AVG-compliance voor MKB zonder eigen jurist
Verwerkersregister, bewaartermijnen, DPIA, datalek-melding, cookies, marketing-consent. Alles wat een MKB praktisch moet regelen zonder dat het een dagtaak wordt.
Alle artikelen in deze categorie
11 artikelenLogging IP addresses under GDPR: pseudonymous, personal data, and what's allowed?
An IP address is personal data under GDPR. Security logs often need to retain them for weeks or months. How do you reconcile that with data minimisation principles?
AVG & privacyData Retention Periods by Category for SMBs
How long should you keep customer data, job applicants, invoices, or CCTV footage? Here are the key categories in a clear overview table, with the source for each retention period.
AVG & privacyMarketing consent: email, WhatsApp, retargeting — what are you still allowed to do?
Your newsletter, promotional emails, retargeting pixels — they all need a valid consent basis. Here are the concrete rules per channel.
AVG & privacyData subject rights: access, rectification, erasure — a workable procedure
A customer wants to see their data — or have it deleted. You have 30 days. Here's the procedure that gets it done without each request eating up half a week.
AVG & privacySub-processors outside the EU: what Schrems II still requires
Using AWS, Google, or Microsoft? Then some of your data flows through the US. Since Schrems II, that's no longer a given. Here's what actually works today.
AVG & privacyDPIA — Data Protection Impact Assessment: when is it required, and when can you skip it?
A DPIA sounds like something only large enterprises need to worry about. For SMBs it's rarely required — but there are a handful of specific situations where it is. Here's the decision tree.
AVG & privacyData Breach: When to Report, When Not To, Within 72 Hours
Not every incident is a data breach. Not every data breach needs to be reported to the AP. Here's the decision tree and a sample notification template.
AVG & privacyCookie Consent in 2026: What's Changed, What's Allowed, What Has to Go?
Cookie legislation has been actively enforced since 2023. Many legacy cookie banners no longer comply. Here are the current rules and the three-column model.
AVG & privacyPrivacy policy on your website: which templates actually work?
Your privacy policy doesn't need to be 15 pages of legal jargon. Readable, honest, complete — here's the structure that works.
AVG & privacyData Processing Agreements (DPAs): who, when, and don't overcomplicate it
Every SaaS that processes personal data on your behalf needs a DPA. Most vendors already have one ready on their website. Here's a quick checklist so you don't end up with 40 stray PDFs a year from now.
AVG & privacySetting up a processing register: what to include (and what not to)
Every SMB with employees needs a processing register. The Dutch DPA checks for it in almost every inspection. Here's a template and exactly what to include.