Data privacy and data protection in Netherlands

Bird & Bird

Bird & Bird excels in handling complex regulatory and advisory data protection matters, including cross-border compliance and emerging technologies. The team regularly advises on international data transfers, data compliance, and blockchain issues for large tech companies. Regulatory enforcement also falls within the scope of the practice. Berend Van Der Eijk and Wilfred Steenbruggen both lead the practice, with van der Eijk handling clients that rely on technology and data for their businesses as well as fintech companies. Steenbruggen was promoted to partner in 2023 and advises both international clients and start-ups on regulatory issues. Chloë Baartmans and Shima Abbady are also noted for assisting with all data-related issues.

Practice head(s):

Berend van der Eijk; Wilfred Steenbruggen

Other key lawyers:

Chloë Verschoor; Shima Abbady


‘Very knowledgeable about relevant developments in different industries.’

‘It is a pleasure to work with Wilfred, he understands our business and our challenges and really tries to come up with pragmatic and compliant solutions ’

‘Business-minded advice and creative solutions. ’

Key clients


Teva Pharmaceuticals




Nuts Groep




European Commission

Domino’s Pizzas





Delta Energie


Work highlights

  • Advising Teva Pharmaceuticals as DPO on daily data protection law compliance.
  • Appointed by the European Commission to advise on international data transfer mechanisms as well as on its ground-breaking European Blockchain Services Infrastructure (EBSI) project.
  • Advising a leading global payment provider on data protection law compliance and wider data regulation, including artificial intelligence.


Brinkhof continues to excel in the field of data privacy and data protection, representing key tech clients in enforcement proceedings and investigations by the Dutch Data Protection Authority, as well as appeals against its decisions. The team also handles GDPR matters and other regulatory issues for a variety of sectors including financial services, healthcare, pharmaceuticals, platforms, and TMT companies. Clientele includes major US technology platforms, which the firm advises on complex enforcement matters. Practice head Quinten Kroes is a key contact in this area for many notable clients. Remon van Saane is key to the team assisting in a wide range of data protection matters. Media expert Remy Chavannes handles issues that span both privacy and media law, while Dorien Verhulst is a specialist in lawful interception. Manon Oostveen is also noted.

Practice head(s):

Quinten Kroes

Other key lawyers:

Remy Chavannes; Dorien Verhulst; Remon van Saane; Manon Oostveen


‘Brinkhof’s team is excellent. They are thought leaders in their space, and our trusted advisors on privacy.’

‘Quinten Kroes is the stand-out partner. He’s wicked smart, very available, and gives sharp and to the point advice. I highly recommend him.’

‘What makes the team exceptional is that in addition to being data privacy experts, they boast vast knowledge of both civil and administrative procedural law: combined with the experience and strategic thinking of the partners, Brinkhof really is the go-to firm for privacy litigation. I feel that I can always trust the advice that Brinkhof delivers.’

‘Quinten Kroes is a nationally and internationally renowned privacy expert and an exceptionally intelligent and amiable attorney. What I appreciate in Quinten is that he is really focused on content and delivering quality. I believe these characteristics make him really successful at resolving conflicts both in and outside of court. ’

Key clients



DPG Media





Duchenne Parent Project (and associated Duchenne initiatives)


Work highlights

  • Represented VoetbalTV in litigation against the fine imposed by the Dutch DPA regarding the legal basis under the GDPR for its filming and online distribution of amateur football matches – obtaining the first court ruling in the Netherlands completely annulling a GDPR fine.
  • Advising Google on various matters including the data protection impact assessment undertaken on behalf of the national government and subsequent negotiations regarding the potential use of Google’s various cloud services by government bodies and other public sector users.
  • Representing DPG Media in its objections and subsequent appeal against a €525,000 fine imposed by the Dutch DPA for its policy of requiring data subjects to submit a copy of their IDs if they sought access or removal of their personal data.

De Brauw Blackstone Westbroek

The go-to team for larger and complex data protection matters‘, De Brauw Blackstone Westbroek is an expert in handling high-risk privacy and cybersecurity issues. The team focuses largely on public and private enforcement, regularly assisting clients with investigations and litigation. Follow-on mass claims civil litigation, data infringement, and cybersecurity incident responses are particular strengths of the group. Clients typically include multinational technology companies and online platforms. Geert Potjewijd leads the practice together with Axel Arnbak. Potjewijd specialises in complex multidisciplinary litigation and regulatory enforcement, while Arnbak is an expert in both privacy and cybersecurity matters. Arjan Kleinhout adds public law knowledge to the practice, and Mirjam van Dam assists in high-stake litigation.

Practice head(s):

Geert Potjewijd; Axel Arnbak

Other key lawyers:

Arjan Kleinhout; Mirjam van Dam; Svetlana Yakovleva;Emma Üstünalp; Jonathan de Geus; Justyna Niemczyk


‘De Brauw’s data protection team is absolutely the go-to team for larger and complex data protection matters. They master the subject matter and work closely with the litigation and mass claims team and as such they are excellently equipped to advise and litigate on data protection class actions. ’

‘On data protection I’ve mainly worked with Axel Arnbak. He is a seasoned and well known data protection lawyer and an amazing sparring partner. He is not only well aware of the latest trends in his field, he also has excellent in-depth knowledge of legal background, political sensitiveness, historic laws and cases etc. Regardless how complex the subject matter is, Axel masters the skill of explaining this in a super clear manner and quickly spots the sensitive topics.’

‘Due to the portfolio of clients and the legal (court) cases the team is involved in, it has a very good oversight of what is happening in the privacy field.’

‘Axel Arnbak is very knowledgeable with a practical approach.’

Key clients

Salesforce, Inc.

Meta Platforms, Inc.

Uber Technologies, Inc.

TikTok Technology Limited

Public Interest Litigation Project (PILP)

Work highlights

  • Acted as the lead counsel and trusted advisor for TikTok in a collective action initiated by three competing Dutch claim vehicles on behalf of TikTok users for alleged infringements of European data protection and consumer protection laws.
  • Acted as counsel for Meta in mass claims litigation for alleged data protection violations related to its social media platform Facebook.
  • Acted as lead counsel for Uber before Dutch courts in a landmark case and potential follow-on litigation about access to personal data, related information about automated decision making and the right to data portability under the GDPR.

Hogan Lovells International LLP

The data privacy and cybersecurity practice at Hogan Lovells International LLP is led by Joke Bodewits, who is praised for her expertise in privacy regulations. Bodewits advises on both European and global data compliance projects, data governance strategies, and cybersecurity matters. The firm is known for its strong life sciences and health care sector advice, but also advises IT, technology, and large corporations on their data privacy issues. It also routinely advises on cross-border mandates. Working closely alongside Bodewits is Chantal van Dam who is well-versed in the fields of data protection and cybersecurity. Van Dam has actively been supporting global clients with company and personal data issues related to acquisitions and sale of companies.

Practice head(s):

Joke Bodewits

Other key lawyers:

Chantal van Dam


‘Easy to communicate with and to-the-point practical advice. ’

‘The team is incredibly privacy aware and has a very good knack for explaining the privacy requirements in a non-legal way. Team also adapts very fast to our everchanging business set up to give us the best guidance in privacy matters.’

‘Hogan Lovells really are leading in the field of privacy, cyber incident response and tech; they are always up to date. They have excellent contacts with law makers, are commercially astute and can be counted on when you really need them’

‘Joke Bodewits is exceptional. She is not just technically sound on privacy regulations but an excellent sounding board for wider commercial considerations and knows how regulators work. She gets to the nub of the matter and delivers exactly what is needed.’

‘Joke Bodewits is not only a star expert in privacy matters, she also takes great care of client negotiations which are very successful.’

Key clients


Wolters Kluwer

Zimmer Biomet

Amylyx Pharmaceuticals




Work highlights

  • Assisting with strategic advice on its data privacy and governance, and use and optimisation of data, including personal data, on a day-to-day basis.
  • Assisting Insulet with strategic advice on data protection compliance matters.
  • Advising PVH on data protection, ePrivacy, and cybersecurity matters.

Kennedy Van der Laan

Kennedy Van der Laan is well-versed in administrative enforcement law and data protection law, allowing it to advise on a range of contentious and non-contentious privacy issues. The firm excels in assisting clients in the financial, logistics, telecommunications, entertainment, and healthcare sectors. The team routinely undertakes investigations and enforcement proceedings carried out by data protection regulators both locally and internationally and recently formed a 24/7 incident response team. Hester de Vries, Quirine Tjeenk Willink, Rosalie Brand, and Judica Krikke all jointly chair the practice. De Vries handles issues at the forefront of data protection such as AI, open data, platforms for data sharing, and adtech. Litigator Tjeenk Willink is an enforcement law specialist, Brand was promoted to partner in 2023 and mainly supports clients with cybersecurity incidents. Krikke focuses on complex digital transformation processes, IT and cloud outsourcing issues. Elise Troll was appointed counsel in 2023 and advises on data protection particularly in relation to telecoms.

Practice head(s):

Hester de Vries; Quirine Tjeenk Willink; Rosalie Brand; Judica Krikke

Other key lawyers:

Elise Troll


‘Kennedy Van der Laan’s team is uniquely positioned to provide world-class advise. They can leverage experience build up over the past 20 plus years and have a large team with legally, technically and commercially savvy players, not only at partner level. ’

‘Elise Troll is definitely on the rise. She is super smart, always available, very practical, comes with creative and out of the box solutions and is fun to work with. She is strong on both content and relationship. ’

‘The privacy lawyers of Kennedy Van der Laan have thorough knowledge of the GDPR and the Dutch Uitvoeringswet AVG. They are easily approachable and often provide direct support.’

Key clients

Meta Platforms Ireland

Sonos Inc.

Schiphol Group



Stichting BKR


Translink Systems B.V.


Stichting Aidsfonds – Soa Aids Nederland

Work highlights

  • Advised on a matter including a vast ransomware attack on an IT provider in Canada providing services to many market investigation bureaus, processing a vast amount of personal data of very many large companies.
  • Advising Northwave on various issues including  notification obligations to the Dutch Data Protection Authority, Authority Financial Markets, National Cyber Security Centre and other supervisory authorities, customers and data subjects, ransom payments and liability claims.
  • Assisted Stichting BKR with legal proceedings against the Dutch Data Protection Authority (AP). The AP imposed a fine of €830,000 on Stichting BKR for alleged violation of the GDPR – the district court lowered the fine to €668,000.

Pels Rijcken & Droogleever Fortuijn NV

Pels Rijcken & Droogleever Fortuijn NV is a stand-out firm for data protection and privacy, with broad coverage including litigation and advising on technologies including artificial intelligence. The practice is known for its skills in advising clients within the public sector but also excels in advising private sector clients. As a result of this the team often advises on data exchange arrangements between entities governed by both private and public law. Gerrit-Jan Zwenne and Marte Van Graafeiland both co-lead the privacy and data protection team. ‘Top authority‘ on data protection Zwenne has extensive experience in a number of data protection issues including AI, biometrics, blockchain, sensor data, and other upcoming technologies. Van Graafeiland is especially knowledgeable on public sector data privacy and protection issues, advising a range of ministries to local authorities and regulators.


Practice head(s):

Gerrit-Jan Zwenne; Marte Van Graafeiland; Meine Dijkstra; Jeroen Naves


‘This team has done outstanding work in the area, and does a lot to build communities among their clients such as data protection officers by organising expert meetings and knowledge events about the latest developments in the field.’

‘I’ve known Gerrit-Jan Zwenne for a long time as an academic and a lawyer. He has a can do mentality. His critical approach of supervisory authorities and his solid advice all make him stand out. He is extremely knowledgeable and competent as well as communicative.’

‘The uniqueness lies with Gerrit Jan-Zwenne. He is hands down the top authority on data privacy and data protection. True expertise shows if someone is able to explain it in a simple and effective way. No fuss no uncertainty, just practical advice and guidance with a business lens.’

‘Regarding Gerrit-Jan Zwenne: I appreciate not only his in-depth knowledge on privacy and data protection law, but also his practical approach and strategic thinking on very complex legal issues. In my view he is undisputed the most authoritative lawyer in the field. ’

‘Pels Rijcken has managed to build a top tier practice in data protection over the last couple of years that is particular know for its excellent knowledge and experience in the public sector.’

‘That’s Gerrit-Jan Zwenne without a doubt who combines a strong knowledge about privacy regulation with the capability to take positions that really help his clients to change the game. Because of his knowledge and sharp observations, he is uniquely qualified to lead disputes with the supervisory authorities, if necessary in court.’

‘Jeroen Naves is always easily accessible, thinks along with us, and steps in when necessary to go the extra mile, such as sharing his knowledge in meetings.’

Key clients

Data Privacy Stichting (DPS)

Stichting Bescherming Privacybelangen (SBP)

Stichting Consumers United in Court (CUIC)

Surfshark Incogni


Ministry of Justice and Security

Ministry of Economic Affairs

Ministry of Foreign Affairs

Ministry of Education

Ministry of Public Health

Parliament (Tweede Kamer)

Work highlights

  • Represented the Data Privacy Foundation (Data Privacy Stichting) in the first major Dutch class action case against Meta Inc. for multiple serious infringements of data protection law, which the team subsequently won.
  • Represented the Environmental Protection Agency in summary proceedings started by Tata Steel in IJmuiden and subsequently won the case. The Agency had installed video cameras to monitor Tata Steel’s compliance with environment law. Tata Steel argued that such cameras disproportionally harmed its employees’ privacy and consequently their privacy rights were unlawfully violated.
  • Advised Ministry of Education on Google Educational Services Product on its (mandatory) data protection impact assessments, performed by the privacy consultancy Privacy Company. It showed that these products and services were not fully compliant with the GDPR.

Van Doorne

Van Doorne focuses on contentious data protection matters including high risk and multijurisdictional issues. The team has handled numerous high profile data breaches for its clients as well as enforcement actions, class actions, and mass claims, as well as a full spectrum of non-contentious regulatory work. Practice head Elisabeth Thole  handles the full gamut of data privacy issues; she is supported by Özer Zivali  who specialises in contentious data protection matters and is well-versed in handling cross-border data breaches and enforcement mandates.

Practice head(s):

Elisabeth Thole

Other key lawyers:

Özer Zivali


‘Elisabeth Thole – a powerhouse who is extremely good content wise but also to bring together people and make things happen. It is always a pleasure working with her.’

‘They’re above standard knowledge in their knowledge of data privacy and data protection. Their ability to swiftly address potential risks and actions to be necessary taken.’

‘Elizabeth Thole and her team demonstrated a vast knowledge of the actions to be under taken when needed to. Hands on advice and taken a lot out of our hands, so that we could concentrate on managerial actions to be taken.’

‘The talented team, headed by Elisabeth Thole as its client partner, has relentlessly showed excellent legal capabilities, as well strategic and tactical insights in this broad and complex case. With a strong client focus, great flexibility and quick responses.’

‘In particular, Özer Zivali has showed an in-depth knowledge and understanding of this complex case in all aspects, always keeping an overview and a strong focus on priorities as well as the many stakeholders in the field. ’

‘Özer Zivali: he stands out in thinking thoroughly all the facts, keeps calm and translate his analysis of the facts and possible scenario’s into good and practical advice. He never let us down and he is more than a rising star right now in the team. He already reached by far the senior level in the team. We are very glad with him being on the Van Doorne’s privacy team.

‘Elisabeth Thole and Özer Zivali think proactively in the best interest of the client, they are very approachable and have a lot of knowledge. In their fields they are among the best in the Netherlands.’

‘Elisabeth Thole is very knowledgeable and client driven. She is to the point and complete in her advise. She is an honest and kind person, which contributes to our required good communication.’

Key clients

Achmea / InShared

Ahold (Koninklijke Ahold Delhaize)




Havenbedrijf Rotterdam (Port of Rotterdam)


TU/e – Eindhoven University of Technology


Work highlights

  • Assisted GGD GHOR with the investigation of the Dutch DPA in relation to a widely reported data breach in the Netherlands related to systems used for Covid-19 testing, source-and-contact tracing, and vaccination in the Netherlands.
  • Assisted IDEXX with various cross-border GDPR related matters.
  • Assisted the Eredivisie with an important GDPR compliance related matter.

Allen & Overy LLP

Clients of Allen & Overy LLP include both Dutch corporations and large multinational companies who require comprehensive advice on their data privacy and data protection issues. The practice also handles numerous cybersecurity incidents and issues, as well as cross-border work. Nicole Wolters Ruckert chairs the practice, she advises on the full gamut of data privacy issues including both compliance and enforcement processes. Marleen Huisman and Marleen Van Putten are core members of the team with the former assisting e-commerce platforms in data privacy and the latter handling the crossroads of IP and data protection.

Practice head(s):

Nicole Wolters Ruckert

Other key lawyers:

Marleen van Putten; Marleen Huisman


‘Nicole Wolters Ruckert is an authority on privacy and data monitzation issues in particular. Her knowledge of technology makes her a pleasant discussion partner for the business and ensures that advice is not only theoretically correct but also consistent with practice. She is also a very pleasant person to work with, never afraid to go the extra mile and very easy to reach. ’

‘Dedicated, always available, committed’

‘Great team, easy to work with and outstanding knowledge of their subject matter.’

Key clients



Work highlights

Loyens & Loeff

Loyens & Loeff covers a notable range of data protection and privacy issues from representing clients in court before the Data Protection Authorities for data beaches to advising on the GDPR and other key topics such as the data issues concerning M&A deals, AI, e-health, and wearables. The firm combines its expertise from other practice areas to give fully rounded advice to clients in projects and are especially adept at handling the intersection of life sciences and healthcare with data privacy. Practice head Kim Lucassen is ‘highly experienced in all fields of privacy and data protection‘ and regularly advises on both contentious and non-contentious data issues. She is supported by Nina Orlić who assists tech and e-commerce companies with data compliance, data transfers, data infrastructure, and outsourcing. Céline Van Waesberge  left the firm in May 2023.

Practice head(s):

Kim Lucassen


‘Great diverse and collaborative team headed by the knowledgeable Kim Lucassen. Well organised and works efficiently. ’

‘Kim Lucassen is knowledgeable and highly experienced in all fields of privacy and data protection, from solid litigation advice to coordinating a global data breach. Great to work with. ’

‘Everyone I have worked with from Loyens & Loeff are always willing to assist with any possible problem and always trying the achieve the best possible outcome.’

‘I have worked closely with Nina Orlic and Kim Lucassen. I value their unique approach to every client and focus on understanding our individual issues.’

‘Kim Lucassen stands out. She is great to work with, and has excellent knowledge of privacy and pharmaceutical laws and is a fast and smart thinker. ’

‘Kim Lucassen stands out for her analytical skills, ability to grasp complex legal issues and high-quality and practical advice. Kim demonstrates a deep commitment to her clients and is always accessible, responsive, and willing to go the extra mile to ensure clients’ needs are met. Kim combines her knowledge on data protection with her valuable expertise on regulatory compliance, particularly in the health and life sciences industry.’

‘This is a wonderful team both from a knowledge perspective as in terms of pleasant cooperation and it has been for many years. The team is highly responsive and gives excellent advice. They are particularly experienced in transaction related privacy advice.’

‘Kim Lucassen is impressive. Highly knowledgeable on multiple areas of the law and a great people manager. Nina Orlic is an associate to watch. Quick thinker, analytic skills are far above average and very tech savvy.’

Key clients

AstraZeneca Pharmaceuticals LP

Banco Santander S.A. / Santander Consumer Finance S.A.

Colosseum Dental Group

Jan Linders Supermarkten B.V.

Keensight Capital

Laced Europe Ltd

Pharmaceutical Research Associates Group B.V.

Stichting Hartwig Medical Foundation (HMF)

Tata Communications Netherlands B.V.

Work highlights

  • Represented PRA NL in a dispute concerning the ownership of personal data under Dutch law, focusing on trial-related documents and the GDPR.
  • Advised Laced on a range of subjects, including privacy and data protection, including the establishment of a setup for its European expansion ensuring its terms and conditions complied with relevant European and Dutch consumer laws and GDPR.
  • Advising Banco Santander on a regular basis on data protection related matters, including  a dispute concerning a negative credit registration and the right to be forgotten.

Project Moore Advocaten

Boutique firm Project Moore Advocaten specialises in the field of data protection and privacy, typical work includes data breaches, cross-border data transfers, and data compliance. The team has been increasing its capabilities with regards to M&A-related privacy advice and litigation disputes. The arrival of Céline van Waesberge from Loyens & Loeff in June 2023 has greatly bolstered the practice. Van Waesberge is well-respected for her data privacy expertise and has strengthened the firms ability to assist life sciences and healthcare clients with all their data-related issues. Eva Visser is a expert in IT and data protection and leads on technology and data-driven transactions. Lieneke Viergever regularly advises local business media companies on data privacy issues, while Jeroen Koëter handles a range of IT and data privacy disputes and advisory work.

Other key lawyers:

Céline van Waesberge; Eva Visser; Lieneke Viergever; Jeroen Koëter


‘Great firm, they are able to make complex information understandable and are always thinking along. I enjoy working with them a lot.’

‘I worked with Lieneke Viergever and she is extremely flexible, always available and accommodating the requests. Skilled individual, prepared and quick in understanding business needs and how to better protect/ help it. ’

‘I would like to express my appreciation to the exceptional team at Project Moore Advocaten, a dynamic practice group specialising in the field of privacy and data protection. I believe that the team is clearly a front runner in the field of data privacy law. One of team’s key qualities is the wealth of expertise its members bring to the table. Its professionals possesses a profound understanding of data protection laws and regulations, coupled with a profound awareness of the latest industry developments.

Key clients

Radboud University Medical Centre

Dutch National Police

The Dutch Ministry of Justice and Security

The Employee Insurance Agency (UWV)

Custodial Institutions Agency (DJI)



Nikon Corporation (Japan) and Nikon Holdings Europe BV


KLM Royal Dutch Airlines

Transavia Airlines

Mitsubishi Logisnext Europe


Kickstart AI

Work highlights

  • Advising Radboud University Medical Centre on its collaboration with the Michael J. Fox Foundation for participation in the Global Parkinson’s Programme (GP2) to combat the disease.
  • Advised Crisp on the crucial data protection elements of its January 2023 acquisition of meal box supplier De Krat.


The team at CMS is sought out by clients to help with incident response and management. The team has worked on numerous high-profile cyber incidents and continues to assist major cyber insurers. Erik Jonkman leads the privacy and cybersecurity practice lading on key cyber incidents and data breaches. Simon Sanders and Edmon Oude Elferink are also key names in the team.

Practice head(s):

Katja van Kranenburg-Hanspians; Erik Jonkman


‘Erik Jonkman not only is very experienced, but also brings a lot of enthusiasm for his profession. He always finds a solution for the problem. ’

‘The team consists of lawyers with extensive knowledge of cyber incidents. they switch very quickly in the event of a cyber incident and know how to bring in the right experts in the field of a cyber attack where the need arises at the time. Their own focus is on breach of personal data and how to secure it, recover it or take further action on it’

‘Erik Jonkman has a great knowledge of cyber incidents and how to guide the initial process in case of a new cyber incident. His is also specialist in the loss of personal data and the GDPR ’

‘Erik Jonkman stands out professionally in all what he does. He is customer-sensitive, has an eye for urgency and being to the point, very knowledgeable, puts your mind at ease, helpful, strong in communication and analysing the problem, creating a strategy, and finally thinking about all possible what-if scenarios. Great individual!’

‘Erik Jonkman is a top lawyer in his field, top legal advices, high quality service, practical, focused on the case and fast. Extremely driven and service-oriented. Highly recommended professional. ’

‘In short I think the people of the team are very well qualified and driven which makes them like a partner in crime while delivering their services. They are always answering their phone and very cooperative. Just a pleasure to work with.’

‘The team we worked with at CMS were very professional, high level of in-depth knowledge, approachable and in general pleasant to work with.’

‘Erik Jonkman had guided us through our data privacy & protection project with a lot of knowledge, patience, and professionalism. We would recommend him (and the team) to others when needing legal advice on these topics.’

Key clients









Arcelor Mital



I-SEC International Security


ID Logistics

Corten Capital

Work highlights

  • Advising AIG on cyber security incidents and data breaches for AIG cyber insureds.
  • Advising Chubb on cyber security incidents and data breaches for Chubb cyber insureds.
  • Advising Beazley on cyber security incidents and data breaches for Beazley cyber insureds.


Dentons assists international and Dutch companies with a slew of cross-border privacy and cybersecurity issues. The team has been increasingly involved with matters involving emerging legislation, such as the use of non-personal data. Clients of the firm largely come from technology, finance, hotel, retail and manufacturing sectors. Rosemarie Schaar is particularly knowledgeable on IT contracts and data protection issues in the finance services industry.

Other key lawyers:

Rosemarie Schaar


‘They provide prompt and practical solutions, always taking in consideration the business side of the issue and therefore balancing the various needs under a business and legal point of views. I trust them and I really enjoy working with them.’

‘Dentons Data privacy and data protection practice has a very strong global reach and that is necessary with such a practice as data tends to travel without borders.’

‘The care and individual attention we get is what matters the most. Their thorough in depth understanding of our business, the commercial model and the industries we serve make that this is and continuous to be an invaluable extension of our team. ’

‘A true gem, always fast, ready to move and provide practical assistance where you need it. They are our IT and Privacy eyes and ears on the ground, thinking ahead without over-legalizing.’

Rosemarie Schaar is a hands-on associate, who is very communicative and interested.’

Key clients


Analog Devices

CNA Hardy


Feld Entertainment

Foot Locker

ING Bank

Mattr (f/k/a Shawcor)



Playa Hotels & Resorts

Prisma AI




Stichting 113


The Social Hub

Unibail-Rodamco Westfield



Work highlights

  • Advised DuckDuckGo on a variety of data protection and e-commerce matters, including in respect of the global launch of its subscription bundle.
  • Advising Foot Locker on managing a consistent EU data privacy framework as well as on various e-commerce matters.
  • Advising ING Bank on the renewal of its binding corporate rules.

Eversheds Sutherland

Olaf Van Haperen leads the data privacy practice at Eversheds Sutherland . The firm regularly advises on regulatory data privacy and protection issues, as well as handles cybersecurity matters such as data breaches. Clientele range from TMT companies to data centres, science institutions, and healthcare insurers. Van Haperen is an expert in IP, IT, privacy and cybersecurity issues, combining his knowledge of these sectors to advise technology and science-driven clients. Robbert Santifort assists a range of clients with matters involving personal data, data processing, and data breaches. Also noted is Judith Vieberink who aids with cybersecurity incident responses and the intersection between IT and data privacy.

Practice head(s):

Olaf van Haperen

Other key lawyers:

Robbert Santifort; Judith Vieberink


‘Eversheds’ Dutch privacy team is strongly connected to their international privacy and tech colleagues and is able to provide cross-border advise and documentation to support fast-growing international organisations. ’

‘The team is able to translate the applicable regulations to our specific business. Robert Santifort in particular has been willing to act as sparring partner to help me fine tune my own ideas.’

Key clients

Cyrus One








Zorgverzekeraars Nederland

Kering Group

Everest Re

Gibson Brands




Zorginstituut Nederland



Work highlights

  • Advised GETIR on the transfer of customer data after the acquisition of Gorillas.
  • Advised Aegon on a large cross border re-insurance deal involving portfolios with large amounts of personal data.
  • Represented Zorgverzekeraars Nederland in an important legislative procedure including data protection assessments.

Freshfields Bruckhaus Deringer

The data and cyber group at Freshfields Bruckhaus Deringer sits as part of the wider dispute resolution practice; the team advises on data compliance projects, data incidents, transactional work involving data, and regulatory issues. The Amsterdam-based group works closely with its wider international practice to assist in a range of cross-border data-related issues. Financial institutions are key clients of the firm. Mark Egeler heads up the group focusing on data protection, e-privacy, compliance, and data governance issues as well as data-heavy transactional matters.

Practice head(s):

Rutger Kleemans; Mark Egeler

Key clients




RELX Group

CVC Capital Partners

Advent International


The Goldman Sachs Group, Inc.

Essent NV


Work highlights

  • Advising Macromill on its sale of MetrixLab to the leading global insights technology and panel provider Toluna.
  • Advising a major technology company on various proceedings in front of the responsible supervisory authority including the implementation of the requirements of the new data and technology regulations in the EU and in the world.

Greenberg Traurig LLP

Greenberg Traurig LLP advises a range of clients, including notable entities in the technology and public sectors. The team routinely handles matters involving the GDPR, data compliance, and cybersecurity threats. Practice head Herald Jongen specialises in IT outsourcing, data protection, and complex transactions and is supported by Nienke Bernard who mainly assists the Dutch state and education sector in data privacy issues. Emre Yildirim and Wouter van Wengen are also key to the team.

Practice head(s):

Herald Jongen

Other key lawyers:

Nienke Bernard; Emre Yildirim; Wouter van Wengen


‘Greenberg Traurig is very responsive and delivers on time at any request.’

‘Easy going, open minded people. Specialists for different topics.’

‘The ability to execute based on recent knowledge and experience and advise clients in a fast and pragmatic way on topics of privacy.’

‘Pragmatic, no-nonsense that results in quick -always same day- responses to client questions. The ability to quickly gain insight in clients needs and wants results in good results after negotiations.’

‘The team is very dedicated, always available for questions and support. Very skilled not only on content but also on process.’

‘Harold Jongen is a specialised privacy lawyer, knows his field. Dealing with Big Tech is his specialty, he knows the way of working of counterparts. His approach lets the other party move in the right direction. Nienke Bernard is a very specialised privacy lawyer, ready to be consulted, no matter what time it is. Give the client the opportunity to operate by itself knowing that this specialist is ready to advise or step in if needed. ’

Key clients

State of the Netherlands (Ministry of Defence)

State of the Netherlands (Ministry of Justice and Security)

State of the Netherlands (Ministry of Education & Science)



Athora Netherlands N.V.

Anonos, Inc.


Messagebird B.V.


European Stability Management (ESM)

Work highlights

  • Assisted the State of the Netherlands on their landmark deal with AWS to enable government-wide use of their cloud services.
  • Assisted Athora Netherlands N.V. on a major outsourcing deal involving insurance portfolios and IT services.
  • Advising Anonos, Inc. on their data embassy tool’s compliance with the data protection rules.


Regulatory enforcement and litigation alongside data compliance and privacy advice are all handled by the data team at Houthoff. The team sits within the IP and IT practice and has been increasingly working on issues such as profiling, automated decision-making, and representing clients before the European Data Protection Supervisor (EDPS). Chairing the practice, TMT expert Thomas de Weerd handles both privacy and cybersecurity issues. Jurre Reus is key to the practice, he focuses on tech and platform-related data issues and is also particularly adept at matters involving mobility and automotive industries. Nicole Bilderbeek advises clients on the GDPR.

Practice head(s):

Thomas de Weerd

Other key lawyers:

Jurre Reus; Nicole Bilderbeek


‘The team shows a high level of knowledge both in automotive and the juridical field. They know what is happening in the automotive sector in the Netherlands and in Europe. Not only do they give answers and advice, they have an added value in supporting our business processes.’

‘Jurre Reus is highly valued senior associate who makes the perfect match between European and local privacy law. He always reacts promptly to our requests and he is always willing to go for the extra mile. He thinks further than only answering the questions and challenges us with his in depth questions. ’

‘The Houthoff team is comprised of real professionals. We have a very short line to contact them and to discuss eventual information related to an specific case. We built a very good working relationship with them and I see them more as real colleagues than as an external partner. They take every single case very serious. ’

‘Very high standard, approachable and business minded. ’

‘Jurre Reus is our go to person with regard to IP and GDPR related matters. He is hands-on, has excellent knowledge, is on top of what is going on in the market and delivers pragmatic advice. ’

‘The people – all team members are very well versed in their chosen specialty and have provided exceptional service. Knowledge of the specialist area of Data privacy and data protection has been impressive vs other practices we have dealt with.’

‘Always willing to go above and beyond, working on tight timelines, and making themselves available at short notice and at all timings given we have colleagues across time zones.’

‘A very professional organisation with a lot of expertise’

Key clients

Marktplaats (part of Adevinta) (part of Adevinta)

Schiphol Airport

Kia Nederland

Royal VolkerWessels

Ola Cabs

Renault Groupe and Renault Nederland

RDW (national Vehicle Licensing Authority)

Hyundai Motor Netherlands and Hyundai Motor Europe

Ford Nederland and Ford Motor Corporation

Goodix Technology

Huawei Digital Power Technologies

Volvo Car Corporation

Tesla Motors

Polestar Automotive


Pensioenfonds Detailhandel

Nebu (part of Enghouse Systems)

InShared (part of the Achmea group)


Work highlights

  • Advised Marktplaats and on ‘DAC7’ (EU Directive 2021/514), an EU Tax Directive which imposes strict requirements on online platforms to report user activity on their platforms to the Tax Authorities.
  • Represented Ola Cabs (its Dutch subsidiary Ola Netherlands B.V.) in a case of three London app drivers invoking their data protection rights to get personal data and other information from Ola Cabs before the Amsterdam Court of Appeal.
  • Representing an individual in complaints proceedings with the Brussels’ European Data Protection Supervisor (EDPS) regarding the handling of an access request and the alleged unlawful processing of personal data by Europol.


The Benelux-based data protection and cybersecurity team at NautaDutilh primarily handles data protection compliance issues, advising its local and international clients on data privacy matters that often cross over into other practice areas such as finance and employment. Other than advisory work, the team also handles data protection litigation such as contentious data subject rights requests and issues involving sensitive personal data. TMT specialist Joris Willems leads the practice focusing on IT outsourcing, data monetisation, and cyber security. Terrence Dom, Sarah Zadeh, Danique Knibbeler, and Anke Holtland all assist with the full range of data privacy matters.

Practice head(s):

Joris Willems

Other key lawyers:

Terrence Dom; Sarah Zadeh; Danique Knibbele; Anke Holtland

Key clients


American Express

ASR Nederland



CBRE Global Investors


Dynamic Credit

Ginkgo Bioworks


HAL Investments

ING Bank


Knab Bank (Aegon Bank)

Keensight Capital

Levine Leichtman Capital

Lineage Logistics

Nationaal Park De Hoge Veluwe


NPM Capital



RTL Group

Tata Consultancy Services

Triodos Bank (nu publishable)


International Card Services



Work highlights

  • Assisting ASR on all privacy and technology aspects of their acquisition of AEGON Nederland.
  • Advising Prosus on the launch of their PlusOne AI tool.
  • Representing the Association des Américains Accidentels (Accidental Americans Association) in a case before the Belgian, Dutch and Luxembourg tax authorities, data protection authorities, and the Luxembourg administrative courts regarding the transfer of personal data under the FATCA agreements.

Osborne Clarke

Osborne Clarke focuses its practice on technology, media, and telecoms sectors, enabling it to advise on online advertising and marketing, virtual and augmented reality, as well as e-commerce. The team advises large multinational technology companies on data protection issues as well as retail, healthcare, hotels, and leisure industries. The practice is led by Joanne Zaaijer, who is well-versed in many areas of data privacy including cross-border data transfers, GDPR compliance, implementing privacy policies, and telecom specific legal and regulatory data issues. Senior associate Dewi Harkink joined the firm in April 2023 from Van Iersel Luchtman Advocaten and combines his specialist knowledge in IT with data privacy and data protection.

Practice head(s):

Joanne Zaaijer; Coen Barneveld Binkhuysen

Other key lawyers:

Dewi Harkink


‘Dewi Harkink has thorough knowledge of all privacy related matters and is able to provide practical advice in a swift and efficient manner.’

‘The team members strive to understand our technology and business in detail. Joanne Zaaijer is a great professional who combines excellent knowledge of data privacy, a sense of urgency, flexibility and a practical approach to legal advice. ’

‘I have worked with Joanne Zaaijer from this team and I really appreciated her pragmatic approach on GDPR. She can explain very clearly what GDPR entails and how this should be translated into our daily practice.’

‘What makes Osborne Clarke’s team truly unique is the in-depth expertise of its members. They possess a profound understanding of data protection laws and their knowledge is not only comprehensive but also continually updated to reflect the ever-evolving legal landscape. In addition, the team has a client-centric approach while dealing with the cases. Furthermore, they excel at explaining complex legal matters, providing clients with clear and accessible understanding throughout the process, thus empowering them to make informed decisions.

‘I would like to express my appreciation for the exceptional work Joanne Zaaijer have consistently delivered during our professional collaborations. Her standout qualities have made a lasting impression on me. Her profound understanding of the data protection & privacy law is truly remarkable. Her ability to navigate complex legal issues with precision and her talent for addressing complex case details have not only impressed me but also played a crucial role in achieving successful outcomes for our clients. Joanne’s unwavering commitment to the best interests of her clients is also truly commendable. She approaches each case with a genuine passion, ensuring that the clients’ needs are met comprehensively.’

‘Joanne Zaaijer is very knowledgeable and stands out for her practical and solution-oriented approach, ensuring that clients receive not only sound legal advice but also actionable recommendations that align with their business objectives. Joanne maintains composure in high-pressure situations and is friendly and approachable, making it easy for clients to communicate their concerns and questions. ’

‘Osborne Clarke’s data privacy team is very knowledgeable, on top of most recent developments and very hands-on. Response time is superb, advice is pragmatic and pro-active. We have not worked with the partner of this team, only with Dewi Harkink, the senior associate on the team. That is a compliment in itself, to both the team, the partner but mainly to the senior associate.’

‘Dewi Harkink is very dedicated, an expert in the data privacy field and truly a trusted advisor. He is smart, pragmatic and a pleasure to work with.’

Key clients

Meta (previously Facebook)






Weight Watchers





Work highlights

  • Assisting Meta with a wide variety of matters on a continuous basis, mainly in relation to Facebook, Instagram and general advertising matters.
  • Advising Google Ireland Ltd. on the Digital Services Act and updates on a regular basis on the local implementation of the Omnibus Directive and the effect it has on Google’s services in the Netherlands.
  • Advising Henkel on data protection law, including providing training to its employees who are responsible for certain processing operations, advice in the event of data breaches, assessing its data processing role with third party vendors and assisting with the review and negotiation of data protection agreements.


Stibbe mainly advises clients on data compliance regulations and ensuring that clients can keep up-to-date with new legislative requirements. The team assists the firms’ finance, employment, and administrative law practices with data privacy and data protection aspects of their work. Cyber insurance is also a notable focus of the practice. Team lead Nynke Brouwer is a specialist in cyber security and cyber insurance issues, she handles advisory and contentious work for clients such as insurers, brokers, healthcare, and public authorities. Frederiek Fernhout is also noted.

Practice head(s):

Nynke Brouwer

Other key lawyers:

Frederiek Fernhout

Key clients

The Dutch State





Work highlights

  • Advised APG on data protection issues regarding vitality of employees
  • Advised TNO on data protection issues regarding sick absence of employees, including the use of complex anonymization techniques.
  • Advised the Dutch State on data protection issues, e.g. the DPIA, regarding new legislation on levying toll.

Turing Law

Recently established boutique firm Turing Law has continued to grow in the data privacy space focusing on international and national companies in the public sector, advising on GDPR compliance, contract reviewing, data transfers, and data security. The firm merged with an IT specialist firm Lawrence Privacy (Due Diligence) & Tech, welcoming  Jeroen van Woezik to the team in August 2023, bringing specific expertise on data privacy in relation to M&A transactions. The team is jointly led by Huub de Jong and Tom de Wit who both assist on a range of complex privacy mandates. Also key to the team are Marijn Rooke who mainly assists healthcare clients with data privacy issues and Corine d’Hulst who assists with privacy contracts.

Practice head(s):

Huub de Jong; Tom de Wit

Other key lawyers:

Jeroen van Woezik; Marijn Rooke; Corine d’Hulst; Esmée Fonville; Moo Miero


Turing advocaten is a great firm that really understands the needs of a major IT-company and  their agility and fast pacing resourcefulness have been detrimental. Tom de Wit is a great and unique lawyer that can quickly disentangle a very complex situation. Especially navigating the complex regulatory field makes him an ideal partner to your organisation.

‘A young, dynamic and highly specialist IT focused law firm. They offer a valuable combination of excellent legal expertise and a commercial business mindset. Huub de Jong is a well respected authority in privacy who provides valuable advise on complex privacy issues that my client faces.’

‘Immensely knowledgeable team, which operates smoothly with and alongside our legal team. Corine is absolutely a star; she’s very responsive and goes out of her way to service our needs.’

Key clients

Zorg van de Zaak Netwerk

Nederlands Centrum Jeugdgezondheidszorg

Patiëntenfederatie Nederland

Ministry of Education, Culture and Science





The Next Web (Financial Times)

Zuyderland Medisch Centrum

Stichting CJG Rijnmond

Stichting verslavingsreclassering GGZ (SVG)

Deutsche Leasing

WeTransfer Supporting Act


Twise Victory Publishing (Oei, ik groei / Wonder Weeks)

Work highlights

  • Representing a client in an investigation by the Dutch supervisory authority into a high profile case.
  • Assisting a large software supplier with a privacy due diligence for the acquisition of a health care platform that supports collaboration between professionals within the healthcare sector.
  • Advising on responsible secondary use of health data of more than one million people for statistical and research purposes.

bureau Brandeis

Specialist dispute resolution and prevention firm bureau Brandeis handles a mix of contentious and non-contentious data protection mandates. Collective actions and other litigation issues are also a focus for the practice, which has a track record of work in areas such as telecoms. Vita Zwaan and Christiaan Alberdingk Thijm jointly lead the team.

Practice head(s):

Vita Zwaan; Christiaan Alberdingk Thijm

Other key lawyers:

Jacob van de Velde; Sarah Stapel; Silvia van Schaik; Minke Gommer


‘We mostly work with Vita Zwaan. We very much value Vita for — even in the most complex matters — being able to provide us with very pragmatic and accurate advice of the highest quality. Vita is very knowledgeable, which makes it very pleasant to work with her and easy to just quickly call her whenever we do not have a lot of time but still want to run things by her. Vita is also reliable and remains at our disposal 24/7 — even outside of business hours we can always count on her support if we need it. ’

‘Vita Zwaan is very knowledgeable, always available on short notice, and able to translate complex/abstract legal matters to others without legal background. Vita always looks for ways to enable our business needs and has guided (and regularly guides) us through setting up our customer loyalty programs and e-commerce ventures. ’

‘Bureau Brandeis has exhibited exceptional patience and a high level of expertise in GDPR matters. I’d like to highlight is their invaluable assistance in guiding us towards an inclusive approach to our privacy policies and protocols. Additionally, they have been instrumental in helping us navigate the complexities of GDPR within municipal and other governmental systems.’

‘Hands-on, practical mindset, yet very good knowledge of applicable laws and regulations. Strong feeling for (international) business relations.’

‘Vita Zwaan is very nice to work with. She is very approachable, understands the clients needs quickly and is able to translate them to very usable advices and working documents such as agreements ’

‘Christiaan Alberdingk Thijm is a well respected lawyer in this field, boasting a high reputation and is very well known in media. Academic connection as well.’

‘Christiaan Alberdingk Thym has a unique multidisciplinary approach, as he is also a copyright and media expert, which is often very useful in the field of data protection and data privacy. Vita Zwaan is the other partner with whom I love to work.’

Key clients



Dutch Digital Agencies

Fieldlab Evenementen


The Privacy Collective

Stichting Massaschade & Consument

Civinc B.V. and Stichting Civinc




deBreij B.V.




Maxeda DIY Group

Work highlights

  • Represented Stichting Massachade & Consument in a case against TikTok before the District Court of Amsterdam in one of the collective damages actions based on the GDPR and the new Dutch collective claim regime.
  • Assisted Pathé with updating its internal and external privacy policies, taking into consideration its new business ventures, partnerships and corresponding processing activities, including a review of its privacy statements, data processing agreements and the register of processing activities.
  • Advised Studocu on the possibilities for commercial communication and advertising, taking into consideration recent decisions and case law regarding (behavioural) targeting and analytics.

Holla legal & tax

The privacy team at Holla legal & tax is based in ‘s-Hertogenbosch and has sector-specific expertise in e-sports, healthcare, recruitment, and public entities. The practice largely advises on GDPR issues and other data protection matters and is sought out for its skills in international data transfers. Kim de Bonth leads the team and combines her knowledge of IT contracting and data protection law to assist clients. Femmie Schets aids clients with international data transfers and advises on any potential data breaches.

Practice head(s):

Kim de Bonth

Other key lawyers:

Femmie Schets


Holla’s data protection team is able to understand the privacy issue of the client in a short time and provide a good analysis of the options available to the client. Care is taken to provide realistic advice. The team is strong in analysing recent judicial decisions. The team investigated the interaction between the AI ​​Act and the GDPR.’

‘Femmie Schets is an ambitious lawyer with a broad knowledge of Privacy and GDPR regulations. Her way of working is characterized by quickly getting to the heart of the matter. She is able to report the results of her research in a compact paper. In consultation with the customer Femmie knows how to find the right tone and after her research she knows how to present her results in a convincing manner.’

‘From the initial contact they showed full comprehension on the matter at stake and were able, by focused questioning, to assess the situation, the context and it’s complexity at full. By doing so they differentiated from the competition who initially only responded with trivial replies. Even though the context of the case was quite complex they we’re able to make clear to all involved actors what would be required for each discipline and provided good advice to do so.’

Key clients


Vitalis WoonZorg Groep

IFG Pensions Ltd (UK)

Celegence LLC / Qdossier B.V.

Talent Inc. / Imkey B.V. (‘’)

Innovatie nul13 B.V.

Liquid Enterprises B.V. (‘Team Liquid’)

Kiwa N.V.

Ricoh Nederland B.V.

Enigma Distribution Benelux B.V. (‘Asmodee’)

OTTO Work Force B.V. and Kafra Vastgoed B.V.

Würth Elektronik Nederland B.V.

Forbo Flooring B.V. (‘Forbo Flooring Systems’)

Spotmaster B.V.

Brabant Water N.V.

Stichting PCOU Willibrord

TeleQare Europe B.V.

PIDZ Zorg B.V. / Qrabbl B.V.

Stichting BrabantZorg

Regionale Ambulancevoorziening Brabant Midden-West Noord.

Work highlights

  • Advised Talent Company Inc. on becoming GDPR-compliant. this included topics such as international data transfers, accountability, transparency and direct marketing.
  • Advised Celegence LLC on international data transfers. Holla performed the privacy scan for Celegence to understand Celegence’s data flows and organisational structure.
  • Assisted Innovatie nul13 with proceedings before the Dutch data protection regulator, the Dutch DPA. Successfully defended Innovatie nul13’s interest at the Dutch Authority.


Ploum is sought-out by clients for its expertise in e-health data protection matters, regularly advising and assisting life sciences and health care companies with a slew of data and cybersecurity issues. The team is also adept at advising on marketing and e-commerce sectors, including issues relating to processing employee data and international data transfers. The privacy team is co-headed by Dennis Zieren and Dorine ten Brink who are well-versed in issues that span IT and data privacy including contracts and data transfers. Nina Witt is also noted for her knowledge on privacy in the health care sector.

Practice head(s):

Dennis Zieren; Dorine ten Brink

Other key lawyers:

Nina Witt; Anamika Wilbrink


‘Each team member has his or her own expertise. So combined that makes a great team.’

‘They are familiar with our company and the way we work combined with up to date and in depth knowledge of the privacy laws & legislation.’

Key clients

Codeless Technology B.V.

CleanLease B.V.

BovenMaas Prenataal B.V.

Young Perfect B.V. (Eatertainment)

Portbase B.V.

Hutchison Ports Delta II

Arbo Unie B.V.



Work highlights

  • Assisted CleanLease B.V. with further mapping the data processing activities of its entities in the Netherlands and Belgium. The privacy team has updated and drafted various documents, such as the register of processing activities and several data protection policies, in order to ensure GDPR compliance.
  • Assisted BovenMaas Prenataal B.V. with how to handle patient files to be kept for years, in case a care institution would ever be dissolved.
  • Advised Portbase B.V. on several privacy matters, e.g., with regard to the use of a new data platform in which multiple parties (providers and users) are able to share and view data.

SOLV Advocaten

SOLV Advocaten is known for its internet and technology focus, assisting technology-driven clients such as software and e-commerce platforms with data protection and privacy issues. In particular the team handles a number of class actions in this space. The team is co-led by Douwe Linders and Wanda Van Kerkvoorden. Thomas Van Essen left the firm in March 2023.

Practice head(s):

Douwe Linders; Wanda van Kerkvoorden

Other key lawyers:

Yentl van den Winkel

Key clients

Jumbo Supermarkets


Holland Casino

Sanoma Learning


Stichting ICAM


Work highlights

  • Representing SOMI Foundation in a €1.4bn data privacy class action against TikTok.
  • Representing Foundation ICAM in a €3.2bn data privacy class action against the Dutch State.
  • Advising Multi Tank Card on GDPR related issues of Qrid, a platform for electric vehicle charging.

Taylor Wessing

As part of the wider technology and data practice, the data privacy team at Taylor Wessing is led by Otto Sleeking , who leads on IT-related data protection issues such as data processing agreements, security measures, and data transfers. The firm also handles data breaches and technology-related disputes. Complex cross-border issues are also a key area for the practice which assists a myriad of technology clients from start-ups to international companies. Martijn Loth excels in technology-related issues and assists with data protection regulatory compliance.

Practice head(s):

Otto Sleeking

Other key lawyers:

Martijn Loth


‘I would strongly recommend Martijn Loth. Excellent lawyer who is always focused on rendering solid and pragmatic solutions. He is also an excellent litigator and negotiator and knows how to de-escalate disputes. ’

‘Small team, but very knowledgeable.’

‘Martijn Loth is an expert on both law and IT and therefore really pleasant to work with.’

Key clients



Homefashion Group (Leen Bakker & Kwantum)

ING Bank N.V.

Kawasaki Motors Europe NV


Lidl Nederland GmbH

Match Worn Shirt


Sociale Verzekeringsbank


Technische Unie BV / Sonepar Group

Technische Universiteit Delft (TU Delft)

The NU



Work highlights

  • Assisting ING Bank with an extensive project regarding the use of electronic signatures, eIDAS-compliance and related cybersecurity & data protection (and outsourcing) issues.
  • Assisted Sony with their acquisition of Beyond Sports, a data and AI company.
  • Advised a €10bn+ revenue corporate group active in the energy sector on a multi-jurisdictional data breach.

Vondst Advocaten N.V

Vondst Advocaten N.V assists with GDPR compliance, as well as related matters such as data privacy issues related to M&A deals, assisting clients with investigations that arise as well as data breach notifications. Innovative businesses make up a portion of the firm’s client base from sectors including retail, media and clinical research. Practice head Herwin Roerdink is experienced in data protection and online marketing matters, often lecturing on e-privacy law. IT specialist Polo van der Putt assists with issues involving new technology, while newly promoted partner Tineke van de Bunt is well-versed on GDPR compliance audits and M&A data privacy mandates.

Practice head(s):

Herwin Roerdink

Other key lawyers:

Polo van der Putt; Tineke van de Bunt


‘A down to earth expert team that always delivers, cooperates, thinks along and is always available. What it differentiates from other legal companies is the personal touch due to it’s relatively small practice. Innovations have been in legal counselling.’

‘It is especially Herwin Roerdink that stands out for me. Knowledge translated to practice.’

‘Herwin Roerdink & Tinke van de Bunt: Great availability, very efficient, and always deliver on time.’

‘In our experience, finding legal professionals that truly understand privacy are rare. Therefore we were very pleased to find Vondst Advocaten to assist us in this regard.’

‘Generally, we take to take a pragmatic view in respect of our contractual agreements, therefore we need to work alongside a legal team that thinks similarly. We have found this to be the case with Vonst Advocaten and especially Teneke van de Bunt.’

Key clients


Dutch Postcode Lottery


Bergman Clinics

Credit Europe Bank


Retail Unity

The DPO Center

Hunton Andrews Kurth (new referrer)