Skip to content

Privacy, accountability and AI

Organizing effective data protection, privacy and responsible application of artificial intelligence (AI) are and will remain a complex issues, with new risks emerging every day. Are you looking for pragmatic advice and its implementation?

An overview of our services

Advies en onderzoeken

Data Protection Impact Assessment

Management applies DPIAs because it is required by law, and sometimes because the research tool is practical to test the effectiveness of security and control measures taken or to be taken.

Well-planned and executed DPIAs provide management with valuable information about business processes to be improved and processing of (personal) data and trade secrets.

Data Transfer Impact Assessment

Since the Schrems II ruling, the transfer of personal data has been subject to new conditions. Using a Data Transfer Impact Assessment (DTIA), an organization conducts prior research into the privacy risks involved in a transfer of personal data to a country outside the European Economic Area (EEA).

Organizing your accountability

We use an integrated and effective methodology to make business organizations compliant with legal and contractual obligations. The methodology makes use of compliance sources and specifications, standards frameworks and codes of conduct if required. The compliance organization can be supported with IT resources. This makes it easy for regulators, auditors and company management to use the findings of compliance work.

Privacy Baseline / Quickscan

The baseline measurement is an exploratory study aimed at gaining insight into compliance with data protection laws and regulations. The object of examination may be the organization, projects and supporting IT systems and provides insight into the extent to which risks are adequately covered by management and security measures.

Organising reputation management

Reputation management is a precondition for effective business. Partners want access to each other’s reliable data. Partners give access to their company and personal data if the confidentiality of the data is protected. Well-organized reputation management not only reduces liability and cost risks, but also fulfills a prerequisite for the effective organization of business activities.

Privacy implementation and maintenance

Management has since taken the necessary measures to effectively protect personal data. Additional legislation, changing business activities, new releases of IT systems and the departure of the DPO require periodic maintenance. Additional legislation, changing business activities, new releases of IT systems and the departure of the DPO require periodic maintenance.

Taking effective control measures

The regulators expect companies to ensure that the legal requirements are not applied but are built in, “by design,” into the business processes by which business activities are organized and personal data are effectively shielded “by default.” What are the requirements for control measures, and are the control measures taken or to be taken adequate and value-based?


SBC Management System, your privacy accounting

Standard Business Compliance (SBC) management system supports effective organization of privacy and information security. You meet your administrative obligations of 1) keeping a register of personal data processing operations; 2) keeping a record of incidents and data breaches; 3) following up on requests from data subjects; 4) processor agreements and 5) investigations conducted.

Company-specific learning environment and knowledge management

We maintain a collection of awareness and training programs on behalf of Duthler Academy and companies using a company-specific learning environment. Companies use general programs and programs they use to organize specific business activities.

Detachering (FG/PO)

Training DPO

New legislation, innovative IT measures and more effective oversight make the DPOs role more comprehensive. The position of the DPO in an organization is and remains solitary. The DPO training is designed for professionals who want to see the many sides of the work as an DPO highlighted and desire continuing education after successful completion of the course.

Frequently Asked Questions

Is protecting personal data a core business?

Yes, protecting personal data is a core business for us. We wish to serve our clients appropriately by protecting trade secrets and personal data. The reason is:

  • A better value proposition and business case for the company;
  • More clarity for the employees of the organization;
  • Management and security measures are necessary to protect both trade secrets and personal data; and

Accountability for compliance with legal and contractual data protection obligations is accordingly.

Is it possible to create the strategic agenda data of the company or a business unit, in collaboration with professionals from Duthler Associates?

Yes, we have a lot of experience in drawing up a strategic agenda for trade secrets and personal data.

The agenda reflects the existing maturity level and develops towards a feasible level of ambition. Gaining an overview and insight into the effective organization of business activities is the starting point for the agenda. A strategic agenda for trade secrets and personal data is meaningful if there is support among management and employees for the implementation of a plan of action. When elaborating the strategic agenda, knowledge and change management are necessary to create support, to make use of the implicit knowledge of employees and to estimate the change capacity of management and employees.

What is the relationship between a strategic data agenda and a privacy statement?

Companies publish a privacy statement on their website and it is based on the strategic data protection agenda of the company management. The trade secret statement is an internal document that serves to demonstrate the effectiveness of the trade secret security measures in the event of a breach.

Could we see the strategic agenda data as a framework for the “digital transformation” that many companies are going through?

That’s how you could see it. The explicit naming of trade secrets and personal data based on the strategic agenda data approach shows what the “crown jewels” of the company are. It makes it clear that management expects adapted/increased protection for this data. The relationship between trade secrets and personal data offers the company the opportunity to combine management and security measures. That is more effective and cost efficient.

Does privacy law provide a basis for other laws and regulations?

More and more legislation uses the rules and elaboration of privacy laws. The AI Act is a prime example. Duthler Associates takes an integrated approach to its service delivery, awareness and training programs and tooling development.

Latest new

Uber fine decision “privacy rights of those involved, you better take them seriously”

With the recent fine decision of the Dutch Data Protection Authority (AP) of December 11, 2023, the …

Privacy and information security undeniably belong together.

By: Ans Duthler and André Biesheuvel Introduction Privacy and information security undeniably belong…

You need LEF to properly organize business activities

Introduction For company management and management, knowing the Legal Entity Framework (LEF) of thei…

Most important findings on privacy baseline measurements

We have been supporting organizations in various sectors with data protection and privacy issues for…

Privacy professionals very enthusiastic about new release SBC Management system

Properly organizing your privacy administration SBRPowerhouse has released a new release of the SBC …

Where is the accountant?

EDPS Conference The EDPS Conference 2022 recently took place. This year’s topic was ‘Eff…

Do you have any questions or would you like to make an appointment?

Do you have questions about organizing, implementing or building privacy protection, accountability and/or AI? Don’t hesitate to contact us!