#avg
21 artikelen met dit onderwerp
Personnel file retention periods: what to keep, and for how long?
Pay slips 7 years, performance reviews 2 years, rejection letters 4 weeks. Here's a clear overview of Dutch retention periods — no unnecessary legal jargon.
PDF redactieRedaction in the offboarding process: which documents need to be cleaned up?
Ex-employee data must be cleaned up in line with GDPR retention periods. Redaction helps with documents you need to keep — but without personally identifying information.
PDF redactieGDPR: redaction, pseudonymisation and anonymisation — which and when?
These three terms confuse people — and GDPR treats them very differently. Here's what sets them apart and when each one applies.
AVG & privacyLogging IP addresses under GDPR: pseudonymous, personal data, and what's allowed?
An IP address is personal data under GDPR. Security logs often need to retain them for weeks or months. How do you reconcile that with data minimisation principles?
OffboardingOffboarding: the legal framework in the Netherlands
Which laws govern data access, reading emails, device retrieval, and retention periods during offboarding? Not legal advice — but a clear, practical overview.
Microsoft 365 & Entra IDRetention policies in M365: keep or delete — who decides?
Some data must be kept (fiscal obligations), other data must be deleted (GDPR). Retention policies handle this automatically — if you set them up correctly.
AVG & privacyData Retention Periods by Category for SMBs
How long should you keep customer data, job applicants, invoices, or CCTV footage? Here are the key categories in a clear overview table, with the source for each retention period.
AVG & privacyMarketing consent: email, WhatsApp, retargeting — what are you still allowed to do?
Your newsletter, promotional emails, retargeting pixels — they all need a valid consent basis. Here are the concrete rules per channel.
OffboardingEmail forwarding after an employee leaves: what are the rules?
Forwarding a company mailbox to a manager sounds straightforward. But there are pitfalls: GDPR, old contacts, and confused clients. Here's the recipe.
PDF redactieDetecting and removing BSNs in documents
A BSN (Dutch citizen service number) can almost never be shared with third parties. In practice it hides in scans, payslips and old contracts. Here's how to find and remove it systematically.
AVG & privacyData subject rights: access, rectification, erasure — a workable procedure
A customer wants to see their data — or have it deleted. You have 30 days. Here's the procedure that gets it done without each request eating up half a week.
AVG & privacySub-processors outside the EU: what Schrems II still requires
Using AWS, Google, or Microsoft? Then some of your data flows through the US. Since Schrems II, that's no longer a given. Here's what actually works today.
AVG & privacyDPIA — Data Protection Impact Assessment: when is it required, and when can you skip it?
A DPIA sounds like something only large enterprises need to worry about. For SMBs it's rarely required — but there are a handful of specific situations where it is. Here's the decision tree.
AVG & privacyData Breach: When to Report, When Not To, Within 72 Hours
Not every incident is a data breach. Not every data breach needs to be reported to the AP. Here's the decision tree and a sample notification template.
AVG & privacyCookie Consent in 2026: What's Changed, What's Allowed, What Has to Go?
Cookie legislation has been actively enforced since 2023. Many legacy cookie banners no longer comply. Here are the current rules and the three-column model.
AVG & privacyPrivacy policy on your website: which templates actually work?
Your privacy policy doesn't need to be 15 pages of legal jargon. Readable, honest, complete — here's the structure that works.
PDF redactieCV redaction: what to remove before you send it on?
Sharing a CV with a client for a placement? Check what needs to come out under GDPR, privacy rules, and plain common sense — plus a checklist so you never accidentally leave in a date of birth.
AVG & privacyData Processing Agreements (DPAs): who, when, and don't overcomplicate it
Every SaaS that processes personal data on your behalf needs a DPA. Most vendors already have one ready on their website. Here's a quick checklist so you don't end up with 40 stray PDFs a year from now.
AVG & privacySetting up a processing register: what to include (and what not to)
Every SMB with employees needs a processing register. The Dutch DPA checks for it in almost every inspection. Here's a template and exactly what to include.
PDF redactiePDF redaction for SMBs: the complete guide
Redacting a PDF means permanently removing sensitive data — not dragging a black box over it, which anyone can undo in 30 seconds. This guide explains the real process.