Firms To Watch: Data privacy and data protection

Holla Legal & Tax advises niche and innovative companies across a range of sectors, including IT, recruiting and gaming, on global data processing and data transfers; Kim de Bonth heads the data privacy practice.
Led by Saskia Vermeer-De Jongh, HVG Law LLP has a niche specialism in advising governing bodies in Dutch sport on data protection and privacy compliance and litigation strategies following investigations by the Dutch DPA.
Founded in April 2022 as a boutique IT and privacy firm, Turing Law works on healthcare and life sciences sector-focused data protection mandates concerning the processing of sensitive data, including impact assessments and the protection of scientific research; Huub de Jong and Tom de Wit lead the practice.

Data privacy and data protection in Netherlands

Bird & Bird

Recently promoted partner Berend Van Der Eijk and senior counsel Wilfred Steenbruggen lead Bird & Bird’s data privacy and data protection practice. Leveraging its global presence, the Dutch team plays a key role as a hub to mainland Europe and is sought out for complex, cross-border data protection, compliance and contentious matters. The pair lead the team on mandates relating to new technologies and the interplay with sector-specific regulation, such as healthcare, telecoms and the fintech regulation. The team not only supports clients with all aspects of data transfers but also deals with data localisation. Associates Chloë Baartmans and Shima Abbady are key members of the team.

Practice head(s):

Berend van der Eijk; Wilfred Steenbruggen

Other key lawyers:

Chloë Baartmans; Shima Abbady


‘Very hands-on, business-minded lawyers, using technology tools for clients that help them manage risk in multiple countries.’

‘Berend van der Eijk is very knowledgeable and always able to quickly analyse the issue and provide pragmatic advice and risk analyses.’

‘The team understands that data privacy & data protection isn’t solely about GDPR and ePrivacy, but also about other (emerging) regulations and directives, such as the DSA, NIS2 and AI Act. Importantly, they apply their knowledge specifically to the SaaS (& TMT) context.’

‘Berend has the extraordinary ability to carefully analyse your situation and challenges and then help weigh the benefits and risks of a variety of options from both a business and legal point of view. Whilst listening to or reading Berend’s advice, it becomes clear that he has expert knowledge of data privacy in general, our sector, and regulatory enforcement.’

Key clients


Teva Pharmaceuticals





Nuts Groep




European Commission

Domino’s Pizzas


Work highlights

  • Advising Teva Pharmaceuticals as the Data Protection Officer on daily data protection law compliance.
  • Appointed by the European Commission to advise on international data transfer mechanisms as well as its ground-breaking European Blockchain Services Infrastructure (EBSI) project.
  • Advising a leading global payment provider on data protection law compliance.


Brinkhof is sought by by high-profile international and domestic clients in the TMT and online platform sectors for assistance in non-contentious and contentious matters and representation in business-critical data mandates. Practice head Quinten Kroes is the main name for data protection-related litigation, such as defending giant tech and social media companies in investigations by the Dutch Data Protection Authority. Associate Manon Oostveen is also active in this field. Remy Chavannes advises clients on matters that intersect data privacy and media law, while Dorien Verhulst is a key contact for lawful interception and works with counsel Anke Strijbos on right to be forgotten GDPR cases.

Practice head(s):

Quinten Kroes

Other key lawyers:

Manon Oostveen; Remy Chavannes; Dorien Verhulst; Anke Strijbos


‘The level of understanding of data protection, telecommunications, related developments, and the overall level of knowledge they have readily available is truly noteworthy.’

‘The team is up to date and upfront in their knowledge and makes the correct assessment between practical solutions and more in-depth visionary advice. The team is young, diverse, easily accessible and flexible.’

‘Quinten Kroes is on top of the latest developments, really thinks with you and goes beyond only the formal legal rules to turn things into practical applicable solutions. He cares about his clients and considers clients’ positions in his advising.’

‘Brinkhof is a law firm that I always recommend to others to work with. Although it may be regarded as fairly small in comparison to other well-known firms, The level of engagement and output of its data privacy and protection and telecoms practices are a high standard.’  

‘What makes the individuals at Brinkhof stand out is their personal approach to the working relationship, the level of understanding they have of not only the sector or industry we are in, but also the way we would like to operate as a business. The advice is directly applicable and to the point. Specific mention goes out to Quinten Kroes.’

Key clients



DPG Media



Foot Locker



Duchenne Parent Project



Work highlights

  • Representing VoetbalTV in litigation against the fine imposed by the Dutch DPA regarding the legal basis under the GDPR for its filming and online distribution of amateur football matches.
  • Advising Google on various matters including the data protection impact assessment and subsequent negotiations regarding the potential use of Google’s cloud services by government bodies and public sector users.
  • Advising DPG Media in its appeal against a large fine imposed by the Dutch DPA for its policy of requiring data subjects to submit a copy of their IDs if they sought access or removal of their personal data.

De Brauw Blackstone Westbroek

De Brauw Blackstone Westbroek‘s full-service privacy, data and cybersecurity team forms a major part of the firm’s regulatory enforcement and litigation practice. The team, led by Geert Potjewijd and recently promoted partner Axel Arnbak, defends international clients in enforcement actions by supervisory authorities and in mass data infringement claims. Supporting clients in international cybercrime, data breaches and potential post-breach litigation adds an additional dimension to the practice. Litigator Arjan Kleinhout, who made partner in March 2022, and associate Mirjam van Dam are key members of the team, taking on data infringement cases.

Practice head(s):

Geert Potjewijd; Axel Arnbak

Other key lawyers:

Arjan Kleinhout; Mirjam van Dam


‘They bring a sophisticated, inclusive approach to the litigation. They show their experience on the legal questions, as well as on matters of policy, technology, and business concerns.’

‘A strong point of the DBBW Data Protection team is that if needed, experts in other areas of law that might be relevant can be added to the team on a need-to-need basis, which is efficient and cost effective.’

‘We have a long and good working relationship with Axel Arnbak, he is our key contact on data protection matters.’

‘The support is very professional, dedicated and great on a technical and strategic level. Commits itself to pro bono support.’

‘All team members are supportive and competent.’

‘Geert Potjewijd is a strong leader. He knows the law and thinks strategically to achieve the best possible results. Axel Arnbak is very knowledgeable about privacy issues and policy. Mirjam van Dam is a standout senior associate who is knowledgeable and capable.’

‘The team has a superb knowledge of both data protection & privacy as well as procedural & administrative law. This combination is hugely relevant in cases of investigation & enforcement as well as litigation, including mass claims.’

‘Sharp minds which are able to tune in to our fast pace and even go beyond that, while maintaining a very high level of quality and consistency.’

Key clients

Salesforce, Inc.


Uber International B.V.

TikTok Technology Limited

Public Interest Litigation Project

Work highlights

  • Acted as lead counsel for Salesforce in a high-stakes unprecedented mass claim proceeding against Salesforce and Oracle for alleged GDPR infringements.
  • Represents Meta in mass claims litigation for alleged data protection violations related to Facebook, initiated by a claims foundation and the Dutch Consumer organisation.
  • Acts as lead counsel for Uber before the Amsterdam Court concerning access to personal data, related information about automated decision making and the right to data portability under the GDPR.

Hogan Lovells International LLP

Head of Hogan Lovells International LLP's Dutch data protection and privacy team Joke Bodewits is also a key practitioner in the collective EU cybersecurity team, leading and coordinating complex and strategic privacy and cybersecurity projects and pitches. Bodewits represents numerous clients before various supervisory authorities across Europe, frequently handling enforcement actions. Senior associate Chantal Van Dam advises international and domestic companies on global data retention and transfer strategies. Van Dam also supports clients in transfer impact assessments, agreements and assists with regulatory enforcement actions following cyber incidents.

Practice head(s):

Joke Bodewits

Other key lawyers:

Chantal van Dam; Fenneke Buskermolen


‘Very strong team, exceptional knowledge about data privacy.’

‘Joke Bodewits, is a top rate lawyer. Engaging, commercial and extremely knowledgable. What sets her apart is not just her industry and regulatory insights but her ability to apply law in a commercially realistic manner.’

‘Chantal van Dam is extremely knowledgeable, available and always delivers agreed projects on time. She explains difficult matters in a clear and simple way making complicated legal matters accessible even to those who are not lawyers. I really enjoyed working with Chantal and would definitely recommend her to colleagues.’

‘Joke Bodewits is not only a very kind and warm person with a good dose of humour, but she is also on top of all developments in the practice area, and has an enormous amount of knowledge. Each time we speak you learn something new.’

‘Joke Bodewits, Chantal van Dam, Fenneke Buskermolen all have exceptional GDPR knowledge and forward thinking skills. They have a very good understanding of new technologies in combination with healthcare, making them stand out from other law firms.’

‘The cyber incidents practice is global in reach and extremely knowledgeable.’

‘Joke Bodewits makes sure I receive deliverables which are ready to use. She is very pragmatic; she thinks along and she asks the right questions.’

‘Joke Bodewits has outstandingly supported our important Dutch and Belgian deals with extraordinary ideas, explaining all technical hurdles.’

Key clients


Wolters Kluwer

Zimmer Biomet

Amylyx Pharmaceuticals






Work highlights

  • Assisting with strategic advice on its data privacy and governance, and use and optimalisation of data, including personal data, on a day-to-day basis.
  • Assisting Insulet with strategic advice on data protection compliance matters, including data protection, e-privacy and cybersecurity compliance.
  • Advising PVH in data protection, e-privacy and cybersecurity matters.

Kennedy Van der Laan

Kennedy Van der Laan has ‘unique expertise in the area of cybersecurity’. Head of the data protection practice Hester de Vries is testament to this, advising public sector and private sector clients, operating in complex new digital ecosystems, such as digital payments and gaming, on data protection governance. De Vries also represents clients against imposed fines by the Dutch Data Protection Authority and is a key contact for public sector clients investigating data-related issues. Experienced litigator Quirine Tjeenk Willink is known for representing clients in enforcement and fining procedures. Senior associate Elise Troll advises clients on the implementation of privacy compliance in healthcare apps, data sharing platforms and smart traffic solutions. Senior associate Rosalie Brand adds another layer to the practice, specialising in cyber incidents. The arrival of Judica Krikke from Stibbe, where she led the IT, IP and data protection teams, strengthens the practice further.

Practice head(s):

Hester de Vries; Quirine Tjeenk Willink

Other key lawyers:

Elise Troll; Rosalie Brand; Judica Krikke


‘Strong expertise in cybersecurity and especially Ransomware incidents. Also, highly professional and flexible.’

‘Unique expertise in the area of cybersecurity.’

‘The lawyers in the privacy team of Kennedy van der Laan are extremely knowledgeable in the field of privacy. Their advice meets the needs of our organization in this field.’

‘The practice is unique due to the possibility of a multidisciplinary approach in a file. Potential clients want to know the experience of the lawyers in their field of attention. Compared to other firms, Kennedy van der Laan is in our opinion one of the top firms.’

‘Hester de Vries, Elise Troll and Cees Plaizier all stand out because of their personal approach, with a detailed attention to the client combined with their experience and knowledge in the field of privacy.’

Key clients


Royal Schiphol Group



Stichting BKR


Translink Systems B.V.


Stichting Aidsfonds

Work highlights

  • Advising Translink on setting up data protection governance, data protection compliance and a data protection arrangement between the parties involved in the new OV-pay ecosystem.
  • Advising Northwave on obligations for the Dutch Data Protection Authority, Authority Financial Markets, National Cyber Security Centre and other supervisory authorities.
  • Representing Stichting BKR in proceedings against the Dutch Data Protection Authority and advising on GDPR compliance.

Pels Rijcken & Droogleever Fortuijn NV

Pels Rijcken & Droogleever Fortuijn NV frequently represents data intensive public sector clients in matters involving data access rights, the right to be forgotten and the use of innovative data collection methods. The firm also acts for plaintiffs in data-related mass claims and advises both public and private sector clients on managing data breaches. Head and focal point of the data protection and privacy team Gerrit-Jan Zwenne is the key contact for clients, advising various ministries of the government, leading insurance companies, data privacy foundations and sporting associations in contentious and non-contentious data matters, namely GDPR compliance, supervisory investigations and incident responses. Marte Van Graafeiland routinely works on data breach responses and innovative data projects for public sector clients.

Practice head(s):

Gerrit-Jan Zwenne; Marte van Graafeiland


‘Gerrit-Jan Zwenne is an absolute legend in privacy law. In addition, he has been introduced as the best in the daily practice of our company. He is professional, has so much knowledge and is a very good communicator.’

‘Gerrit-Jan Zwenne is always close to us in discussions we have with the supervisory authority for the GDPR. We check our strategies with Gerrit-Jan and he is able to visit our premises for advice and training our staff.’

‘Gerrit-Jan Zwenne is for us the authority to go to in relation to questions, advice, collaboration and help on the matter of Privacy.’

‘In our mind there is no better expert in the privacy field than Gerrit-Jan Zwenne.’

‘It is impressive how the team has developed in recent years in this rather traditionally oriented law firm. They are now among the best in the field of data protection.’

‘Gerrit Jan Zwenne is an authority in data protection legislation and case law. His advice is practical though built upon a thorough understanding of daily practices, new technologies and the interpretation of hard to grasp legislation. Having Gerrit Jan Zwenne on your side in legal challenges, literally reduces stress levels. The rational and steady approach is highly appreciated.’

‘Very professional varied team with excellent performance. Scientifically based advice with practical indications. Spot on. Very good knowledge of how supervisor thinks and acts.’

‘Gerrit Jan Zwenne is spot on and combines science and practice in an accessible way. A brilliant thinker who oversees the whole picture and is able to present the key issues on a plate.’

Key clients

Achmea Zilveren Kruis

Dutch Railways

Data Privacy Foundation

Consumer Association


Ministry of Justice and Security & Ministry of Economic Affairs

Van Doorne

Vastly experienced IT and privacy law specialist Elisabeth Thole leads Van Doorne’s privacy team, which focuses on GDPR compliance matters, mass and recourse claims, multi-jurisdictional data breaches and the implementation of data infrastructure. Counsel Özer Zivali is a key name to note for his broad range of work in the cyber security space, such as cross-border enforcement matters and advising on complex data sharing structures, as well as the implementation of innovative data technologies.

Practice head(s):

Elisabeth Thole 

Other key lawyers:

Özer Zivali 


‘The team is very dedicated and brings a lot of relevant knowledge and experience to the table. Their responses are always quick and set expectations correctly.’

‘Elisabeth Thole stands out as she is thorough, highly experienced and knowledgeable. She has strong legal views, insights and opinions and shares these regularly. Özer Zivali has grown to be a very senior lawyer in this field and strengthens the team with his own qualities and ever-increasing knowledge and experience.’

‘The hard-working team has established over the years a reputation that goes beyond the Dutch borders. The team is internationally well connected, highly diverse and has sound market knowledge. It is always a pleasure working with the team, which is a powerhouse.’

‘Elisabeth Thole is one of the leading figures in Netherlands and European data protection law. She is well known for her expertise and business approach. She knows how to deal with big cases and clients. She also allows her team to grow. Özer, who is a laywer in her team, did benefit a lot from Elisabeth and has become a very good data protection lawyer.’

‘Elisabeth Thole is one of the best in her field. In addition to her qualities, she thinks proactively with the client and is easily accessible.’

‘Elisabeth Thole and Ozer Zivali are very knowledgeable regarding privacy laws (GDPR) and give thorough advice to our company, reducing risks.’

‘A very strong data protection practice. Always very professional and accessible.’

‘Open minded, easy to connect and fast acting team members.’

Key clients








Havenbedrijf Rotterdam

Eindhoven University of Technology


Work highlights

  • Assisted GGD GHOR with the investigation started by the Dutch Data Protection Authority in February 2021 in relation to a data theft related to the processing of Covid-19 health data.
  • Assist TU/e with various data protection matters, including assisting it in respect of a large data breach.
  • Advising Havenbedrijf Rotterdam (Port of Rotterdam) on GDPR and other privacy-related matters.


Dentons‘ Amsterdam privacy practice, led by Marc Elshof, not only frequently advises multinational companies on critical data protection compliance but also increasingly works on regulatory responses to data breaches. With Elshof as the Europe TMT sector co-leader, the Dutch practice plays a valuable role in European-wide and global data protection projects. Senior associates Anouschka van de Graaf and junior associate Akkeroos Kremers are key supports to Elshof’s team, advising clients in the fintech, retail and leisure sectors.

Practice head(s):

Marc Elshof

Other key lawyers:

Anouschka van de Graaf; Akkeroos Kremers


‘Extremely knowledgeable but at the same time very practical in their approach. Very responsible, Dentons is a true partner for a company.’

‘Marc Elshof is very proactive, responsive and approachable. He understands the dynamics of our business operations and always provides to the point, practical advice.’

‘Marc Elshof’s team is young, ambitious and client focused. They are very keen on new developments, and I believe that is what makes a difference.’

‘Excellent team, thinks on their feet and is very capable in what they do.’

‘Marc Elshof has a deep understanding of our business, gives practical solutions and is a great resource for anything related to data privacy.’

‘Akkeroos Kremers is very smart, thorough and she has your back!’

‘Akkeroos Kremers is a rising star associate. She has both an excellent grasp of the subject matter and an uncanny ability to manage complex and difficult tasks. Highly organized and efficient, she has been the cornerstone of our global projects with Dentons – all of which have come in on time or early, on budget, and with outstanding results. Akkeroos has a very bright future.’

‘Marc Elshof is an outstanding data protection partner. He is responsive, practical, with an excellent view of the regulatory and market trends in the Netherlands and across Europe. He is particularly good at getting consensus views on difficult questions from across the EU and UK and providing the resulting advice in a usable format for companies.’

Key clients




Champion Petfoods

CNA Hardy


Foot Locker


ING Bank





Playa Hotels & Resorts





Stichting 113


The Student Hotel


Unibail-Rodamco Westfield




Work highlights

  • Advised SkyKick on building the compliance framework for the “Powered by SkyKick” delivery model.
  • Advising Aegon on reviewing its outsourcing documentation and arrangements with an eye on GDPR compliance.
  • Assisting Foot Locker with multi-jurisdictional cookie advice.

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer‘s data and cyber group works on implementing data compliance projects and high-stakes litigation, including class actions. The Amsterdam team leverages its global network and connections with the Dusseldorf and London offices to frequently advise clients on global data crises. Senior associate Mark Egeler heads the data and cyber practice, advising on e-privacy, data governance and crisis management. Head of the dispute resolution practice Rutger Kleemans works closely with Egeler. With the arrival of Tim Walree, a specialist in class actions following breaches of GDPR, the experience of the data-related litigation practice continues to grow.

Practice head(s):

Rutger Kleemans; Mark Egeler

Other key lawyers:

Tim Walree


‘The firm has knowledge and experience regarding GDPR matters and the ability to apply it to specific cases’

‘Freshfields has enough good experience, bringing weight to their data privacy and protection advice.’

‘The senior associate of the Freshfields data security team helps a lot for the M&A project that we are involved in. Debatable, agile and cost conscious for the client of the project. His actions and advice are obviously based on a lot of experience and skill.’ 

Key clients

Talpa Network

Goldman Sachs


Universal Music Group

Volkswagen AG

Essent NV


Huntsman Corporation

Liberty Global


Warburg Pincus


Oaktree Capital

Work highlights

  • Advised a leading US software company on different aspects of data-related collective actions in the Netherlands due to an announced class action by a leading Dutch claimant.
  • Conducted a comprehensive data protection compliance audit for a consumer insights company.
  • Advised a global technology company on a global data breach response situation.

Loyens & Loeff

Loyens & Loeff’s Dutch data protection and privacy team forms part of the cross-border multidisciplinary practice across the Benelux and Switzerland, enabling the team to deliver beyond domestic compliance and data breach assistance, as well as data-related contracting advice. Digital economy head Kim Lucassen specialises in privacy compliance in the financial and healthcare sectors. Attorney-at-law Céline Van Waesberge is sought out by clients in the life sciences industry for general compliance, data transfers, infrastructure and outsourcing advice. Attorney-at-law in the competition and regulatory team Jacobine van Beijeren also works on data protection and privacy compliance mandates in the pharmaceutical, healthcare and food industries.

Practice head(s):

Kim Lucassen

Other key lawyers:

Céline Van Waesberge; Jacobine van Beijeren


‘The privacy and data protection team has a pragmatic and business-oriented approach, all while the advice on legal requirements is provided in a clear and concise manner.’

‘The team has excellent knowledge of privacy law, pharmaceutical law, regulated markets and (international) contracts.’

‘Céline van Waesberge and Kim Lucassen are experts on privacy law, (international) contract law and pharmaceutical law. Their in-depth knowledge of the healthcare regulatory framework in combination with their knowledge on data protection are valuable and highly appreciated.’

‘Jacobine van Beijeren is an expert on data protection matters especially within the healthcare sector. Her in-depth knowledge of the healthcare regulatory framework in combination with her knowledge on data protection is valuable and highly appreciated.’

‘The Loyens Loeff data protection and privacy team in the Netherlands is very professional and dedicated. They are quite experienced in their field, responsive and able to provide precise but pragmatic and business-oriented advice.’

‘Kim Lucassen and Céline van Waesberge are both excellent professionals, experts in the field of data protection, with a deep understanding of complex topics such as sensitive data transfers and data protection impact assessments as well as data breaches. They provide pragmatic and quality advice, taking into account the business needs and the reality of industry practices. They have very good contact and ability to find solutions for clients.’

‘Kim Lucassen has the ability to quickly understand her client’s businesses and needs and has good availability.’

‘Kim Lucassen’s and Céline van Waesberge’s written and spoken English are excellent, they understand not only the law, but also wider strategic considerations. They also work hard to ensure that they are delivering what the client needs.’

Key clients

Westmond Hospitality Group

Colosseum Dental Group

Stichting Hartwig Medical Foundation (HMF)

DPG Media

Tata Communications Netherlands B.V.


Work highlights

  • Advised on the implementation of new personal data obligations regarding the impact of the Dutch implementation of the Directive on administrative cooperation in the field of taxation and repealing Directive 77/799/EEC (Dac 7).
  • Assisted MPG with the acquisition of more than 100 optical stores in the Netherlands and Belgium, including the divestment of the stores and corresponding client databases including health data.
  • Advised AlpInvest on the transfer of personal data to the US.

Project Moore Advocaten

Specialist IT and data protection firm Project Moore Advocaten is often sought out by large national and international firms for data protection reviewal mandates. The practice, led by Jeroen Koëter, Lieneke Viergever and Eva Visser, advises international and innovative domestic companies on data breaches and cross-border data transfers. IT practitioner Christian Van Seeters is another name to note.

Other key lawyers:

Jeroen Koëter; Lieneke Viergever; Eva Visser; Christian Van Seeters


‘An extremely competent, experienced and reliable law firm in the field of data privacy and data protection.’

‘Project Moore has an incredible team of great lawyers who are dedicated, professional and work together in a social, healthy and good work-life balance environment.’

‘All the individual lawyers who work at Project Moore contribute to the strengths of this amazing team.’

Key clients

GGD GHOR Nederland

Radboud University Medical Centre

Dutch National Police

The Dutch Ministry of Justice and Security

Custodial Institutions Agency

Nikon Corporation

Nikon Holdings Europe BV


KLM Royal Dutch Airlines

Transavia Airlines

Mitsubishi Logisnext Europe

Rocket Software B.V.


Work highlights

  • Advising GGD GHOR Nederland, as lead counsel, on the integral data protection elements of the €2bn outsourcing of booking and registering Covid-19 tests, vaccinations and contact tracing.
  • Assisting the Dutch Police, as lead counsel, with the data protection elements of the procurement of two high-profile IT systems.
  • Advising Radboud University Medical Centre on the data protection aspects of its high-profile collaboration with Verily.


The arrival of senior associate Nynke Brouwer in June 2022 strengthened the data protection specialism of Stibbe‘s TMT practice; Brouwer advises a range of clients on cyber incidents and ransomware attacks. Astrid Helstone is a key contact for data protection issues in the context of labour law matters, while Tom Barkhuysen covers intersecting administrative and data law disputes. Former team head Judica Krikke left the firm in March 2023.

Other key lawyers:

Nynke Brouwer; Astrid Helstone; Tom Barkhuysen


‘High technical expertise in cybersecurity and especially in the area of compliance and regulations.’

Allen & Overy LLP

Combining a strong local practice with a global network of data protection teams and experts, Allen & Overy LLP advises clients with an international presence on multi-jurisdictional cybersecurity incidents, investigations and data protection-related matters in transactions. Counsel Nicole Wolters Ruckert heads the Amsterdam-based team, dealing with an array of matters, such as compliance, enforcement processes and new data-driven business models such as AI in a range of business sectors, including automotive, technology, media, telecoms, retail, financial services and insurance. Ruckert is also called upon by the global teams, such as the US, when there are data investigations and transfers concerning Dutch and European entities. Associate Marleen Huisman supports Ruckert and has experience in the field of e-commerce platforms.

Practice head(s):

Nicole Wolters Ruckert

Other key lawyers:

Marleen Huisman


‘A strong understanding of the business, pro-active attitude and pragmatic solutions that can be implemented directly.’

‘Very high level of knowledge, very well capable of explaining complex matters, pro-active attitude and pragmatic solutions.’

‘Professional team, meets the timelines and deadlines.’

Key clients




Wolters Kluwer

BAM Group




CMS’s privacy and cybersecurity team has a robust cyber incident management practice. Erik Jonkman heads the practice, advising cyber insurers on data theft and ransomware. Head of the TMC sector group Katja van Kranenburg-Hanspians is a key contact for contract matters relating to technology and data, while Edmon Oude Elferink and senior counsel Simon Sanders are other key members of the team, assisting on competition issues related to data protection violations and the privacy aspects of innovative technology systems, respectively.

Practice head(s):

Katja van Kranenburg-Hanspians; Erik Jonkman

Other key lawyers:

Edmon Oude Elferink; Simon Sanders


‘Their team has always demonstrated an excellent understanding of the market, can dig into the details where necessary but can also be pragmatic.’

‘The team consists of highly qualified people with thorough knowledge of data privacy and protection. The team is easily approachable. The team takes it one step further by not only providing clear legal advice but also focusing on providing practical legal advice.’

‘Highly qualified lawyers, kind people, easily accessible and approachable, providing practical legal advice.’

‘The team is right there the moment you need them. The advice given is carefully formulated and explained in a manner that makes you feel confident that all relevant aspects are considered.’

‘Erik Jonkman is a very experienced and involved professional with an infectious passion for data privacy and data protection. He does not only provide the advice needed, but also shows and explains his considerations in a way that I really learn from it myself.’

‘The CMS Data privacy and data protection practice offers a high level of support that can handle anything from the most basic tasks to supporting with a data breach in less than 2 hours’ notice.’

‘The individuals in the team offer hands on personal support that ranges from basic input regarding data protection matters and the understanding thereof to complete incident support when a disaster strikes. The team is available at all times.’

Key clients



Stichting Open Nederland



Digital Partners



Comcast and ViacomCBS (SkyShowtime)


I-SEC International Security


ID Logistics

Work highlights

  • Advising on cyber security incidents and data breaches for AIG cyber insureds.
  • Advising on cyber security incidents and data breaches for Chubb cyber insureds.
  • Advising Stichting Open Nederland on all data protection aspects of the national establishment of large-scale Covid-19 testing facilities designed to reopen Netherlands during the pandemic.

Eversheds Sutherland (Netherlands) B.V.

Specialist IP, IT, privacy and cybersecurity practitioner Olaf Van Haperen leads Eversheds Sutherland (Netherlands) B.V.‘s data privacy practice. Van Haperen advises healthcare institutions and fintech, blockhain and software companies on technology-driven privacy, cyber incidents and compliance matters. Senior associate Robert Santifort operates at the interface of IP and IT, working on database law, trade secret protection and data-related IP restructuring and licensing. Senior associate Judith Vieberink focuses on data mandates pertaining to software delivery.

Practice head(s):

Olaf van Haperen

Other key lawyers:

Robert Santifort; Judith Vieberink


‘Steady team with in-depth knowledge that is easy to reach and provides practical solutions!’

‘It is helpful to have an EU Representative service that can also help with overflow and specific projects.’

‘Robbert Santifort is personable and efficient.’

Key clients

Cyrus One








Zorgverzekeraars Nederland

Kering Group


Gibson Brands



Dutch Cancer Foundation


Aalberts Industries



Work highlights

  • Advising GETIR on data privacy, including international data flow mechanisms and e-privacy vs GDPR queries.
  • Advising CyrusOne on GDPR and cybersecurity topics on an EU-wide scale.
  • Advising The Dutch Cancer Foundation (Stichting Koningin Wilhelmina Kankerfonds) in all its day-to-day telecoms and data privacy issues on a pro bono basis.

Greenberg Traurig LLP

Greenberg Traurig LLP‘s data privacy and protection team, led by Herald Jongen, routinely advises ministries of the Dutch state, including justice and security, education and science, and defence, on data-critical matters concerning Google and the Schrems II decision. Nienke Bernard is a key support at the senior associate level. The team also advises private sector clients, for example, taking on GDPR compliance mandates for clients working on procuring and implementing clinical trial systems.

Practice head(s):

Herald Jongen

Other key lawyers:

Nienke Bernard


‘Greenberg Traurig is practical, thorough, bringing proper knowledge and expertise to the table.’

‘The Greenberg people we dealt with are razor sharp, knowledgeable and find solutions.’

‘The team is very knowledgeable and capable of dealing with any privacy problem quickly and easily. They have broad knowledge of what is going on and have various (negotiating) strategies to persuade global parties to make the right agreements.’

‘Herald Jongen is a specialist lawyer. He has a broad network of colleagues, experts and parties to consult if needed. Able to make complicated matters manageable. An expert and negotiator.’

Key clients

State of the Netherlands (Ministry of Defence)

State of the Netherlands (Ministry of Justice and Security)

State of the Netherlands (Ministry of Education & Science)



Nationale Nederlanden Bank

Wien Digital



European Stability Management (ESM)

National Cyber Security Centre of the Dutch State (NCSC)

Work highlights

  • Represented SURF, the association for IT in Dutch higher education and research, as well as SIVON, on negotiating an emergency deal with Google, making the Google services GDPR compliant.
  • Acted as lead counsel to the Dutch Ministry of Justice and Security for the renewal of licence agreements of many public entities with Microsoft.
  • Aassisted the State of the Netherlands Ministry of Justice and Security on the consequences of Schrems II.


The data privacy and protection team of Houthoff represents clients in a range of legal proceedings, including those involving the Dutch DPA. Thomas De Weerd leads the IT and data privacy practice groups, focusing on both contentious and non-contentious mandates, with the latter involving the restructuring of international data transfers in light of the Schrems II decision. Weerd also advises on the data protection aspects of M&A transactions in the technology sector. Associate Jurre Reus is a key name to note for compliance advice. The practice advises many clients in the automotive sector on data compliance.

Practice head(s):

Thomas de Weerd

Other key lawyers:

Jurre Reus


‘The firm provided a professional analysis of the issues that were discussed. In addition, contributed with a strong legal opinion and supportive action items to be taken in order to address issues and save them.’

‘Kind, responsive, professional and patient.’

‘Strong and practical legal advisors.’

‘Jurre Reus gives concise and practical advice.’

‘The employees of Houthoff have a high standard. It’s not only looking towards the law, but also thinks businesswise and how it can contribute to the organization’s needs.’

‘They are pro-active, have a lot of GDPR knowledge and are quite fast in making policy documents.’

Key clients


Kia Nederland



Ford Nederland and Ford of Europe

Hyundai Motors Nederland


Ola Cabs



Exact Software

Rad Power Bikes


Pensioenfonds Detailhandel


Work highlights

  • Represented Ola Netherlands (Ola Cabs) in an appeal against the Amsterdam court’s decision from 2020, in which it had dismissed most of the drivers’ claims for data access and data portability under the GDPR.
  • Representing RDW in a case regarding a complaint lodged with the Dutch Data Protection Authority regarding automated comparisons of vehicle registration databases for over five years.
  • Advising Pensioenfonds Detailhandel on legal frameworks applicable to publishing data online, an outsourcing agreement covering personal data processing and a GDPR access request.


NautaDutilh‘s tech group, led by Joris Willems, frequently assists clients with international data transfers and privacy compliance matters of a global nature. The Dutch team forms a key part of the wider Benelux practice, and is well positioned to work on cross-over data protection matters. The range of work includes litigation concerning data subject rights requests, processing activities and cross-border data transfer compliance. Albert van der Kolk specialises in intersecting data protection and employment law matters, while Jolize Lautenbach is a key contact for clients seeking assistance on data breaches. Senior associate Terrence Dom, new arrival at the associate level Sarah Zadeh, and associate Danique Knibbeler are important members of the team, bringing technical expertise in the IT and cyber security fields.

Practice head(s):

Joris Willems

Other key lawyers:

Albert van der Kolk; Jolize Lautenbach; Terrence Dom; Sarah Zadeh; Danique Knibbeler


‘The team is very knowledgeable, practical and delivers work on time.’

‘NautaDutilh’s continuously growing data privacy and data protection practice is always of great help to us when we are in need of legal advice. They know our business very well and also really understand the interaction of data privacy/data protection with our business. Would recommend!’

‘Terrence Dom is the rising star of NautaDutilh’s Data privacy and data protection practice. Very knowledgeable and approachable and always delivers.’

‘The team is very knowledgeable and cooperates internally like a charm. Due the continuing expansion of the team, clients can be assured that continuity is assured.’

‘The individuals have made sure that they understand our company, our culture and risk appetite properly before advising us. They are all very motivated and willing to deliver.’

‘Terrence Dom has an outstanding ability to advise on complex matters. The turn-around time is quick. Very practical and to the point.’

‘Great knowledge of privacy issues and able to customise it for our organisation.’

‘Very pleasant in meetings, very quick to react to questions and able to simplify complex issues.’

Key clients


Airbnb, Inc.

American Express

Anthony Veder Group N.V.

ASR Nederland

Bank of America Merrill Lynch


Blauwtrust Groep N.V.

CBRE Global Investors



Dynamic Credit


Ginkgo Bioworks

HAL Investments

ING Bank



Keensight Capital

Levine Leichtman Capital

Lineage Logistics

Nationaal Park De Hoge Veluwe


NPM Capital








Rooftop Energy

RTL Group



Stichting Stimuleringsfonds Volkshuisvesting Nederlandse Gemeenten

Syntrus Achmea Real Estate & Finance

Tata Consultancy Services


The Norinchukin Bank



Zuidwest Radiotherapeutisch Instituut

Work highlights

  • Assisting Prosus on a wide variety of data privacy and data protection matters.
  • Represented Deloitte in privacy litigation concerning a data subject access request.
  • Advising ING Bank on a wide variety of data privacy and data protection-related matters.

Osborne Clarke

With the arrival of data law specialist Joanne Zaaijer from Loyens & Loeff in January 2022, Osborne Clarke is sought out by blue-chip clients for advice on complex multi-jurisdictional and business-critical data protection matters. The practice assists clients in a range of sectors such as retail, healthcare, media and leisure on the impact of regulations and the implementation of policies.

Practice head(s):

Joanne Zaaijer

Other key lawyers:

Coen Barneveld Binkhuysen


‘The team combines expertise and great understanding of the industry and our organization.’

‘Joanne Zaaijer stands out for her practical and hands on advice. She is exceptionally knowledgeable and approachable. She is a true expert in her field, excellent in communication and managing expectations and moreover a great person to work with.’

‘The lawyers are professionals, technically skilled and collaborative.’

‘Great team, fun to work with, hands on and always available. They find practical solutions.’

Key clients












Work highlights

  • Assists Meta on a continuous basis on a wide variety of privacy and data protection law matters, mainly in relation to Facebook and Instagram.
  • Advising Google on a continuous basis on the Digital Services Act and the local implementation of the Omnibus Directive in Netherlands.
  • Advising Henkel in the area of data protection law, including providing training to Henkel’s employees who are responsible for certain processing operations, advice in the event of data breaches.

bureau Brandeis

Representing funding parties in data privacy collective action litigation is a niche specialism of bureau Brandeis' data protection practice. Christiaan Alberdingk Thijm and Vita Zwaan lead the practice, with the latter also head of the privacy compliance team. Silvia van Schaik and Caroline de Vries are key information and privacy law contacts in the team. A diverse range of clients, including theatres, retailers, telecoms and IT companies, seek the team’s advice on GDPR compliance.

Practice head(s):

Vita Zwaan; Christiaan Alberdingk Thijm

Other key lawyers:

Silvia van Schaik; Caroline de Vries; Jacob van de Velde; Minke Gommer


‘The Brandeis team has been a real business partner for us from the moment we started our company. Silvia van Schaik and her team really wanted to understand the essence of what we did and put a lot of effort in providing us with advice, documentation and support in conversation with partners. They have a personal approach and have extremely quick response times when needed.’

‘Silvia van Schaik is extremely knowledgeable and can easily explain complex legal situations both verbally and in writing. She and her team are willing to go the extra mile to help us being successful.’

Key clients



Dutch Digital Agencies

Fieldlab Evenementen


The Privacy Collective

Stichting Massaschade & Consument


Rotterdam-based firm Ploum‘s data privacy and protection practice is led by Dennis Zieren and Dorine ten Brink, two experienced IT and privacy practitioners. Senior associate Nina Witt specialises in healthcare sector privacy matters, including advising on data processing activities, compliance and data processing agreements, as well as data breaches and data protection impact assessments.

Practice head(s):

Dennis Zieren, Dorine ten Brink

Other key lawyers:

Nina Witt


‘The proactive approach and the fact that they always put our interests first has been a great pleasure for us.’

‘Excellent team. Wonderful service and advice. Easy to work with and hands-on. Very client focused.’

‘Dennis Zieren gives you everything needed to be in an optimal position. A go-to person for data privacy and data protection-related matters. Fast, hands-on and client focused. Easy to work with.’

‘Specific knowledge of the business and my company as well as in-depth knowledge on privacy and data protection.’

‘Committed and expert lawyers. Lots of knowledge in-house. Pleasant people to work with, always an opportunity to spar. Think along with the organisation.’

‘Extensive knowledge in specific areas of law. The lawyers listen carefully to what you want and are very involved. They are always easily accessible to answer questions.’

‘The internal fast-tracking and the cooperation of teams within Ploum’s organisation significantly accelerated the project.’

Key clients

BovenMaas Prenataal B.V.

Centrient Pharmaceuticals Netherlands B.V.

Codeless Technology B.V.

Coöperatie Univé Het Groene Hart U.A.

Service App B.V.

Heineken Nederland B.V.

Koole Terminals B.V.

Nemo Healthcare B.V.

ONE-Dyas B.V.

Portbase B.V.

Stephens & Associates, Ltd.

Stichting Kunsthal Rotterdam

Stichting NBD Biblion

Tamoil Nederland B.V.

Unilever N.V.

Unit4 N.V.

Vrumona B.V.

Young Perfect B.V. (Eatertainment)

Work highlights

  • Advised Heineken Nederland on several privacy matters regarding the processing of personal data relating to marketing activities and events.
  • Advising Stitching Krunsthal Rotterdam on data processing activities and carried out a data protection impact assessment.
  • Advised BovenMas Prenataal on several privacy matters concerning sharing medical information with other healthcare specialists.

SOLV Advocaten

SOLV Advocaten‘s data privacy and protection team is called upon by funding parties for plaintiff representation in high-profile collective redress actions concerning large-scale national data breaches concerning the social media and healthcare industries. Healthcare specialist Thomas Van Essen and experienced litigator Douwe Linders jointly lead the practice.

Practice head(s):

Thomas van Essen; Douwe Linders

Other key lawyers:

Yentl van den Winkel; Micha Schimmel


‘The team has deep knowledge of data protection law in the Netherlands and in the EU. Always ahead of its competitors.’

‘Thomas van Essen is an outstanding data privacy lawyer with a top team.’

‘Great knowledge of data privacy and provides practical advice.’

Key clients

Jumbo Supermarkets


Holland Casino

Sanoma Learning



Stichting ICAM


Work highlights

  • Advised Jumbo Supermarkets on the privacy implications of an application that coaches customers in purchasing more healthy products, fitting to their diets and training goals.
  • Supported investigative journalism platform Follow The Money in its research into a political scandal in the Netherlands, providing advice on GDPR data requests with government authorities.
  • Representing the SOMI Foundation in a €1.4bn data privacy class action against TikTok and representing Foundation ICAM in a €3.2bn data privacy class action against the Dutch State.

Taylor Wessing

Taylor Wessing is internationally known for its expertise in TMT and life sciences. With offices strategically placed in Amsterdam and Eindhoven, the team is well placed to offer strategic advice to clients. Otto Sleeking leads the technology practice, advising clients on IT-related data protection matters, such as data processing agreements, security measures and data transfers. Associate Martijn Loth assists with regulatory compliance, data protection, telecommunication laws and regulation. The pair advise clients on emerging technologies, such as AI, and deal with serious data breaches and cyber-attacks.

Practice head(s):

Otto Sleeking

Other key lawyers:

Martijn Loth


‘The firm is easy to work with; there is one contact person with ability to reach out or make connections with other experts within the firm. Quick responses and clear answers and guidance to questions or issues.’

‘Professional support and quick, clear response from Otto Sleeking.’

‘Specialist, relatively small team that is able to provide high-quality services in a timely manner.’

Key clients

ING Bank N.V.


Lidl Nederland GmbH

Technische Unie BV

Kawasaki Motors Europe NV

Sociale Verzekeringsbank

Technische Universiteit Delft


Argenta Spaarbank

Homefashion Group

DAF Trucks


WCC Group

Work highlights

  • Advised a global leading manufacturer of dispensing technology to ensure compliance of a web of data transfers.
  • Advised a biotech unicorn on a product and service offering involving processing of special categories of personal data, as well as doctor-patient confidentiality on the basis of the Medical Treatment Contracts Act.
  • Advised a €10bn+ revenue corporate group active in the energy sector on a multi-jurisdictional data breach.

Vondst Advocaten N.V

Vondst Advocaten N.V frequently advises well-known Dutch companies across a range of sectors, including retail, FMCG, charity and media, on GDPR implementation and data breaches. Herwin Roerdink heads the data protection department; Polo van der Putt is a name to note for his knowledge of big data analytics and emerging technologies; and senior associate Tineke van de Bunt is a key support on privacy-related M&A work.

Practice head(s):

Herwin Roerdink

Other key lawyers:

Polo van der Putt; Tineke van de Bunt

Key clients




National Postcode Lottery


University of Amsterdam



Credit Europe Bank