Windt Le Grand Leeuwenburgh Advocaten

Data, privacy & cybersecurity

Our Data, Privacy, and Cybersecurity team advises clients on their most challenging issues relating to data, privacy, and cybersecurity. Our team has extensive experience in issues relating to data governance, GDPR compliance and policy, (international) data sharing with third parties, the implementation of new IT systems and AI tools, direct marketing, issues relating to cookies, profiling, tracking and online privacy, due diligence, and employment law-related privacy issues such as employee monitoring and internal investigations. Our team regularly advises clients on data handling and data sharing with third parties, within corporate groups or in various partnerships, and can assist in drafting or reviewing processing agreements and data-related aspects of commercial contracts. In addition, our team has experience in advising on digital regulation, including content moderation (under the Digital Services Act and the hosting exemption) and obligations of telecom providers under the Telecommunications Act.

We assist clients in investigations, enforcement proceedings, and complaint handling by the Dutch Data Protection Authority, the ACM, and the National Inspectorate for Digital Infrastructure, handling and reporting cyber incidents and data breaches to various supervisory authorities, handling GDPR requests for access and erasure by data subjects, and representing clients in civil (damage) claims for alleged violations of privacy and cybersecurity legislation.

We take a results-oriented, realistic and practical approach, based on risk and impact. We prepare clients for developments in the market, taking into account the supervisory agenda of relevant supervisory authorities, such as the Dutch Data Protection Authority, and the expectations and perceptions of data subjects.

Data breach or cyber incident?

Contact our team immediately.

Recent matters

Advising on the conditions for data migration of customer and CRM data to a central database within a group.

Advising on the qualification of processing responsibility of parties in public-private partnerships and the resulting obligations under the (U)AVG towards data subjects.

Advising a client on the conditions for (covert) employee monitoring and access to email in the event of absence.

Drafting processing agreements and contracting privacy in commercial contracts.

Advising on data retention requirements for trustees in the context of a bankruptcy.

Advising on the conditions for making new employment offers to the former employees of a bankrupt company.

Other jurisdictions

Share

Lawyers

Nina Orlić
Arthur de Ruiter
Claire ten Heuvelhof

Also interesting

Windt Le Grand Leeuwenburgh welcomes counsel Nina Orlić and adds data, privacy and cybersecurity to its practice.

01-10-25 | News

On 1 October 2025, Windt Le Grand Leeuwenburgh will welcome Nina Orlic as counsel. With this addition, the firm is expanding its practice to include data, privacy and...

Read more
‘Very impressed with Nina Orlić who gives accurate and pragmatic advice in the area of data privacy. She has very thorough knowledge of the subject matter and is a true talent!’ - Legal 500, 2025