The GDPR is based on three basic principles, namely transparency, security and the principle of proportionality.


Personal data must be processed lawfully, properly and transparently. Proper processing implies acting as a ‘good father’. Any intrusion into personal privacy must be provided for by law and meet a legitimate purpose. It is important to always consider the legal requirements for processing personal data.

Anyone who proceeds to processing personal data must pursue a transparent policy. The data subject must receive all information and notifications in an understandable form. A language adapted to the data subject must be used, so that communication takes place in a clear and understandable way. The data controller must take ‘appropriate measures’ to this end.

In practice, we see that in many cases those involved are not or are not fully informed about the processing of their personal data. Organisations are also often unaware of the composition and amount of data they collect and process. In order to avoid such situations, transparency was chosen as one of the basic

principles of the GDPR. A broad interpretation of the concept of transparency is therefore preferred, whereby one pleads first and foremost for a transparent way of dealing with the persons concerned. It should always be communicated to the data subjects which data are being processed, why this is done and what the data subject can do about it.

In addition, each organisation must be aware of what happens to the collected data. For this purpose, it must map out with which other organisations personal data are exchanged and it must conclude the appropriate agreements for this. Furthermore, the GDPR stipulates that all processing should be recorded in registers in order to create a transparent overview of the data it processes.


In addition to transparency regarding the personal data, the personal data must also be adequately secured. The internet offers many possibilities, but there are also many dangers. Data leaks are therefore ubiquitous, even in large companies (e.g. LinkedIn, Adobe, Dropbox, …). Most of these data leaks are due to insufficient protection of personal data. This is why security is the second basic principle of the GDPR.

Only the person responsible for the processing or the person acting under his authority has access to the data and takes every precaution to secure the access. The person whose data is being processed has the right to request that information directly. To this end, a request should be addressed to the data controller. When weighing up the interests of the data subject, the data controller will always have to carry out a necessity test and justify why it is necessary to reject a request.

Security has an effect on various areas. First of all, your organisation’s IT infrastructure should be sufficiently secure. You can test the security of your IT infrastructure by means of IT penetration test, which we can perform for you. After such test, you will know where the weak spots in your IT infrastructure are and you can take the necessary measures to eliminate them.

Then there is physical security. Physical access to personal data turns out to be very easy in many organisations. Files are often up for grabs, as a result of which personal data can be consulted by unauthorised persons. Therefore it is best to check how easy it is for someone from outside your organisation to gain access to personal data. In this way, you will also find the weak spots, so you can take the necessary measures to eliminate these weak


The proportionality principle

Personal data must be adequate, relevant and must be limited to the minimum necessary for the purposes. It is not always possible to carry out limited processing. Data must be kept in a form which does not enable the data subject to be identified for longer than is necessary for the purposes. They must be accurate and kept up to date, the so-called accuracy requirement. All reasonable measures must be taken to delete or correct data which are inaccurate.

Hoofdwebsite Contact
make appointment upload

      GDPR proof area
      upload uw documenten

      drag your documents here or choose file

      drag your correspondence here or choose file

        Benelux (€... )EU (€... )International (price on request)

        By submitting this application, you expressly agree to our General Terms and Conditions and confirm that you have carefully read our Privacy Policy. Sending this application is considered as order confirmation.
        error: Helaas, deze content is beschermd!