Data protection litigation: preparing to defend yourself

If people were to look, they would probably conclude that you do not fully comply with data protection rules. Top of the line security always fails somewhere, typically at the human level, and the same reasoning applies to data protection compliance.

Even if you build your processes, systems and procedures with data protection rules in mind, you cannot prevent every mistake.

However mature your organisation may be in data protection terms, there is always a weakness – and non-compliance is then a likely consequence.

This provides regulators, competitors and data subjects with opportunities to attack you. Conversely, there may be cases where you wish to use weaknesses of a competitor or adversary against them.

Either way, you need to give careful thought to data protection litigation, both as a risk you have to manage and as an opportunity on which you can capitalise.

Read more about it here.

Update

09.02.2024
Privacy & data in the Benelux: five things you need to know in 2024
Update

08.08.2023
Third parties can intervene in BDPA proceedings and appeal its decisions
Update

14.07.2023
Green light for EU-US Data Privacy Framework: a new era for transatlantic data flows
Corporate news

06.06.2023
Anke Holtland appointed to counsel Public Law
Publication

14.04.2023
Best practices for drafting and updating data protection notices
Update

01.03.2023
Dutch DPA letter to the government on PNR: enforcement threatens again with focus on proportionality
Update

27.02.2023
Data Protection in Belgium: the 2023 focus of the BDPA
Update

13.02.2023
The end-user and its avatar - data integrity risks and ethical challenges in the metaverse - Part one
Publication

03.02.2023
NautaDutilh contributes to IAPP's Global Legislative Predictions 2023
Update

20.01.2023
Benelux Technology Law in 2023: five things you need to know
Publication

15.12.2022
GDPR & AML: no longer public access to UBO data without legitimate interest
Update

28.11.2022
No longer public access to UBO data without legitimate interest
Publication

27.10.2022
Vincent Wellens on FATCA in the Paperjam
Publication

22.08.2022
Privacy and security concerns in the metaverse
Update

28.07.2022
VoetbalTV: Administrative fine permanently annulled without judgement on the 'pure commercial interest'
Publication

13.07.2022
Luxembourg first member state to launch a certification mechanism under the GDPR
Publication

28.06.2022
European Data Protection Board harmonises EU fining guidelines
Update

14.06.2022
New GDPR guidelines on fines on the way
Update

07.06.2022
Data protection impact assessments new EDPS recommendations
Update

03.06.2022
Heavy fines for Belgian airports for using thermal imaging cameras – what are the lessons for the other controllers?
Corporate news

28.01.2022
Our privacy experts Vincent Wellens and Yoann Le Bihan contribute to the IAPP’s Global Legislative Predictions 2022
Update

27.01.2022
Benelux Data Law: five things you need to know in 2023
Update

11.01.2022
Luxembourg IP & Technology Law: five things you need to know
Publication

15.12.2021
Data Protection notices after the Whatsapp case: what's the message?
Blog

10.12.2021
The record fine for the Dutch Tax Administration from a legal perspective
Update

25.11.2021
Prohibition of online advertising in a list of e-mails or messages: a misstep by the CJEU?
Update

26.10.2021
Why all companies should care about the UN's cybersecurity & software update regulations: Lessons for all sectors
Deal or Case news

16.09.2021
NautaDutilh assists SoftBank Vision Fund 2 with its Series C investment in Dutch scale-up SendCloud
Corporate news

02.07.2021
NautaDutilh's IP & Tech Law team recognised by Leaders League
Update

17.06.2021
Belgian DPA: fines prohibited in the absence of a prior order to comply?
Update

15.06.2021
The CNPD Publishes Several Decisions Following Investigations
Update

29.04.2021
Insufficient cybersecurity measures under GDPR: 100k EUR fine in Belgium & key fines elsewhere
Corporate news

26.03.2021
NautaDutilh participates to Brexit and Covid legal update webinar
Update

02.12.2020
(Alleged) data protection infringement? Say bye-bye to your .be domain name
Update

18.11.2020
Personal data transfers to the UK: Last weeks to prepare for an increasing likely «no-deal» Brexit
Update

17.11.2020
New Belgian DPA decision: employee consent sometimes works
Update

12.11.2020
Finally some practical EDPB guidance on how to make international data transfers lawful
Update

07.10.2020
What to do with ex-employee mailboxes? Belgian DPA fines post-dismissal use of e-mails
Update

14.09.2020
New controller-processor guidelines: beware of impact on data processing agreements
Update

03.08.2020
New Belgian DPA decision: broader "controller" concept & extensive access rights?
Update

16.07.2020
Schrems II: What is (or should be) on your to-do list for international data transfers?
Update

14.07.2020
What does the new Google decision by the Belgian DPA mean for other organisations?
Corporate news

09.07.2020
Peter Craddock in Le Vif/L'Express on contact tracing
Update

23.06.2020
Surveys, transparency and DPIAs: tips from the Belgian DPA
Update

10.06.2020
Belgium: new data protection decisions on complaints by opponents – next, competitors?
Update

25.05.2020
Belgium: what has GDPR year 2 taught us, and what will come next?
Update

20.05.2020
Belgium: two new fines for tell-a-friend and health-related GDPR violations
Publication

19.05.2020
GDPR: some organisations may need a new DPO according to the Belgian Data Protection Authority
Update

07.05.2020
You may need a new DPO, according to the Belgian Data Protection Authority
Corporate news

04.05.2020
NautaDutilh Avocats Luxembourg hosts webinar "Manage a company remotely in compliance with Luxembourg law"
Update

16.04.2020
When the Belgian DPA comes knocking, who knows what it might find (or fine)
Update

09.04.2020
Freshly baked cookie guidance from Belgian Data Protection Authority
Update

27.03.2020
Ex-employers sharing dirt on an employee: no fine under data protection law if done orally?
Update

17.03.2020
COVID-19 & homeworking: how will we sign documents now?
Publication

17.03.2020
What legal framework for your APIs in the financial sector?
Update

05.03.2020
Your ID for a loyalty card: no data protection fine in the end?
Publication

17.02.2020
The Belgian data protection authority issues guidance on the processing of personal data for direct marketing purposes
Update

11.02.2020
Want to reach your customers or prospects? Important new direct marketing guidance in Belgium
Publication

23.01.2020
Cookies are to be consumed with moderation certainly in the Christmas period
Update

08.01.2020
Social elections 2020 & personal data challenges
Update

07.01.2020
Clarity on territoriality?

Related articles

Privacy & data in the Benelux: five things you need to know in 2024

Third parties can intervene in BDPA proceedings and appeal its decisions

Green light for EU-US Data Privacy Framework: a new era for transatlantic data flows

Anke Holtland appointed to counsel Public Law

Best practices for drafting and updating data protection notices

Dutch DPA letter to the government on PNR: enforcement threatens again with focus on proportionality

Data Protection in Belgium: the 2023 focus of the BDPA

The end-user and its avatar - data integrity risks and ethical challenges in the metaverse - Part one

NautaDutilh contributes to IAPP's Global Legislative Predictions 2023

Benelux Technology Law in 2023: five things you need to know

GDPR & AML: no longer public access to UBO data without legitimate interest

No longer public access to UBO data without legitimate interest

Vincent Wellens on FATCA in the Paperjam

Privacy and security concerns in the metaverse

VoetbalTV: Administrative fine permanently annulled without judgement on the 'pure commercial interest'

Luxembourg first member state to launch a certification mechanism under the GDPR

European Data Protection Board harmonises EU fining guidelines

New GDPR guidelines on fines on the way

Data protection impact assessments new EDPS recommendations

Heavy fines for Belgian airports for using thermal imaging cameras – what are the lessons for the other controllers?

Our privacy experts Vincent Wellens and Yoann Le Bihan contribute to the IAPP’s Global Legislative Predictions 2022

Benelux Data Law: five things you need to know in 2023

Luxembourg IP & Technology Law: five things you need to know

Data Protection notices after the Whatsapp case: what's the message?

The record fine for the Dutch Tax Administration from a legal perspective

Prohibition of online advertising in a list of e-mails or messages: a misstep by the CJEU?

Why all companies should care about the UN's cybersecurity & software update regulations: Lessons for all sectors

NautaDutilh assists SoftBank Vision Fund 2 with its Series C investment in Dutch scale-up SendCloud

NautaDutilh's IP & Tech Law team recognised by Leaders League

Belgian DPA: fines prohibited in the absence of a prior order to comply?

The CNPD Publishes Several Decisions Following Investigations

Insufficient cybersecurity measures under GDPR: 100k EUR fine in Belgium & key fines elsewhere

NautaDutilh participates to Brexit and Covid legal update webinar

(Alleged) data protection infringement? Say bye-bye to your .be domain name

Personal data transfers to the UK: Last weeks to prepare for an increasing likely «no-deal» Brexit

New Belgian DPA decision: employee consent sometimes works

Finally some practical EDPB guidance on how to make international data transfers lawful

What to do with ex-employee mailboxes? Belgian DPA fines post-dismissal use of e-mails

New controller-processor guidelines: beware of impact on data processing agreements

New Belgian DPA decision: broader "controller" concept & extensive access rights?

Schrems II: What is (or should be) on your to-do list for international data transfers?

What does the new Google decision by the Belgian DPA mean for other organisations?

Peter Craddock in Le Vif/L'Express on contact tracing

Surveys, transparency and DPIAs: tips from the Belgian DPA

Belgium: new data protection decisions on complaints by opponents – next, competitors?

Belgium: what has GDPR year 2 taught us, and what will come next?

Belgium: two new fines for tell-a-friend and health-related GDPR violations

GDPR: some organisations may need a new DPO according to the Belgian Data Protection Authority

You may need a new DPO, according to the Belgian Data Protection Authority

NautaDutilh Avocats Luxembourg hosts webinar "Manage a company remotely in compliance with Luxembourg law"

When the Belgian DPA comes knocking, who knows what it might find (or fine)

Freshly baked cookie guidance from Belgian Data Protection Authority

Ex-employers sharing dirt on an employee: no fine under data protection law if done orally?

COVID-19 & homeworking: how will we sign documents now?

What legal framework for your APIs in the financial sector?

Your ID for a loyalty card: no data protection fine in the end?

The Belgian data protection authority issues guidance on the processing of personal data for direct marketing purposes

Want to reach your customers or prospects? Important new direct marketing guidance in Belgium

Cookies are to be consumed with moderation certainly in the Christmas period

Social elections 2020 & personal data challenges

Clarity on territoriality?

Cookie notification