IT law: omnipresent in the digital age

In the current digital age, it is nearly unthinkable for companies to do business without encountering information technology. Your company has contact with customers via its website, collects data from customers online or has already expanded its business with a web shop (e-commerce). Invoices are, of course, often sent online. It should therefore come as no surprise that IT law has developed into its own branch of law.

Specialists with technical knowledge

When you are expanding your company’s digital activities, e.g. by creating an informative website or by selling your products via a web shop, you can count on the assistance of our lawyers specialising in IT law. As far as IT law is concerned, not only a thorough knowledge of the law is required, but also a certain technical knowledge is essential in order to be able to answer your IT-related questions. While others get nervous when thinking of source codes, ERP implementation or other digital riddles, our IT specialist Jan Peeters feels completely at ease when it comes to technology.

Website & web shop

By the way, did you know that you are obliged to provide certain information on your website? You can find more information in our publication Verplichte vermeldingen op mijn website: een must?.

Our firm ensures that your general terms and conditions are tailored to the specific characteristics of e-commerce (which is subject to specific rules, such as a right of withdrawal for consumers) and helps you to draw up a disclaimer that protects your company against digital risks. Not to mention the compulsory information that you have to put on your website for the protection of personal data (GDPR regulations) if you collect customer data via your website (e.g. via a contact form or login profile).

Software development

Almost every company has a website or web shop nowadays. However, genuine IT companies, that develop software or collect and analyse big data, are confronted with several other, often complex, IT-related questions and problems.

If your company develops software, we can assist you with the drafting or review of software agreements (e.g. SLA or service level agreement) or software licenses (e.g. EULA or end-user license agreement). This is a very specific subject matter, in which the legal and technical knowledge of our IT team comes in convenient. An important point of attention in this context is also the copyright on software. Although software itself can be of great value, practice has shown us that it is rarely arranged who owns the copyright. Because of our specialisation in both IP law and IT law, we can assist you with this issue. Should a dispute arise about your software, we can also represent you in legal proceedings.

GDPR: European protection of personal data

As we are sure you have noticed, new rules on the protection of personal data apply in Europe since 25 May 2018. More specifically, this concerns the much-discussed European General Data Protection Regulation. In our blog you will find more information about the GDPR: De GDPR binnen mijn onderneming: geen reden tot paniek. Similar data protection legislation has been in place since 1992 (Privacy Act) in Belgium, but the new legislation contains some new concerns and requirements.

Principles of privacy protection

The principle underlying the privacy regulations is that companies should handle the personal data of their customers and employees with care and awareness. To this end, there are several rules that prevent these personal data from being up for grabs or misused for improper purposes. You can rely upon our firm to overhaul whether your company is managing personal data correctly. You may also have a data protection officer (DPO) in your company. More information about the role of the DPO can be found in our publication De functionaris voor gegevensbescherming: nu maatregelen nemen.

Free privacy models available on our website

On our website we offer some free model documents, which can help you on your way to making your company ‘GDPR-proof’. These include a privacy and cookie statement, , a privacy statement between employer and employee and a processing agreement. These documents need to be redrafted to be in line with the specific needs of your company and activities. If desired, we can assist you in finalising and fine-tuning these models. You must also keep a register of all personal data in your company’s possession. This can be done in a simple Excel file or using one of the many models that you can find online. In this way you have an overview of the personal data and you can easily deal with complaints or questions from your customers. After all, the privacy regulations offer your customers a lot of rights, such as a right to change and delete the data.

Privacy and cookie statement: required if you collect personal information from your website

The privacy and cookie statement is, among other things, relevant to the personal data that (potential) customers enter via your website, such as the name and e-mail address for a contact form. The personal data that can be provided on your website, the purposes and legal grounds of the processing of these personal data as well as the retention period must be disclosed. You must also inform the customer whether his personal data will be disclosed to third parties. If so, it is of course also relevant to which third parties. The communication of personal data to third parties seems far-reaching, but in practice it is not: you will probably collect the data of your customers in some sort of software, so that the data will also be visible to the software supplier. It is also important that strict rules apply to direct marketing (i.e. advertising messages for products or services) with regard to customers. For example, when requesting personal data, the customer must be asked immediately whether he wishes to exercise his right to object to direct marketing.

As far as cookies are concerned, you must indicate what type of cookies your website uses and for what purposes. The use of cookies is only permitted on condition that the user has given his consent after being informed about the cookie policy..

Privacy statement between employer and employee

As an employer, you are not only obliged to handle the personal data of your customers with care, but your employees must also be informed about the processing of their personal data. This can be done by means of a privacy statement between employer and employee, which can be added as an addendum to the employment contract.

You may not always think about it, but employers possess a lot of information about their employees: not only the name, but also the e-mail address, the telephone number, the date of birth, the national register number, the bank account number, the family composition, etc. are usually in the possession of the employer. In fact, a lot of this information is necessary to be able to execute the employment contract (e.g. national register number for taxes and social security, account number for the payment of wages).

Furthermore, the data of the employee are usually communicated to at least one third party, i.e. the social secretariat of the employer. Passing on personal data to a third party is critically intended in the GDPR regulations, but this is also a necessity in the employment relationship. The employer therefore has quite some freedom to process the personal data of his employees. It is therefore even more important that the employee is correctly informed about the processing of his personal data.

Processing agreement: very important for software suppliers

The processing agreement sets out the rights and obligations of the data controller and the processor (who processes personal data on behalf of the data controller). The term ‘processor’ can apply quite quickly as the processing of personal data is understood in a broad sense. In practice, a software supplier is almost always covered by the term ‘processor’. The software supplier makes software available to a company (the data controller) who will enter personal data (e.g. of his personnel), after which the data controller can use the software to process these personal data. However, if the software supplier makes backups, cloud applications, etc., he too ‘processes’ the personal data and is therefore considered a processor.

A processing agreement must therefore be concluded between the processor and the data controller, which clearly states how the personal data are processed, which security is applied, etc.

Euregional or international entrepreneurship? Quasi-uniform protection in Europe

If you do business across borders, you may also collect personal data from individuals from different countries. This is not so problematic in the European Union, as GDPR regulations apply throughout the EU. Nevertheless, you should bear in mind that each member state has certain special rules. Enforcement by the competent supervisory authority (privacy commission) also generally differs. If you also collect personal data from outside the European Union, there is often a discourse between the obligations under European regulations and other regulations, such as those of the United States. We can, of course, assist you in the proper management of foreign personal data.

IT LAW | Peeters Euregio Law