Blue Ocean View

Blue Ocean View

Data Protection Officer
at your service

General Data Protection Regulation expertise
in English, Nederlands and Français



GDPR is not there to kill your business. It's a new strategic conversation with your suppliers and your customers. The data protection officer is the interface between GDPR and the business opportunity.

It defines the rule of the game in which personal data are processed. But in reality, it's seldom a clear-cut situation. Several apparent pseudonymized or anonymised data sources have still the potential to 'single out' an individual after correlating the different data sets. As described in Article 35, new analytical technologies might need a data protection impact assessment. A DPIA is a report, prior to the processing, to evaluate the possible risks and consequences of the envisaged processing operations on the protection of personal data. For this assessment, the controller shall seek the advice of a data protection officer.



Article 6 of the GDPR offers the specific framework in which personal data can be processed. The data protection officer shall, together with the controller's management, define the appropriate context in order to make data processing lawful.

Processing personal data by a controller is 'lawful' only if and to the extent that at least one the following applies: the person has given consent for one or more specific purposes; the processing is linked to the performance of a contract to which the person is party; there's a need to comply with a legal obligation or to protect the vital interests of the person; the processing is part of a task carried out in the public interest or in the exercise of official authority vested in the controller; or the processing is necessary for the purposes of the legitimate interests pursued by the controller.


The data protection officer will assist the controller's information security officer and/or ICT department to comply with the GDPR demands for appropriate technical measurements.

Article 25 demands data protection by design and by default. In time, the local supervisory authority will install certification mechanisms for the purpose of demonstrating technical compliance with GDPR. Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures.


YouTube movie clip of

General Data Protection Regulation

Algemene Verordening Gegevensbescherming

Règlement Général sur la Protection des Données

Definition (E)

This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

The free movement of personal data within the European Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.


Territorial scope

This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the European Union, regardless of whether the processing takes place in the European Union or not.

definitiE (NL)

Bij deze Verordening worden regels vastgesteld betreffende de bescherming van natuurlijke personen in verband met de verwerking van persoonsgegevens en betreffende het vrije verkeer van persoonsgegevens.

Deze Verordening beschermt de grondrechten en de fundamentele vrijheden van natuurlijke personen en met name hun recht op bescherming van persoonsgegevens.

Het vrije verkeer van persoonsgegevens in de Europese Unie wordt noch beperkt noch verboden om redenen die verband houden met de bescherming van natuurlijke personen ten aanzien van de verwerking van persoonsgegevens.

Territoriaal toepassingsgebied

Deze Verordening is van toepassing op de verwerking van persoonsgegevens in het kader van de activiteiten van een vestiging van een verwerkingsverantwoordelijke of een verwerker in de Europese Unie, ongeacht of de verwerking in de Europese Unie plaatsvindt.

Définition (FR)

Le présent Règlement établit des règles relatives à la protection des personnes physiques à l'égard du traitement des données à caractère personnel et des règles relatives à la libre circulation de ces données.

Le présent Réglement protège les libertés et droits fondamentaux des personnes physiques, et en particulier leur droit à la protection des données à caractère personnel.

La libre circulation des données à caractère personnel au sein de l'Union Européenne n'est ni limitée ni interdite pour les motifs liés à la protection des personnes physiques à l'égard du traitement des données à caractère personnel.

Champ d'application territorial

Le présent Règlement s'applique au traitement des données à caractère personnel effectué dans le cadre des activités d'un établissement dun responsable du traitement ou d'un sous-traitant sur le territoire de l'Union européenne, que le traitement ait lieu ou non dan l'Union européenne.

YouTube movie clip of lus Laboris UK - Lewis Silkin