Legal audit

Through CyberContract, you have access to a wide range of legal services provided by our specialized partner Johan Vandendriessche.

Below you find more detailed information on some of their services :

actions 15 

Contractual limitation of risks and damages

actions 16

Processing of personal data

actions 17

Protection of company data



actions 15   Contractual limitation of risks and damages


Legal position vis-à-vis suppliers, service providers and clients

If you use suppliers or service providers, your legal position in relation to contractual issues will usually be determined by the contents of your agreement. This also applies for engagements towards your customers:

  • What is the quality level of the agreed services? Is it possible to deliver this agreed quality level correctly? Are the SLAs described in a correct manner? Do penalties apply?
  • Is the SLA sufficient for the company? This is critical if your company uses a service provider for the management of a process that you use to provide a service to your customers. A 24/7 SLA vis-à-vis your customers can only be guaranteed if your service provider also covers this SLA on a 24/7 basis (“back-to-back coverage”).
  • What has been agreed in relation to liability and penalties? Are the engagements with clients and suppliers properly aligned and do they adequately cover your liability? If not, make sure that you assess your need to insure the remaining risks. For instance, if you convene a liability cap of 1.000.000 € vis-à-vis à client for a service that is entirely subcontracted, it would be prudent to impose the same liability on your subcontractor.
  • Have you mirrored your specific engagements vis-à-vis clients in your supplier agreements? If your clients provide confidential information or personal data, you need to ensure that you impose the relevant contractual provisions on your subcontractors as well.
  • Do you have policies for subcontractors? Many clients impose policies and ethical codes that you must impose on employees and suppliers, for instance security policies in relation to the use IT equipment or networks.

A clear agreement is the best guarantee to prevent costly proceedings. A clear agreement prevents disputes or, at the very least, enables you to settle disputes quickly out-of-court.

Make sure that your agreements have been screened by an expert!


Legal position vis-à-vis employees

  • In a digital world, it is recommended to regulate the use of technologies. Employees are usually not aware about the risks of their conduct. Even employees that act in good faith may cause damage to a company, due to carelessness or due to a lack of knowledge. Policies are the most effective tool to raise awareness, e.g. a policy in relation to the use of IT tools, use of the internet and e-mail, ...
  • Employees have a key role in any company, but the interests of the employer and the employees may still be conflicting.
    • What are the limitations to the right of the employer to supervise his employees? Which surveillance is possible without infringing the privacy rights of the employees?
    • What happens with company e-mail accounts? How can this e-mail be used in court as evidence? Again, proper advice will prevent expensive legal proceedings or worse, the rejection of your evidence due to a breach of privacy.



actions 16   Processing of personal data


Think about auditing your data processing operations in due time

It is better to prevent than to heal. This proverb also applies to the development of a policy in relation to the processing of personal data. The Belgian legislation imposes a lot of limitations if you process personal data. These limitations may have an impact on the manner in which you process personal data. For instance, if you send direct marketing by e-mail, a principle of soft opt-in (prior consent with some exceptions) applies. It would be a mistake to elaborate a marketing campaign without thinking about the requirement of the prior consent. If you seek advice on data protection at an early stage of your project, you may avoid wrong choices and lost investments and time. Make sure that your projects are screened from a legal perspective.



If you have many ongoing data processing activities without having properly documented them, it may be prudent to perform a (limited) audit of your ongoing activities. This will help to ensure compliance and to limit or avoid issues with the data subjects and the regulatory authority. At any rate, you are already required to document your data processing activities.


Contact with data subjects and the regulatory authority

It can happen that a data subject contacts you with questions about his privacy rights or to exercise the rights that are granted to him by data protection law, for example his right to correct incorrect personal data relating to him. The law provides how and when you should comply with this request. If something has gone wrong, a data subject may file a complaint with your company or with the regulatory authority. Each year, the Belgian Commission for the protection of privacy receives a great number of complaints. If you are unsure what you should do or if you fear the consequences of further steps, you may want to seek external advice.



actions 17  Protection of company data


Intellectual property rights: does your company have the rights it needs?

Model documents, software, databases and manuals are just a few examples of assets that are necessary for the conduct of business, both internally and externally. Many companies do not adequately secure the intellectual property rights they need for their business. Do the license agreements provide the required rights? Did the employees and service providers provide a correct license or did they assign their intellectual property rights in relation to the materials they developed on behalf of the company? Did you know that employees do not automatically assign their copyrights to their employer, not even for copyrighted materials they create as a result of their employment contract? A preventive approach is necessary to avoid problems. If an employee leaves employment, it could lead to a situation where the company is no longer entitled to use the materials created by that employee, for instance a dismissed employee that insists on his copyrights.


Confidentiality agreements: a contractual necessity

Do you provide sensitive or confidential information to third parties (clients or suppliers)? If you do, you should know that Belgian law usually provide no protection or only very little protection to confidential information (an example of a limited legal protection is the regime of industrial secrets). A contractual arrangement is always required. In that case, the protection of your confidential information depends on the legal quality of the confidentiality agreement that you use. Also make sure that you do not end up in a situation where you receive confidential information subject to a confidentiality obligation and where you further distribute this information without confidentiality arrangements.


Follow us

linkedin facebook twitter  email

Contact us

Do you have any questions about your contract, your invoice or do you want information about our products and services? Please fill out the contact form.

Contact us


If you are interested in a CyberCrime policy, you can request an offer here. You only need to provide us with some basic information.

Calculate now