Still, all DPOs and business owners hope that it will not happen to them.

The pandemic has brought cybercrime levels and information security threats to a new high. To be able to react in the 72-hours window after a high-risk data breach, you need an adviser who is familiar with your business processes and the knows the drill under GDPR and – if applicable – the Network and Information Security Directive.

We represent both our legacy clients and undertake new mandates in situations of personal data breaches. We assist in assessing the risk levels as per the EDPB's guidelines, drafting notices to authorities, circular notices to affected data subjects, handling Subject Access Requests post-breach, undertaking damage limitation activities, coordinating and capturing ex-post investigations of the breach and informing third party controllers and processors that might also be affected by the breach.

We prepare our clients to address litigation claims or draft (mass) claims on behalf of the subjects whose data has allegedly been breached. We explain the consequences to the management, partners, clients and employees and assist all parties to reach a mutually acceptable plan for future measures and amicably settle on compensation on the occasions when damage is imminent.