Lessons learned

Capitalizing on lessons learned

Many companies have become wise after, for example, becoming a victim of cybercrime, being held liable by customers or suffering damage due to competitors accessing trade secrets. Often, First Lawyers supported by summarising the ‘lessons learned’ and translating them into actions and measures that subsequently have been embedded in the company’s organisation. In this regard, while companies are not unique, a common pattern can be identified.

Assessment of existing contracts

First Lawyers examines whether your existing contracts offer you sufficient legal protection in the following instances and if necessary advises on adjusting contracts:

  • In case of disappointments in the performance of the supplier or partner;
  • If a competitor unlawfully possesses and uses your customer data, strategic business plan or standard working procedures;
  • If a former employee approaches your customers or applies your working procedures at another employer or as a freelancer;
  • If your company is held liable for alleged culpable breach of contracts; and
  • If your company becomes a victim of cybercrime.

In some cases, First Lawyers will adjust contracts themselves or enter into negotiations with suppliers and partners to adjust existing contracts on your behalf.

Be prepared for a data breach

First Lawyers determines whether your organisation is sufficiently prepared for a data breach. The following questions will be asked:

  • Are employees sufficiently trained? Have employees attended awareness courses to ensure data breaches are recognised?
  • Is there an up-to-date script available?
  • Is your organisation able to engage a crisis team quickly, and has this team already practiced the script?
  • Are non-disclosure agreements available?
  • Are cooperation statements available? All parties involved know they need to work together, but at the same time, they are afraid to be held accountable and often mark their position.
  • Are the lawyer and forensic investigation offices’ telephone numbers readily available?
  • Is there an inventory of all processes of personal data? This inventory is needed to quickly determine what risks a data breach entail and whether your employees or customers need to be informed. In addition, the supervisory authority might also ask for this inventory.
  • Can a register of data breaches be submitted to the supervisory authority?

First Lawyers is happy to advise on the necessary preparations and would arrange the required documents for you.

Be prepared for a visit by the supervisory authority

First Lawyers will examine whether your organisation is sufficiently prepared for a visit by the supervisory authority. The following questions will be asked:

  • Does the secretary or reception know what to do when the supervisory authority shows up?
  • Have the key officers received sufficient training to deal with such situations, and do they know how to act?
  • Is there an internal contact person appointed? Usually, this is the data protection officer (DPO).
  • Are all relevant GDPR documents that the supervisory authority would ask for readily available? This includes an inventory of data processing operations, register of data breaches, processing agreements, audit reports, DPIA’s, annual reports of the data protection officer, requests for access and correction, destruction and proof of effective operation of the security measures taken.
  • Is the GDPR documentation easily accessible?

First Lawyers is happy to advise on the necessary preparations and would arrange the required documents for you.

Submit your case

Please feel free to contact one of our lawyers or call +31 (0) 70 306 00 33 or info@firstlawyers.nl.