI effectively when so many stakeholders are involved? Key takeaways included: • Regulation demands expertise, but budget constraints often hinder hiring the right experts. • A critical need for regulators who truly understand the technology they’re tasked with overseeing. 3️⃣ AI Act in Action – Part 2: Risk Identification & Required Assessments This deep dive focused on the risk classifications at the heart of the AI Act. Key points: • The four risk types outlined in the Act and how to determine which categories your AI systems fall into. • Essential testing, evaluation, and documentation requirements for AI systems, covering everything from data to models. • Insights into governance for lifecycle monitoring to ensure compliance. 4️⃣ Responsible AI by Design The day concluded with a session on embedding AI governance into enterprise workflows. Discussions highlighted: • The principles of Responsible AI by Design and actionable strategies for integrating ethical and accountable AI practices into organizational frameworks. • How governance frameworks can drive both compliance and trust in AI systems. 💡 These sessions reinforced the importance of balancing innovation with responsibility in AI development. Looking forward to more insightful discussions tomorrow! Let’s keep the conversation going—what are your thoughts on the AI Act and the challenges of regulating AI effectively? #DPC24 #AI #Privacy

€𝟯𝟭𝟬 𝗠𝗶𝗹𝗹𝗶𝗼𝗻 𝗚𝗗𝗣𝗥 𝗙𝗶𝗻𝗲: 𝟯 𝗘𝘀𝘀𝗲𝗻𝘁𝗶𝗮𝗹 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗧𝗮𝗸𝗲𝗮𝘄𝗮𝘆𝘀 𝗳𝗼𝗿 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀𝗲𝘀 📢 𝗡𝗲𝘄 𝗟𝗶𝘃𝗲 𝗕𝗹𝗼𝗴 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝗔𝗹𝗲𝗿𝘁! In our latest blog post, we dive into the recent €310 million GDPR fine imposed on LinkedIn by the Irish Data Protection Commission (DPC). We explore the 𝗸𝗲𝘆 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆𝘀 𝗮𝗻𝗱 𝗹𝗲𝘀𝘀𝗼𝗻𝘀 𝘁𝗵𝗮𝘁 𝗼𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻𝘀 𝗰𝗮𝗻 𝗹𝗲𝗮𝗿𝗻 𝗳𝗿𝗼𝗺 𝘁𝗵𝗶𝘀 𝗰𝗮𝘀𝗲 to strengthen their own data privacy practices and avoid similar pitfalls. 𝗙𝗿𝗼𝗺 𝘁𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆 𝘁𝗼 𝘂𝘀𝗲𝗿 𝗰𝗼𝗻𝘀𝗲𝗻𝘁, this case highlights critical GDPR requirements and the risks of non-compliance. 📖 𝗖𝗵𝗲𝗰𝗸 𝗼𝘂𝘁 𝘁𝗵𝗲 𝗮𝗿𝘁𝗶𝗰𝗹𝗲 to stay informed and make sure your organization is on the right track with GDPR: https://lnkd.in/dJS2Be8X #DPOConsultancy #PrivacyMatters #DataPrivacy #GDPRFine #PrivacybyDesign #PrivacybyDefault

🔍 𝗡𝗲𝘄 𝗪𝗵𝗶𝘁𝗲𝗽𝗮𝗽𝗲𝗿! 𝗗𝗲𝗰𝗼𝗱𝗶𝗻𝗴 𝘁𝗵𝗲 𝗘𝗨 𝗔𝗜 𝗔𝗰𝘁 𝗮𝗻𝗱 𝗚𝗗𝗣𝗥 𝗜𝗻𝘁𝗲𝗿𝘀𝗲𝗰𝘁𝗶𝗼𝗻 In today's fast-paced digital landscape, Artificial Intelligence (AI) is transforming industries like education, healthcare, marketing, HR, and law enforcement. AI systems rely on vast amounts of personal data, making compliance with two critical pieces of legislation— the Artificial Intelligence Act (AI Act) and the General Data Protection Regulation (GDPR)—essential. ⚖️ 𝗞𝗲𝘆 𝗚𝗗𝗣𝗥 𝗖𝗼𝗻𝗰𝗲𝗽𝘁𝘀 𝗳𝗼𝗿 𝗔𝗜 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 Key GDPR concepts such as automated decision-making, explainability, and transparency play a major role in AI. Data controllers and processors may also face added responsibilities, depending on their role under the AI Act and the risk level of the AI systems they develop or use. 📘 𝗗𝗶𝘀𝗰𝗼𝘃𝗲𝗿 𝗢𝘂𝗿 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿: 𝗔𝗻 𝗜𝗻-𝗗𝗲𝗽𝘁𝗵 𝗚𝘂𝗶𝗱𝗲 Our White Paper offers an in-depth understanding of the intricate interplay between these two regulations that have become crucial for organizations operating in the EU. 👉 𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝗼𝘂𝗿 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿 𝘁𝗼𝗱𝗮𝘆 𝘁𝗼 𝘀𝘁𝗮𝘆 𝗶𝗻𝗳𝗼𝗿𝗺𝗲𝗱 𝗮𝗻𝗱 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝘁 𝗶𝗻 𝘁𝗵𝗲 𝘄𝗼𝗿𝗹𝗱 𝗼𝗳 𝗔𝗜 𝗮𝗻𝗱 𝗱𝗮𝘁𝗮 𝗽𝗿𝗶𝘃𝗮𝗰𝘆: https://lnkd.in/dNHZddMi #AIAct #GDPR #DPOConsultancy #DataPrivacy #AISystems

𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝘁𝗵𝗲 𝗲𝗣𝗿𝗶𝘃𝗮𝗰𝘆 𝗥𝗲𝗴𝘂𝗹𝗮𝘁𝗶𝗼𝗻: 𝗪𝗵𝗮𝘁 𝗖𝗵𝗮𝗻𝗴𝗲𝘀 𝗮𝗿𝗲 𝗖𝗼𝗺𝗶𝗻𝗴? As we approach the new era of the 𝗲𝗣𝗿𝗶𝘃𝗮𝗰𝘆 𝗥𝗲𝗴𝘂𝗹𝗮𝘁𝗶𝗼𝗻 (𝗲𝗣𝗥), businesses across the EU (and the world) must prepare for significant changes in data privacy management. The ePR builds on the foundation of the ePrivacy Directive (ePD) but aims to address the privacy needs of today’s digital landscape! 📌 𝗪𝗵𝗮𝘁’𝘀 𝗡𝗲𝘄? 📱 Broader protection covering not only telecom but also OTT services like WhatsApp and IoT devices. ✅ Enhanced consent mechanisms to reduce "cookie fatigue". 🔒 Direct enforcement across all EU states, ensuring consistent application of regulations, and stricter penalties aligned with GDPR for non-compliance. Together with the 𝗚𝗗𝗣𝗥, the ePR forms a robust framework to secure privacy in electronic communications, from metadata to unsolicited marketing. 𝗔𝗿𝗲 𝘆𝗼𝘂 𝗿𝗲𝗮𝗱𝘆 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗻𝗲𝘄 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱𝘀? Dive into our latest live blog post to get detailed insights on what the ePrivacy Regulation means for you and your business. 👉 𝗥𝗲𝗮𝗱 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝗮𝗿𝘁𝗶𝗰𝗹𝗲 𝗵𝗲𝗿𝗲 (there is a free whitepaper for you at the end!): https://lnkd.in/g3GFxb6H #ePrivacy #DPOConsultancy #DataPrivacy #GDPR #DataProtection

We are hiring. DPO Consultancy zoekt nieuwe collega's: Een medewerker sales support (met interesse in marketing): je hebt een belangrijke ondersteunende rol bij het vergroten van onze merkbekendheid, het aantrekken van klanten, het omzetten van leads naar klanten en het onderhouden van klantrelaties (parttime 20-24 per week). Een support medewerker finance (parttime 20-24 uur per week): je vervult een belangrijke ondersteunende rol bij de boekhouding en financiële administratie, het opstellen van rapportages en analyses en de salarisadministratie, ook ondersteun je financiële processen en voer je algemene administratieve taken uit. Natuurlijk als je bij jezelf denkt: ' ik wil beide rollen doen'. Dat is ook mogelijk. Heb je interesse? Kijk op onze website : https://lnkd.in/eiY2cZey of stuur mij een bericht (n.vandewerken@dpoconsultancy.com of mobiel 06-52001710).

Being an FD Gazelle has more advantages than we imagined. Today we received an amazing gift for the Gazelle from Nicole van Puffelen-Huisman and Ed van Puffelen. A great addition to the office. We now get to be competitive at more areas at once! Thanks!! #fussball #fdgazelle

🔍 𝗧𝗵𝗲 𝗥𝗶𝗴𝗵𝘁 𝘁𝗼 𝗘𝗿𝗮𝘀𝘂𝗿𝗲: 𝗘𝗗𝗣𝗕’𝘀 𝗙𝗼𝗰𝘂𝘀 𝗳𝗼𝗿 𝟮𝟬𝟮𝟱   📝 𝗪𝗵𝗮𝘁 𝗱𝗼𝗲𝘀 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝟭𝟳 𝘀𝗮𝘆? Article 17 of the 𝗚𝗲𝗻𝗲𝗿𝗮𝗹 𝗗𝗮𝘁𝗮 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗥𝗲𝗴𝘂𝗹𝗮𝘁𝗶𝗼𝗻 (𝗚𝗗𝗣𝗥) states that “the data subject shall have the right to obtain from the controller the 𝗲𝗿𝗮𝘀𝘂𝗿𝗲 𝗼𝗳 𝗽𝗲𝗿𝘀𝗼𝗻𝗮𝗹 𝗱𝗮𝘁𝗮”. This sounds easy and straight forward but this is something that many organizations are still grappling with. 🛡️ 𝗪𝗵𝘆 𝗶𝘀 𝘁𝗵𝗲 𝗥𝗶𝗴𝗵𝘁 𝗧𝗼 𝗘𝗿𝗮𝘀𝘂𝗿𝗲 𝗶𝗺𝗽𝗼𝗿𝘁𝗮𝗻𝘁? The right to erasure is one of the most frequently exercised 𝗱𝗮𝘁𝗮 𝗽𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗿𝗶𝗴𝗵𝘁𝘀 and one which 𝗗𝗮𝘁𝗮 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘁𝗶𝗲𝘀 (𝗗𝗣𝗔𝘀) receive the most complaints about. Therefore, during the 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟮𝟬𝟮𝟰 𝗽𝗹𝗲𝗻𝗮𝗿𝘆, the 𝗘𝘂𝗿𝗼𝗽𝗲𝗮𝗻 𝗗𝗮𝘁𝗮 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗕𝗼𝗮𝗿𝗱 (𝗘𝗗𝗣𝗕) selected the topic for its fourth 𝗖𝗼𝗼𝗿𝗱𝗶𝗻𝗮𝘁𝗲𝗱 𝗘𝗻𝗳𝗼𝗿𝗰𝗲𝗺𝗲𝗻𝘁 𝗔𝗰𝘁𝗶𝗼𝗻 (𝗖𝗘𝗙). This will concern the implementation of the 𝗿𝗶𝗴𝗵𝘁 𝘁𝗼 𝗲𝗿𝗮𝘀𝘂𝗿𝗲 (also referred to as the 𝗿𝗶𝗴𝗵𝘁 𝘁𝗼 𝗯𝗲 𝗳𝗼𝗿𝗴𝗼𝘁𝘁𝗲𝗻) by data controllers. DPAs will join this action on a voluntary basis in the coming weeks and the action will be launched during the first semester of 2025.   🎯 𝗪𝗵𝗮𝘁 𝗶𝘀 𝘁𝗵𝗲 𝗴𝗼𝗮𝗹 𝗼𝗳 𝘁𝗵𝗲 𝗰𝗼𝗼𝗿𝗱𝗶𝗻𝗮𝘁𝗲𝗱 𝗮𝗰𝘁𝗶𝗼𝗻? The aim of this coordinated action will be, among other objectives, to evaluate the implementation of this right in practice. This will be done, for example, by 𝗮𝗻𝗮𝗹𝘆𝘀𝗶𝗻𝗴 𝗮𝗻𝗱 𝗰𝗼𝗺𝗽𝗮𝗿𝗶𝗻𝗴 𝘁𝗵𝗲 𝗽𝗿𝗼𝗰𝗲𝘀𝘀𝗲𝘀 put in place by different controllers to identify the most important issues in complying with this right, but also to get an overview of 𝗯𝗲𝘀𝘁 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀.   📊 𝗪𝗵𝗮𝘁 𝗵𝗮𝗽𝗽𝗲𝗻𝘀 𝗻𝗲𝘅𝘁? The results of these national actions will then be 𝗮𝗴𝗴𝗿𝗲𝗴𝗮𝘁𝗲𝗱 𝗮𝗻𝗱 𝗮𝗻𝗮𝗹𝘆𝘀𝗲𝗱 together to generate deeper insight into the topic and allowing for 𝘁𝗮𝗿𝗴𝗲𝘁𝗲𝗱 𝗳𝗼𝗹𝗹𝗼𝘄-𝘂𝗽 on both a national and EU level.   📅 𝗪𝗵𝗲𝗻 𝘄𝗶𝗹𝗹 𝘄𝗲 𝘀𝗲𝗲 𝘁𝗵𝗲 𝗿𝗲𝘀𝘂𝗹𝘁𝘀? The report will be adopted at the beginning of 2025. It is expected that the 𝗘𝗗𝗣𝗕 will issue 𝗴𝘂𝗶𝗱𝗲𝗹𝗶𝗻𝗲𝘀 𝗼𝗻 𝘁𝗵𝗲 𝗿𝗶𝗴𝗵𝘁 𝘁𝗼 𝗲𝗿𝗮𝘀𝘂𝗿𝗲, which must be adhered to by all data controllers and data processors.   💼 𝗛𝗼𝘄 𝗰𝗮𝗻 𝗗𝗣𝗢 𝗖𝗼𝗻𝘀𝘂𝗹𝘁𝗮𝗻𝗰𝘆 𝗵𝗲𝗹𝗽? Starting in 2025, changes in the guidelines regarding the 𝗿𝗶𝗴𝗵𝘁 𝘁𝗼 𝗲𝗿𝗮𝘀𝘂𝗿𝗲 are expected following the 𝗘𝗗𝗣𝗕'𝘀 𝗰𝗼𝗼𝗿𝗱𝗶𝗻𝗮𝘁𝗲𝗱 𝗮𝗰𝘁𝗶𝗼𝗻. Organizations will need to ensure they comply with these new regulations. At 𝗗𝗣𝗢 𝗖𝗼𝗻𝘀𝘂𝗹𝘁𝗮𝗻𝗰𝘆, we are here to help you navigate these changes and ensure your organization remains compliant. If you have any questions or need support in implementing the new guidelines, please contact us at 📧 info@dpoconsultancy.nl for further assistance. #GDPR #DataProtection #RightToBeForgotten #DataPrivacy #DPOConsultancy