Data protection and privacy—Netherlands—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Data protection and privacy—Netherlands—Q&A guide
  • 1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?
  • 2. Which authority is responsible for overseeing the data protection law? Describe the investigative powers of the authority.
  • 3. Are there legal obligations on the data protection authority to cooperate with other data protection authorities, or is there a mechanism to resolve different approaches?
  • 4. Can breaches of data protection law lead to administrative sanctions or orders, or criminal penalties? How would such breaches be handled?
  • 5. Does the data protection law cover all sectors and types of organisation or are some areas of activity outside its scope?
  • 6. Does the data protection law cover interception of communications, electronic marketing or monitoring and surveillance of individuals? If not, list other relevant laws in this regard.
  • 7. Identify any further laws or regulations that provide specific data protection rules for related areas.
  • 8. What forms of PII are covered by the law?
  • 9. Is the reach of the law limited to PII owners and processors of PII established or operating in the jurisdiction?
  • More...

Data protection and privacy—Netherlands—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to data protection and privacy in Netherlands published as part of the Lexology Getting the Deal Through series by Law Business Research (published: June 2020).

Authors: Rutgers Posch Visée Endedijk NV—Inge de Laat; Margie Breugem

1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?

As of 25 May 2018, the European Union General Data Protection Regulation (GDPR) has been applicable in the Netherlands. As the GDPR is an EU regulation, the various rights and obligations as described in the GDPR are immediately enforceable in the Netherlands. The GDPR allows member states to implement rules regarding specific topics, for example, the designation of the Dutch Data Protection Authority (the Dutch DPA). This means the Netherlands has, besides the GDPR, a national data protection law as well (Dutch implementing law of the GDPR).

Further, a new ePrivacy Regulation will soon enter into force which will repeal Directive 2002/58/EC, also called the Cookie Law. In January 2017, the first proposal text of the regulation was published.

Other relevant laws are the Dutch Constitution, the Dutch Telecommunication Act, which imposes various obligations to service providers providing e-services, the Voting law,

Related documents:

Popular documents