GDPR starter kit for lawyers + notaries

Lawyers + notaries have separate professional rules alongside GDPR: Dutch Lawyers Act + Notaries Act + bar association codes. Reconciliation with GDPR: (1) Professional secrecy (Lawyers Act Art. 11a, Civil Code 7:457) is exception to many GDPR rights — e.g. opposing party access to dossier not possible. (2) Case management: minimum 7 years (financial + identity), 5-10 years for procedural file, longer if business relevant. (3) Notary archiving: notarial deeds 100+ years (Wna). Strict security required. (4) Opposing party communication: client data may be stated in correspondence to other party for case purpose. Don't share own data unnecessarily. (5) Conflict check: contact info new case vs. existing clients — legitimate, may be in CRM, secured. (6) Cloud tools (Microsoft 365, Dropbox, NetDocs, Clio): DPA + Schrems II TIA + extra encryption. Some Dutch courts impose extra cloud-storage requirements for case files. (7) Email to client: secure portal (Egnyte, Sharepoint, NetDocs) or encrypted email (PGP, Office 365 IRM). WBTR + NOvA liability: on data breach + negligence both WBTR (civil) and NOvA (disciplinary, possibly suspension) can follow. Liability insurance mandatory for lawyers, often privacy extension needed.