Support Centre

Netherlands

Summary

Law: Act Implementing the GDPR (in Dutch here) (an unofficial English version of the Act is available here) ('the Act') and the General Data Protection Regulation (Regulation (EU) 2016/679)

Regulator: Dutch data protection authority ('AP')

Summary: Netherlands implemented the GDPR in 2018 and utilised its legislative freedom to derogate from the GDPR in certain areas. In particular, under the Act, Chapter 3 of the GDPR (regarding data subjects' rights) does not apply where personal data is processed for either journalistic purposes or for the purposes of academic, artistic, or literary expression. The AP has released several guidelines and explanations on topics such as data security, financial data, and direct marketing. In its guidance on the use of cookies, the AP stated that the use of cookie walls violates the GDPR. Regarding its enforcement of the Act, the AP has investigated and issued decisions on several topics including, for example, violations of the right of access and right to erasure. Sanctions are outlined in its policy rules and are categorised into specific categories with corresponding bandwidths.

News

Insights

August 2022

Netherlands: Code of conduct for Smart Grid Management - What you need to know

On 3 May 2022, the Dutch data protection authority ('AP') approved the code of conduct for Smart Grid Management ('the code of conduct'). The approval of the code of conduct is conditional on the AP’s approval of a supervisory body for the code of conduct, to be established within the next two years.

In this Insight article, Chantal Van Dam, from Hogan Lovells, and Fenneke Buskermolen explore the different layers of the code of conduct, further highlighting the obligations, compliance, and supervision structure it sets out, as well as next steps in light of the code of conduct's approval.

June 2022

Netherlands: Cybersecurity

April 2022

Netherlands: Update on the bill on the Data Processing by Partnerships Act

The bill on the Data Processing by Partnerships Act ('WSG') aims to provide a legal basis for the processing of personal data by designated partnerships and further constitutes a framework with a number of general rules with regard to the tasks, structure and functioning of these partnerships. Anouschka Van de Graaf, Senior Associate at Dentons, discusses the purposes of the bill, alongside concerns regarding its contents.

January 2022

Netherlands: Dutch Data Protection Authority guidance on smart cities

In July 2021, the Dutch Data Protection Authority, Autoriteit Persoonsgegevens ("AP"), published their guidance for smart cities and the development of smart city applications. This guidance is intended for municipalities in the Netherlands that plan to, or currently, collect and process personal data in a public space with the use of smart sensors and measuring equipment. The AP has deemed this guidance necessary as municipalities in the past have not always paid sufficient attention to the applicable privacy legislation, such as the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Chantal van Dam and Femke van der Eijk, of Hogan Lovells, discuss the guidance in this article.

November 2021

Europe: COVID-19 vaccination status - What can employers collect?

With restrictions being lifted across Europe and businesses planning their return to the office, many employers, in an endeavour to prevent the spread of COVID-19, are faced with the dilemma of whether they can require their employees to be vaccinated or to show proof of their vaccination status. Besides the health and safety concerns associated with the introduction of such measures, there are also some key privacy-related considerations. In particular, an individual's vaccination status falls within the scope of health data under Article 4(15) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and is therefore a special category of personal data under Article 9 of the GDPR, meaning processing is generally prohibited, unless an exception applies.

This article outlines the local requirements in the UK, Germany, the Netherlands, France, and Italy.

October 2021

Netherlands: NOREA Privacy Control Framework

September 2021

Netherlands: Amendments made to the Dutch Telecommunication Act

On 1 July 2021, an amendment1 to the Telecommunications Act 1998 (as amended) ('the Telecommunications Act') came into force, requiring opt-in consent to telemarketing. Chantal Van Dam and Femke van der Eijk, from Hogan Lovells, provide a brief overview of what impact the amendment has had on the Telecommunications Act.

September 2021

Netherlands: Protection of children's data

This article addresses the data protection rules for children that apply in the Netherlands. It elaborates on specific requirements enshrined in EU and local data protection law and guidance and considers enforcement actions of the Dutch data protection authority ('AP'). Furthermore, it introduces the Dutch Code for Children's Rights ('the Code') and explains the principles of the Code and how companies may benefit from it. Chantal van Dam, Senior Associate at Hogan Lovells LLP, discusses this topic and its nuances.

August 2021

Netherlands: Data Protection in the Financial Sector

June 2021

Netherlands: Health and Pharma Overview

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.
Feedback