Data privacy and data protection in Netherlands


Brinkhof stands out in the market for its involvement in innovative and novel data protection mandates, and is particularly noted for its expertise in Data Protection Authority (DPA) investigations. Recent highlights include advising Google on a data protection impact assessment commissioned by the state government into its GSuite cloud services and use by government bodies, and acting for various publishers in an investigation by the Dutch DPA relating to the use of cookie walls on their websites. The highly regarded Quinten Kroes leads the practice, which also includes Remy Chavannes – who specialises in online platform-related matters – alongside counsel Dorien Verhulst and senior associate Anke Strijbos, who worked closely with Chavannes in Google's right to be forgotten cases.

Practice head(s):

Quinten Kroes

Other key lawyers:

Remy Chavannes; Dorien Verhulst; Anke Strijbos; Manon Oostveen


‘In-depth knowledge, on top of latest developments in the marketplace, pragmatic and concrete advice, offering interesting workshops for clients.’

‘Brinkhof has a way of communicating with its clients in a personal and professional way; they make it a point to understand the question you would like advice on, without taking more time than necessary. Furthermore, they are receptive of feedback and take the time to explain their reasoning in clear wording.’

‘Both Quinten Kroes and Manon Oostveen have a very personalised approach. Where with other firms you might get the feeling that you are one client out of many, and providing advice is a check-the-box exercise, this is definitely not the case with Brinkhof. Expertise and dedicated attention are combined really well in order to address the issue at hand.’

Key clients











Work highlights

  • Advising VoetbalTV on an investigation by the Dutch DPA into its filming and online distribution of amateur football matches involving an untested, new interpretation of the GDPR.
  • Advising Google on a data protection impact assessment undertaken on behalf of the national government into the potential use of Google’s cloud services by government bodies.
  • Advising a number of national newspaper publishers on an investigation by the Dutch DPA into the use of cookie walls on websites, a case that is likely to have a major impact on all ad-supported online websites.

De Brauw Blackstone Westbroek

As 'the absolute go-to firm in the Netherlands for high-profile data privacy matters', De Brauw Blackstone Westbroek is a key name in the market for enforcement mandates and data litigation, handling work for a notable client roster which includes Facebook, Uber and Senior associate Axel Arnbak jointly leads the practice with Geert Potjewijd, who recently rejoined the group after a stint as the firm's managing partner. The team's wide-ranging expertise encompasses handling enforcement actions, damages claims, cybersecurity issues, competition-related work and transactional matters. Arjan Kleinhout advises on matters at the cross section of privacy and public law.

Practice head(s):

Geert Potjewijd; Axel Arnbak

Other key lawyers:

Arjan Kleinhout


‘Axel Arnbak has a high level of knowledge. Clients are big companies in diverse markets, therefore providing experience and knowledge of the complete field of working. Well-connected in the field so he always has knowledge of the latest developments. Thinks ahead, considering future developments which has a great added value. Quickly available if needed.’

‘Brilliant team, excellent knowledge, always available to help out and extremely organised. ’

‘Geert Potjewijd and his team bring a wealth of knowledge and experience. They are true experts in the field, but are also super organised and proactive. Axel Arnbak is an associate to watch out for; he is very connected and a brilliant lawyer.’

‘The absolute go-to firm in The Netherlands for high-profile data privacy matters. The De Brauw privacy team is integrated into their broader advisory and litigation practice, without compromising on in-depth knowledge of data protection laws. This allows the team to give top-quality advice in high-profile matters that require a bigger picture view. The team is very good at providing pragmatic advice based on excellent legal and strategic analysis. ’

‘Geert Potjewijd is an incredibly sharp lawyer who always thinks multiple steps ahead. Calm, friendly and an excellent strategist. He stands out from other data privacy experts through his broad legal knowledge, pragmatic approach and sharp strategic mind. Axel Arnbak is one of the top experts on data privacy and data protection laws. He brings a fresh, pragmatic approach and always seems to find creative solutions.

‘A very professional team and very pleasant to work with. They have in-depth knowledge of data protection legislation and administrative law combined with being tech savvy. They are the must go firm when needing advice on investigations by data protection authorities.’

‘Arjan Kleinhout is a highly qualified lawyer with extensive knowledge of administrative law and a broad experience with investigations of regulators. His advice is sharp, to-the-point, but also pragmatic.’

‘De Brauw particularly shines in litigation related to privacy, data protection and cyber security. The practice has deep understanding of and experience in Dutch litigation combined with excellent knowledge and a track record in data protection & cyber security.’

Key clients






Public Interest Litigation Project (PILP)

Talpa Network

Port of Rotterdam

Dutch Chamber of Commerce

NN Group


Work highlights

  • Acting as counsel for Facebook in mass claims for alleged data protection violations initiated by a claims foundation and the Dutch Consumer organisation (Consumentenbond) before a Dutch court on behalf of Facebook users in the EU.
  • Represented Uber in litigation before the Amsterdam court initiated by four drivers from the UK demanding access to their personal data and information on Uber’s AI algorithm used to profile drivers.
  • Defending Salesforce in a mass claim brought against Salesforce and Oracle on behalf of Dutch and English residents claiming €10bn in damages for GDPR infringements.

Kennedy Van der Laan

Under the leadership of the highly experienced Hester de VriesKennedy Van der Laan's privacy team is a key name for mandates spanning the data and technology sectors; the group also advises on the full range of data matters with a notable focus on commercial data issues and big data work. The practice's expertise includes advising on matters in the media, telecoms, financial and healthcare sectors, and has recently expanded to include issues relating to smart cities. Quirine Tjeenk Willink is another key name, and combines her privacy experience with expertise in administrative enforcement law. Senior associates Rosalie Brand and Elise Troll are also singled out.

Practice head(s):

Hester de Vries

Other key lawyers:

Quirine Tjeenk Willink; Rosalie Brand; Elise Troll

Key clients


Vrije Universiteit

Stichting BKR

Ministry of Health, Welfare and Sports


Work highlights

  • Assisted TNT/FedEx with obtaining regulator approval for its Binding Corporate Rules (BCR) for the exchange of personal data within the group, and coordinating the BCR-implementation within the group over 62 countries.
  • Representing Stichting BKR (the Dutch foundation for credit registration and registration of overdue debts) in legal proceedings against the Dutch Data Protection Authority (DPA) relating to a fine imposed by the DPA for an alleged breach of the rules for the right of access to personal data.
  • Advising Vrije Universiteit Amsterdam on several data protection matters, including GDPR compliance.

Van Doorne

The 'hands-on, practical and pragmatic' team at Van Doorne is led by Elisabeth Thole, who clients praise as 'one of the best lawyers in the Netherlands' and 'a go-to person for data protection advice'. The dedicated practice focuses its efforts on five distinct areas of data protection work: GDPR compliance, GDPR regulatory matters, data breaches, data infrastructure mandates and e-commerce issues. It is also involved in novel issues relating to data including AI work, issues arising from the use of algorithms, fintech mandates and blockchain matters. At associate level, Özer Zivali is a key name for cross-border data work with particular expertise in the finance and retail sectors.

Practice head(s):

Elisabeth Thole

Other key lawyers:

Özer Zivali


‘The team is lead by charismatic and solution-oriented Elisabeth Thole. She has an extremely good standing in the Netherlands and the EU data protection community. Elisabeth is also a strong leader. She makes the difference.’

‘Van Doorne team is the authority in privacy, IT and cybersecurity. They not only have profound knowledge and experience in this field, but speak the language of peers in directly related (IT, PR) fields.’

‘Having been able to work with Elisabeth Thole for a number of years, you come to appreciate not only her authority in her field, but her entrepreneurship, her recognition of qualities and accomplishments of others, and above all, the fact that she is very approachable.’

‘I have worked with Elisabeth Thole on data protection matters for more than a decade. She and her team have extensive knowledge about the challenges companies face with respect to data protection.’

‘Elisabeth Thole is my go-to person for data protection advice in the Netherlands. Her advice is always clear and prompt with an understanding of the commercial setting.’

‘Van Doorne’s lawyers are very aware of the latest developments in the field of privacy law, work meticulously and decisively, and fight for the interests of their client to the last decimal point. In my experience, the lawyers of Van Doorne not only respond to the question that has been asked, but also go deeper into the circumstances that led to that question.’

‘Elisabeth Thole is one of best lawyers in Netherland and her knowledge and way of working is great.’

‘Hands-on, very practical and pragmatic.’

Key clients



Central Works Council of TNT


Gelre ZIekenhuizen


Jacobs Douwe Egberts (JDE)

Office Depot

PSO Nederland


Texas Instruments

TU/e (Eindhoven University of Technology)


Work highlights

  • Assisted Stichting Gelre Ziekenhuizen (Gelre Hospitals) on a long-term agreement with a health insurance company, involving extensive GDPR-related issues.
  • Assisting IDEXX Europe  with various cross-border GDPR-related compliance matters, coordinating with other firms in the EU, on a continuous basis.
  • Providing cyber response services to customers of HDI via its Cyber+ insurance policy, helping its customers with the legal and technical consequences of a cyber incident.

Baker McKenzie

Baker McKenzie fields a team 'which solves problems in a way that is pragmatic, practical and easy to understand' for a client roster of global banks, internet technology companies, luxury and food multinationals and technology consultancies. The group is jointly led by technology expert Wouter Seinen and labour law specialist Remke Scheepstra, who handles data mandates with an employment aspect; the practice also includes a dedicated privacy and cybersecurity compliance adviser. It handles a full range of data work including investigations, data breach incidents and compliance issues relating to US discovery proceedings. Clients also benefit from the firm's bespoke data privacy helpline and it's iG360 data governance technology platform.

Practice head(s):

Wouter Seinen; Remke Scheepstra

Other key lawyers:

Andre Walter


‘The privacy Team of Baker Amsterdam, especially Wouter Seinen and Andre Walter, is a team that solves your problems in a way that is pragmatic, practical and easy to understand. They don’t use long difficult to understand memo’s or long difficult to read/understand legal opinions. They give easy to follow advice, as if they were part of your in-house team; they understand your business and they don’t hesitate to be honest and clear also when things are not easy to solve.’

‘Wouter Seinen and Andre Walter are easy to talk to, highly knowledgeable, experienced in national and international privacy legislation, have a good solid pragmatic approach of issues, adding high-quality value to my organisation. Besides that they are nice guys, and have a good sense of humour and great communication skills. As said, I can recommend both without any hesitation to any business that needs good, solid practical and pragmatic privacy advice. ’

‘A competent, fast-acting and pragmatic team.’

‘Andre Walter is always ready to help out, regardless of the day or time! Very knowledgeable on the relevant GDPR matters, specifically in the complicated AI domain where we operate. Wouter Seinen has good insights into the data compliance regulations and market, very willing to help out companies regardless of size and stage of a company.’

‘Baker McKenzie’s consultants were able to translate our challenge into a practical solution which we were able to easily implement. Also, the solution offered was business-driven, meaning it was developed by starting with our business requirements instead of the law. The documentation provided was easy to read and understandable. Therefore we could implement the solution smoothly.’

‘Individuals make the company and so did Andre Walter for us. Andre is smart, accessible and proves to have deep knowledge of privacy and data security. He was easy to approach, very flexible to meet our agenda and capable of explaining the legal challenges in a simple way. His accessibility as a person and capability to simplify complex things are unique in his field of work.’

Key clients

FedEx Corporation

First European Data Rep





Recruit Robin

Retriever Media




Silicon Valley Bank

SN Power





Wolters Kluwer

Work highlights

  • Representing a global e-commerce platform with operations in the Americas, Europe and Asia Pacific in discussions with the Data Protection Authority, which deals with all EU queries and complaints relating to the One Stop Shop mechanism.
  • Represented a global technology and content publishing company in a major ransomware security incident, and represented the client against enforcement efforts brought by the Dutch Data Protection Authority.
  • Advised a world-leading health and beauty retailer on various data protection compliance incidents, and represented the client in discussions with and investigations by the regulatory authorities in a number of jurisdictions.

Bird & Bird

As part of the firm's wider IT practice, Bird & Bird's 'very knowledgeable and creative' team handles the full breadth of data work including compliance mandates, enforcement issues and data transactions. With notable expertise in the healthcare, telecoms and financial services sectors, the group is also increasingly active in adtech work and binding corporate rules matters. The group also works closely with other offices in the firm's global network, advising clients including Uber, Teva Pharmaceuticals and ABB. Senior counsel Wilfred Steenbruggen and newly promoted counsel Berend van der Eijk jointly lead the practice.

Practice head(s):

Wilfred Steenbruggen; Berend van der Eijk


‘Very knowledgeable and creative.’

‘Wilfred Steenbruggen is highly experienced, especially in the telecoms and healthcare sectors. He understands the (privacy) issues of these industries and proposes pragmatic solutions.’

‘The team is knowledgeable, experienced and quick to respond.’

‘Wilfred Steenbruggen provides excellent counsel in the field of data protection and privacy.’

Key clients


Teva Pharmaceuticals





Robin Mobile/Budget Mobiel


Domino’s Pizzas


Work highlights

  • Advising Teva Pharmaceuticals on numerous data protection compliance matters, often in respect of projects covering various jurisdictions in the EEA.
  • Drafted a strategic legal memorandum for Uber Technologies on the responsible sharing of data with local governments.
  • Providing Adyen with continuous data protection advice in relation to general GDPR compliance, new products and contentious matters.


Dentons' 'highly specialised' data privacy and security department 'thinks ahead and anticipates threats as well as opportunities’, while leveraging the firm's international network to advise on global data mandates; group leader Marc Elshof is also co-head of the European practice. Recent matters encompass regulatory and compliance work, advisory mandates, data breaches and cybersecurity work. The team also provides insured clients with a 24/7 data breach hotline and has a European cookie law comparison tool, which covers internet cookie obligations across 28 countries. Associate Celine van Es is also a key name to note.

Practice head(s):

Marc Elshof

Other key lawyers:

Celine van Es


‘Very involved, always available when necessary, thinking ahead and anticipating threats as well as opportunities.’

‘Making pros and cons clear, working to find workable solutions and being able to provide services in relation to our unique and complicated work field with regards to the GDPR.’

‘Fast, easily accessible, high-quality, sparring partner.’

‘Highly specialised team, easy access and pleasant to work with.’

‘Highly qualified, I can just pick up the phone and brainstorm with Marc Elshof. Easy to work with.’

Key clients


Beachbody on Demand

Canopy Growth Corporation

Champion Petfoods

CNA Hardy

Feld Entertainment



Playa Hotels & Resorts



The Student Hotel

Tyson Foods

Unibail Rodamco Westfield


Work highlights

  • Advised MyoKardia on its GDPR compliance after its launch in Europe.
  • Assisting Shawcor with setting up its privacy compliance framework in the midst of the Covid-19 crisis.
  • Assisted SkyKick with the creation of a new delivery model ‘Powered by SkyKick’.

Hogan Lovells International LLP

The 'young, innovative, dynamic and professional team' at Hogan Lovells International LLP is led by the 'extremely informedJoke Bodewits, who has 'surrounded herself with a strong team, including a number of great talents' including senior associate Chantal van Dam and associate Benjamino Blok. The group is a key name for complex cross-border mandates as well as multi-jurisdictional litigation; it also handles e-privacy matters and cybersecurity work.

Practice head(s):

Joke Bodewits

Other key lawyers:

Chantal van Dam; Benjamino Blok; Wout Olieslagers


‘The team is very competent, and provides quick, thorough and to-the-point advice. The fact that the team is always available for a quick call and advice is really helpful.’

‘Besides a really friendly person, Joke Bodewits is extremely informed and knows all details of every question you raise. She is very persuasive in discussions and makes people listen and reconsider their own position.  Wout Olieslagers is also a very friendly person, that is able to inform you that you should think about other options, while at the same time make you think that your chosen option is the right one.’

‘Very practical and hands-on team with pragmatic solutions. People within the team are nice to work with.’

‘Joke Bodewits and Chantal van Dam are very nice people to work with, really help you out quickly and pragmatically.’

‘Young, innovative, dynamic and professional team. Very knowledgeable in privacy and cybersecurity.’

‘Joke Bodewits (partner) leads the show. She has surrounded herself with a strong team, including a number of great talents of which Chantal van Dam deserves special attention.’

Pels Rijcken & Droogleever Fortuijn NV

Pels Rijcken & Droogleever Fortuijn NV's innovation, privacy and technology team is a key name in the market for data litigation, and recently represented Dutch Railways in proceedings relating to the use of a public transport chip card and the use of passenger data. The team also handles innovative issues surrounding data, including matters relating to big data, smart cities, blockchain and AI. The highly regarded Gerrit-Jan Zwenne leads the practice, which acts for a notable roster of public and private sector clients, including Dutch provincial authorities, the City of Amsterdam and Experian. Other notable practitioners include Meine Dijkstra and senior associate Marte van Graafeiland, who regularly act for public sector clients.

Practice head(s):

Gerrit-Jan Zwenne

Other key lawyers:

Meine Dijkstra; Marte van Graafeiland; Jeroen Naves


‘The team is a close-knit group. Their strength lies in their ability to listen and, of course, their legal knowledge. They are very pleasant to work with and know their business. What also sets them apart from other firms is that I have never, not once, seen arrogance in their behaviour.’

‘Jeroen Naves is very competent, quick, nice colleague to work with. The difference between Jeroen and other lawyers is his understanding of risk and business value. Where most lawyers focus solely on the law itself, Jeroen understands the balance between Legal, Risk and Business very well.’

‘We have a great relationship with Gerrit-Jan Zwenne as partner who supports us in many of our complex privacy related matters.’

Key clients

Data Privacy Foundation (Data Privacy Stichting, DPS) Consumer Association in the Netherland (Consumentenbond)


Dutch National Railways (Nederlandse Spoorwegen)


Schiphol Airport

Cities of Amsterdam, Rotterdam and The Hague

Ministry of Defence

The Greenery

All 12 Dutch provincial authorities

Dutch Public Prosecution Service


Work highlights

  • Represented Dutch Railways in multiple proceedings initiated by individuals and activist organisations who claim the use of the public transport chip-card is unlawful and against other use of passenger data.
  • Advised the Ministry of Health, Welfare and Sport on the development of an app which can warn users of possible Covid-19 infections.
  • Advised the Data Privacy Foundation (Consumer Association) on possible class actions against Facebook, claiming damages of potentially over €10m for Facebook users and others, whose data was provided unlawfully to third parties, including Cambridge Analytica.

Project Moore Advocaten

IT and data protection boutique Project Moore Advocaten acts for a broad range of clients with notable expertise in the transport, technology, retail and public sectors; key clients include KLM, the Dutch State and Nikon. The group handles the full range of data protection instructions and has recently seen an increase in security matters. Noteworthy individuals include Lieneke Viergever and Jeroen Koëter, who have 'undisputed expertise', and Eva Visser, who gives 'practical, real-world advice'.

Other key lawyers:

Lieneke Viergever; Jeroen Koëter; Eva Visser


‘Good and responsive team with feel for the business.’

‘Experts, client-oriented, thinks with you, flexible, provides good support in Europe through partner firms (is able to coordinate well).’

‘Eva Visser and Lieneke Viergever are the go-to people for GDPR. Great to work with and easy to approach. They are able to give practical “real-world” advice.’

‘Project Moore is invariably very hands-on. They have a sound instinct for what is needed in practice: quick, on the spot practical guidance when called for, but in-depth analysis when necessary.’

‘Both Lieneke Viergever and Jeroen Koeter are very responsive, service-oriented and practical. In addition they provide a rare combination of undisputed expertise and competitive rates.’

‘Top specialists with excellent knowledge and expertise in the field of privacy and IT-contracts. Always available, pragmatic, to-the-point and skilled.’

Key clients



BDR Thermea


Ministry of Security and Justice  Custodial Institutions Agency

Employee Insurance Agency

KLM Royal Dutch Airlines

MLE (Mitsubishi Logisnext Europe)



PF Concept

PVH Europe (Calvin Klein and Tommy Hilfiger)



Work highlights

  • Advised the Ministry of Justice and Security on a data breach related to a public safety app, NL-Alert, where sensitive location data was shared with an unauthorised third-party.
  • Advising Picnic on several data protection aspects of its Driving Coach system, which tracks data with regard to the performance and driving safety aspects of its delivery vehicles and the level of driving safety of the drivers, including executing a Privacy Impact Assessment and drafting an employee notice.


With 'a good grasp of technology and an ability to understand how technology interacts with data privacy regulations', Stibbe's cross-departmental digital economy group is led by Judica Krikke, with support from employment expert Astrid Helstone and senior associate Marc SpuijbroekChristien Saris is also recommended for data protection administrative enforcement work. The practice handles the full range of data mandates with particular expertise in the data aspects of cloud contracting, compliance issues and transactional work. Notable clients on the group's roster include the Dutch State, the Dutch Police and ING.

Practice head(s):

Judica Krikke

Other key lawyers:

Astrid Helstone; Marc Spuijbroek


‘They have a good grasp of technology and are able to understand how the technology interacts with the data privacy regulations, and vice versa. They have a pro-active and pragmatic approach to working with start-ups.’

‘Their knowledge of the practice is excellent and they have the capability to create solutions that are not only legally correct but also workable/pragmatic for us in the daily practice.’

‘Marc Spuijbroek is very approachable and able to communicate with all sections of the company in an understandable way.’

‘Judica Krikke is very pleasant to work with because she is very knowledgeable and able to use that in providing practical advice.’

‘The practice is unique because of its dedication, accessibility, speed and extremely high level of knowledge.’

‘Professionalism coupled with friendliness. They are all very good at empathising with the customer, very good in thinking far ahead without losing the connection with the customer.’

Key clients

The Dutch State




Finos Global


Dutch Police

Accord Healthcare


Royal Flora Holland

Work highlights

  • Advising the Dutch State on the data protection compliance of cloud sourcing solutions and other privacy challenges in relation to the use of products and services of key ICT suppliers.
  • Advised Athora on its acquisition of Vivat from Anbang, and the related sale of Vivat Schadeverzekeringen to NN Group.
  • Advising Q-Park on data protection corporate governance and data protection challenges related to key IT solutions and new business initiatives.

bureau Brandeis

At boutique firm bureau Brandeis, practice co-head Vita Zwaan leads the privacy compliance team, while fellow practice co-head Christiaan Alberdingk Thijm is the key contact for contentious mandates. The group's client roster encompasses internet service providers, telecoms companies, social media platforms, retailers, entertainment sector companies and advertisement network providers; key examples include Pathé and Dutch Digital Agencies. The Dutch DPA is also another significant name.

Practice head(s):

Vita Zwaan; Christiaan Alberdingk Thijm

Key clients



Dutch Digital Agencies

Juridische Zaken



CMS' 'pragmatic approach to privacy issues around the globe' encompasses advising on all aspects of data protection and data privacy compliance with substantial experience in the life sciences, mobility and energy sectors. The group also has targeted expertise in the data elements of bankruptcies, blockchain issues and cybersecurity issues, leveraging the firm's international 24/7 breach response service. Edmon Oude Elferink leads a team which also includes Katja van Kranenburg-Hanspians, who heads up the Human Capital Agenda of the Dutch Blockchain Coalition and the National AI Coalition; and senior counsel Simon Sanders.

Practice head(s):

Edmon Oude Elferink

Other key lawyers:

Katja van Kranenburg-Hanspians; Simon Sanders


‘Very pragmatic approach to privacy issues around the globe.’

‘Always available, fast responses and pragmatic advice.’

Key clients





Work highlights

  • Providing AIG policy-holders with cyber incident response services.
  • Advising Lemonade on all aspects – including privacy and data protection – of its European expansion.
  • Advising Slotervaartziekenhuis and its receivers on the handling of patient personal data following the hospital’s bankruptcy.

Eversheds Sutherland (Netherlands) B.V.

Eversheds Sutherland (Netherlands) B.V.'s privacy, data protection and cybersecurity practice has seen notable growth following the recruitment of Olav van Haperen in mid-2019 to the Rotterdam office; Haperen is a co-founder of the Dutch Association of Privacy Lawyers. The team leverages the firm's global network to act for a substantial volume of international clients. IP and technology specialist Benjamin van Kessel is the key contact in Amsterdam, while Rotterdam-based senior associate Robbert Santifort joined from Houthoff in early 2020.

Practice head(s):

Olaf van Haperen

Other key lawyers:

Benjamin van Kessel; Robbert Santifort

Key clients

Gibson Europe

QTS Datacenters


Core Laboratories








Work highlights

  • Advised Gibson Europe on its GDPR compliance project.
  • Acting for Core Laboratories in a data subject access request brought by a former employee of a subsidiary in Russia.
  • Advising QTS on the legal set-up of its new high-tech data centre solution and corresponding international data transfers.


Houthoff's privacy and data protection group has expertise across the spectrum of data mandates, with notable experience in issues relating to connected cars, internet platforms and fintech work. Group head Thomas de Weerd is also an expert in technology related mandates and e-business issues; other key names include senior associate Jurre Reus, who focuses on privacy and e-commerce matters. The team is singled out for its litigation experience and regularly handles investigations by the Dutch DPA and the Dutch Authority for Consumers & Markets.

Practice head(s):

Thomas de Weerd

Other key lawyers:

Jurre Reus

Key clients

eBay Classifieds Group/


Intel Corporation

Media Markt/Saturn


Volvo, Kia, Renault, FIAT, Subaru, Mazda, Ford, Pon’s Automobielhandel (Volkswagen Netherlands), Jaguar Land Rover and other car manufacturers and importers

Telegraaf Media Group

RDW (Dienst Wegverkeer)

HP inc.

Exact Software

Stichting BREIN

Work highlights

  • Advising Marktplaats (eBay Classifieds Group), the largest Dutch classifieds website, on all its data protection, commercial contracting and consumer protection matters.
  • Acting for various major car companies and Dutch car importers on a wide variety of data protection compliance matters.
  • Advising Royal VolkerWessels, the Netherlands-based construction conglomerate, on IT and data protection matters on an ongoing basis.

Loyens & Loeff

Loyens & Loeff's multi-disciplinary practice works closely with the firm's wider offices in Luxembourg, Belgium and Switzerland to advise on the complete range of data issues involving compliance work, data breach matters, data transactions and enforcement mandates. The group also has expertise in the technology, consumer goods, life sciences, financial and automotive sectors; clients include Vivat, Orange and Jaguar Landrover. Kim Lucassen leads the practice, with strong support from senior associate Joanne Zaaijer, who focuses on competition and privacy law.

Practice head(s):

Kim Lucassen

Other key lawyers:

Joanne Zaaijer


‘Kim Lucassen struck me as competent and knowledgeable.’

‘The team handles the company’s GDPR approach and (possible) issues very pragmatically. They create an approach which is best-suited for the client based on the type of services provided by the client and branch.’

‘The individuals stand out because of their pragmatic approach. Furthermore they are always available, swift and quick.’

Key clients

PrivateTracer consortium

DPG Media


Pioneer Europe

Zilveren Kruis Achmea

Tata Communications Netherlands



Insinger Gilissen

Jaguar Landrover

Stichting Hartwig Medical Foundation (HMF)




Colosseum Dental Group


Work highlights

  • Assisted DPG Media with the acquisition of Sanoma Media Netherlands (the Netherlands’ largest publisher of magazines) from the Sanoma Group.
  • Advised the PrivateTracer consortium on the development of a mobile phone Covid-19 contract tracing app and the structuring of the non-profit public-private partnership, including on privacy, privacy by design, software licensing, copyright and trade mark law and software development.
  • Assisted Zilveren Kruis, one of the largest Dutch health insurers, with various matters including several investigations that were carried out after the bankruptcy of Slotervaart and IJsselmeer hospitals.


As part of the firm's wider Benelux data protection and cybersecurity team, NautaDutilh's group takes a cross-departmental approach to data mandates, drawing on notable expertise across a range of practice areas. Group leader Albert van der Kolk focuses on employment-related issues, while Jolize Lautenbach specialises in administrative law and newly promoted partner Ralph Ubels is the key name for contentious work; advisor Jacqueline van Essen is also praised by clients. The group also has additional expertise in relation to personal data issues, cross-border GDPR matters, direct marketing practices and Dutch DPA enforcement work.

Practice head(s):

Albert van der Kolk

Other key lawyers:

Jolize Lautenbach; Ralph Ubels; Jacqueline van Essen


‘NautaDutilh’s data privacy and data protection team is the reference for this practice in the Benelux region, and its long-standing expertise provides invaluable insight on the fast-paced developments in GDPR enforcement. The clarity of their insight is not only a great asset for clients and peers alike, but also turns each exchange into insightful conversation with a profound impact on future projects and their implementation.’

‘The commanding expertise of Jacqueline van Essen is only matched by the gentleness of her expression, leading in the end to crystal clear deliverables with astute analyses. It is a real pleasure to work with her.’

‘The law firm understands the practical issues and needs that the in-house lawyers and the company itself have and delivers its opinions tailor made in view of this.’

‘The attention and understanding provided by the law firm are outstanding.’

‘The team is practical, acts quickly and is accessible.’

‘The team is professional and practical at the same time. They always answer on short notice.’

‘They do what they say. They are reliable.’

Key clients


Airbnb, Inc.

American Express

ASR Nederland

Bank of America Merrill Lynch


Bluebee Holding


Dynamic Credit


HAL Investments


Mizuho Bank






The Norinchukin Bank




VvAA Groep


Work highlights

  • Assisted numerous clients, ranging from financial institutions and multi-national companies to online retailers, in relation to security incidents and personal data breach management issues, notifications to the Dutch Data Protection Authority and data subjects.
  • Advised various clients on the processing of sensitive personal data, especially where matters intersect with clinical trial laws and regulations.
  • Advised multiple financial institutions and multinational corporations on international data transfers, especially in view of Brexit, the invalidation of the EU-US Privacy Shield and the Schrems II judgment of the Court of Justice of the European Union regarding the use of EU standard contractual clauses.


The multidisciplinary privacy team at Ploum is regularly instructed by clients on data matters relating to software, technology innovations, e-commerce work, marketing issues and e-health mandates. Dennis Zieren and Dorine ten Brink jointly lead the practice; Zieren is praised by clients for his 'personal and to-the-point advice', while ten Brink specialises in contract law. Associate Nina Witt is also singled out for her expertise in the healthcare sector.

Practice head(s):

Dennis Zieren; Dorine ten Brink

Other key lawyers:

Nina Witt


‘Ploum has a single point of contact, hands-on, deep knowledge, pleasant communication, practical and pragmatic, fast specific and appropriate advice, innovative solutions, transparency with regard to costs/billing.’

‘The client service is always excellent, as is the quality of the advice. Dennis Zieren stands out. There is deep data privacy and data protection knowledge across the team. Client driven, focused and always there when you need them.’

‘Dennis Zieren provides personal and to-the-point advice that is of great added value to the client. Go-to person for all our ICT law, privacy and data protection law matters. Easy to work with and very responsive.’

‘The approach of this team is very responsive and hands-on. They have good knowledge of how to approach things from a business perspective, which as a client I find very helpful.’

‘Nina Witt is my main contact person. She is always quick to respond and more importantly she works from a practical angle, meaning that she understands very quickly how the business works and what to look for, so even potentially hidden issues can be identified.’

‘Professional attitude and a wide range of expertise.’

‘I am very satisfied. All lawyers with whom I work have a great deal of relevant professional knowledge, are available 24/7, have a pragmatic approach, take our commercial interests into account and are very much aligned with our business. My overall impression is very positive. Ploum has mainly highly qualified and kind people on board.’

‘Dennis Zieren has a lot of knowledge of all IT/privacy related matters and is able to explain a legal problem concisely and in legible language. He is able to quickly familiarise himself with a particular issue and respond quickly with very practical advice.’

Key clients

JDE Peet’s


Momo Medical


Stichting Loterij Incasso

JVH Gaming

Centriënt Pharmaceuticals



Work highlights

  • Advised Momo Medical on the processing of personal data of patients in care homes and hospitals in relation to its innovations.
  • Advised Univé Het Groene Hart Organisatie, a large insurance company, on privacy matters regarding shared employees within a group of companies and the processing of employee data.
  • Advised Stichting Loterij Incasso on the processing of sensitive personal data for the purpose of a class action.

Vondst Advocaten N.V

Vondst Advocaten N.V's data protection practice includes highly regarded practice head and 'stand-out partnerHerwin Roerdink, and Polo van der Putt, who have expertise in online marketing issues and technology work, respectively. The team handles the full spectrum of data mandates including handling commercial issues, data transfers, data litigation and enforcement work. It also has experience in the consumer goods, media, automotive and charity sectors.

Practice head(s):

Herwin Roerdink

Other key lawyers:

Polo van der Putt; Tineke van de Bunt


‘Vondst advocaten is very hands-on and professional; I consider them to be a true strategic partner and value-driver for our business.’

‘The stand-out partner is Herwin Roerdink. Herwin is proactive, approachable, very responsive; he provides practical advice, always employs a broad perspective based on his knowledge of our business and proactively considers potential future legal risks and opportunities. Herwin serves his clients in a professional way and dives deeply into their businesses in order to provide practical solutions to difficult struggles. And above that, Herwin has a nice personality to work with.’

‘They pair excellent legal knowledge with business know-how and a pragmatic and customer-friendly approach.’

‘Polo Van der Putt has excellent legal skills and knowledge in e-commerce and data privacy matters. Furthermore, he is very experienced in these areas of law, which is important for us. Polo is always up-to-date and also knows the non-published practice of the authorities. Polo also has an excellent understanding of the business/industries, which allows him to provide client-friendly and pragmatic solutions, which are not only compliant with the laws, but can also be implemented by the clients.’

‘Strong data protection knowledge combined with high levels of responsiveness and proactivity and a very practical/business-oriented approach.’

‘Herwin Roerdink and Tineke van de Bunt have good legal knowledge and drafting skills, knowledge of the relevant industries and are very responsive, practical (which is something that lawyers from larger firms often lack) and commercial (also in looking for a reasonable fee structure).’

Key clients





National Postcode Lottery




Aalberts Industries / Flamco

USG People

University of Amsterdam


Aalberts Industries

Credit Europe Bank


Work highlights

  • Advising Novamedia on all aspects of international data protection.
  • Advising HEMA on data protection and online marketing matters.
  • Assisted Shimano with its implementation of the GDPR.