Data privacy and data protection in Netherlands

Baker McKenzie

Wouter Seinen, who is recognised as 'one of the best' in the market, and Remke Scheepstra head up the 'practical and pragmatic' data privacy team at Baker McKenzie. The team sits within the firm's IT practice and its clients range from global banks and technology companies to consumer goods multi-nationals which seek assistance on data protection and cybersecurity breach matters. The team can advise on internal investigations, crisis control of data breach incidents together with specific advice on data privacy compliance involving US cases. It also offers technical consultants through its iG360 technology platform.

Practice head(s):

Wouter Seinen; Remke Scheepstra


The privacy team of Baker is to the point, practical, pragmatic, and their input is valuable. They are easy to work with, down to earth, understand the needs of the business and are able to translate my questions into solid and pragmatic opinions.’

‘Wouter Seinen is the best privacy guy I ever met. He is a creative thinker, out of the box, not standard, which provides value to my business in a very high-quality manner. He understands my needs and is able to translate those in legal opinions that are easily implemented in my business and organisation. Besides his excellent knowledge, communicative skills and experience, Wouter is a very nice guy, easy to work with. I would not hesitate one second to recommend Wouter – as he adds value!’

Key clients

First European Data Rep


FedEx Corporation





Work highlights

  • Works with First European Data Rep B.V. which offers EU representative services to non-EU companies and acts on their behalf, as a single point of contact for EU supervisory authorities and individuals, on all issues related to personal data processing activities in the EU. The team assists the client in determining the GDPR compliance readiness of the client’s customers and setting out the potential interventions required.
  • Assisted a fast-growing E-commerce platform operator with its EMEA business expansion through a Dutch wholly-owned subsidiary. Aside from a range of commercial and tax advice, the team audited all e-commerce and consumer protection aspects of the service under both Dutch and European regulations and GDPR compliance.
  • Assisted a client to develop a local data incident hotline into a global 24/7 hotline to handle and advise on urgent data incidents. Also advised on/reviewed the client’s incident and breach process mechanisms.


Quinten Kroes is the highly-rated head of the Brinkhof practice. The team, which includes Pepijn van Ginneke (who has telecoms focus) Eliane de Vilder, Wieke van Angeren and Manon Oostveen, advise on the many new issues that arise in the field of data handling or protection. As well as GDPR compliance, the team advises on novel issues, such as 'the right to be forgotten' and contentious cases that involve the Dutch Data Protection Authority. It has an impressive client roster including major US and European and other global corporates including those in the telecoms area.

Practice head(s):

Quinten Kroes


‘Pepijn van Ginneken and Quinten Kroes each has his own style but both are: hands-on, have deep knowledge of legal issue and business, professional, no provision of superfluous advice not really needed to sort out the problem/business; understand business and find good way to deal with business input, taking the input seriously even if it is not always relevant for the sorting out the legal issue, pleasant communication, full transparency in expected legal costs.’

‘Brinkhof has a way of communicating with its clients in a personal and professional approach; they make it a point to understand the question you would like to have advice on, without asking more time than necessary. Furthermore, they are receptive of feedback and take the time to explain their reasoning in clear wording.’ 

‘I have been fortunate enough to work together with both Quinten Kroes and Manon Oostveen. As stated above, these individuals have a very personalised approach. Where with other firms you might get the feeling that you are one client out of many, and providing advice is a check-the-box exercise, this is definitely not the case with Brinkhof.’

‘Expertise and dedicated attention are combined really well in order to address the issue at hand.’

Key clients











Work highlights

  • Continues to represent Google in all its Dutch litigation, including customer data requests, notices and takedowns, and numerous cases concerning the ‘right to be forgotten’.
  • Acting for KPN in an ongoing precedent-setting dispute with another mobile operator concerning the use of personal data in the context of tracing malicious or nuisance calls.
  • Represents WhatsApp in its administrative appeal against an order imposed by the Dutch Data Protection Authority requiring WhatsApp to appoint a local representative in the Netherlands in a matter which raised a variety of complex, cutting-edge issues and garnered international attention.

Kennedy Van der Laan

The Kennedy Van der Laan team is noted for combining its legal expertise with a thorough understanding of the technologies involved. The practice assists clients with all the various uses of commercial data, including big data, and advises on contractual and regulatory matters as well as investigations and enforcement cases. Its broad client roster includes those in the financial, healthcare and transport and logistics sectors. Hester de Vries, who has a background at the Dutch Data Protection Authority, is highly recommended and Quirine Tjeenk Willink is considered 'best in class' for complicated cases.

Practice head(s):

Hester de Vries


‘The privacy team combines first-class legal knowledge with an in-depth understanding of technologies.’

‘Best in class is without any doubt is Quirine Tjeenk Willink. She’s the must-see counsel for top-notch, hands-on advice in complicated matters.’ 

Key clients


Vrije Universiteit

Stichting BKR



Work highlights

  • Assisted TNT/FedEx in obtaining regulatory approval for binding corporate rules for the exchange of personal data within the group.
  • Advising Stichting BKR (Dutch foundation for credit registration and registration of overdue debts) on the implementation of the General Data Protection Regulation.
  • Advising a client involved in an investigation and potential enforcement by the Competition Regulator because the client refuses to provide access to sensitive personal data to a competitor.

Van Doorne

The 'exceptional' team at Van Doorne is led by the well-known Elisabeth Thole who is one of the most experienced data protection lawyers in the Netherlands. She is ably assisted by senior associate Özer Zivali advising on all aspects of GDPR compliance; notification of data breaches to the Data Protection Authorities and the affected data subjects. The work also includes claims/damage control and cyber insurance issues. It advises on all aspects of e-commerce, including reviewing websites and apps and drafting terms and conditions.

Practice head(s):

Elisabeth Thole


The team knows how the balance between legal and commercial importance. We see them as business partners.’

‘Exceptional data privacy and data protection team.’

‘What stands out for me is their ability to relate to our needs. They provided up-to-date knowledge and practical workings of the legislation and really worked with us.’

‘I was impressed with their level of knowledge and how they sought to try and educate participants on the subject. A key strength is their international network, the standing of their partner(s) in the field of data privacy/data protection and their ability to apply this to everyday situations.’

‘The counsellors of Van Doorne produce well-thought-out advice, written by highly knowledgeable people who are willing to go the extra mile. Compared to other firms, Van Doorne is relatively expensive. This is due to the high level of specialization requiring a high number of specialists performing the assignment. Some of which, however, are leading in their field.’

‘Great and professional team. Great expertise. Fast and clear, good business acumen. The team is up to speed and has deep industry knowledge. It also provides good service quality. It is my preferred law firm in the NL.’

‘They have a strong privacy team with strength in depth and are led very ably by Elisabeth Thole and for me, they are the best in this area in the Netherlands.’

Key clients




Anthos Bank

Central Works Council of TNT


Gelre hospital

Jacobs Douwe Egberts



Nationale Politie

Tata Steel


Texas Instruments

TU/e (Eindhoven University of Technology)


Work highlights

  • Assists Atradius on an ongoing basis with all its GDPR compliance work, involving advising on the privacy  positions of its entities, privacy and cookie statements,  automated decision-making, data subject requests, the processing of HR data, and direct marketing activities.
  • Advising Centrale Ondernemingsraad (COR) TNT – Central Works Council of TNT on the restructure its IT infrastructure following its merger.
  • Assisting the National Police regarding an investigation started by the Dutch Data Protection Authority.

Bird & Bird

Senior counsel Wilfred Steenbruggen and senior associate Berend van der Eijk lead the national data protection practice at Bird & Bird. As part of the commercial, privacy and data protection, regulatory and administrative practice, Steenbruggen advises on a broad range of matters; he advises Teva on various data protection compliance matters, often in respect of projects covering numerous territories in the EU. Jeroen van der Lee and Roelien van Neck are other notable names in a team that handles the gamut of data privacy and protection matters, including data breaches and investigations.

Key clients





Domino’s Pizza




Michael Page

Work highlights

  • Assisting the ABB group with the drafting, implementing and submitting its global Binding Corporate Rules with the Dutch Data Protection Authority. Also assisting ABB with other general data protection matters, such as updating their privacy notices, and strategic advice regarding liability and data protection.
  • Advising Adyen, a world-leading payment platform which facilitates the payment of the largest e-commerce companies in the world (Facebook, Uber, Apple, Netflix), on its global data protection matters, both strategic (for GDPR compliance and project and sensitive new products) as well as for more ad-hoc work such as contract negotiations.
  • Advising T-Mobile on various regulatory matters, including data protection; advising on the implementation and roll-out of its extensive GDPR compliance programme.

De Brauw Blackstone Westbroek

Axel Arnbak and Geert Potjewijd co-head the data privacy team, while Nicolien Van Den Biggelaar heads the overall regulatory enforcement practice at De Brauw Blackstone Westbroek. The team handles the full range of data protection/security including international issues, investigations and enforcement actions, and can bring together expertise in administration law and experts in competition law. Arjan Kleinhout brings his public law expertise to the team, especially where it intersects with privacy. The team is preparing an unprecedented court case against the Dutch State on the sweeping mass surveillance law, Wiv2017, popularly known as "sleepwet", that was voted down in a historic referendum in May 2018.

Practice head(s):

Axel Arnbak; Geert Potjewijd


Axel masters legal intricacies and the grand overview. He is hands-on, practical, knowledgable about GDPR and all its ambiguities. Good availability and just nice to work with. Reasonable rates.’

‘De Brauw’s data privacy and data protection team has shown the courage and boldness to want to take on the human rights violations in the new Dutch law on the secret and intelligence services, by exploring litigation routes and showing a willingness to litigate. The team is helping a coalition of human rights and privacy rights NGO’s, tech companies, lawyers and journalists. They help by bringing their legal expertise on data, privacy, data protection and EU law and by offering to be  case lawyers in the possible litigation that could follow the full implementation of the new law.’ 

‘Excellent combination of knowledge of privacy laws and administrative law which is key when assessing risks, and facing litigation, in the field of privacy.’ 

Key clients


Port of Rotterdam decades

Rabobank decades

NN Group

Schiphol Airport decades

Dutch Chamber of Commerce


Signify decades

Verbond van Verzekeraars (Dutch Association of Insurers)

The Ocean Cleanup

Public Interest

Litigation Project

Work highlights

  • Assisted Facebook as lead counsel, coordinating other law firms involved across Europe, in an investigation launched by the Dutch data protection authority in December 2014, and in related legal proceedings.
  • Acts as lead counsel to the Dutch Chamber of Commerce on complex investigations by the Dutch DPA.
  • Advised the NN Group, the largest insurance company in the Dutch market, on various high-end data governance projects, e.g. mortgage default detection schemes with the use of machine learning technologies.


At Dentons, Marc Elshof co-heads Dentons’ European data privacy and security group and is prized by clients for his 'very broad and proactive outlook on GDPR matters and ICT'. Associate Celine van Es is also highlighted for being 'proactive and tenacious'. The team advises a range of Dutch and international clients on adhering to the GDPR, privacy compliance frameworks, consumer tracking, and the processing of health data, as well as data breaches and responses to the regulator. It also offers a 24/7 data breach hotline for insurers' clients.

Practice head(s):

Marc Elshof 


‘I believe that the Dentons Netherlands team has been far and away the best we have dealt with in Europe. They have helped us on an array of issues, including GDPR, websites, cookies, privacy policy, etc.’ 

‘I have worked primarily with Marc Elshof and his team, including Celine van Es. They are extremely knowledgeable, professional and responsive.’ 

‘I have used Marc and his team throughout Europe as a result of their responsiveness and professionalism. Guidance on all GDPR matters in relation to health care.’

‘Marc Elshof has a very broad and proactive look at GDPR matters and ICT.  The GDPR is not easily implementable at our organization. Yet thanks to his very broad & up to date knowledge, his thoroughness, his sharp line of reasoning, Marc has played a key role in the project of implementing the GDPR in our organization in all its aspects. Marc can simplify complicated (GDPR) matters, leaving the client with clear decisions to make, not hesitating to sketch a bigger picture by taking relevant other fields of expertise such as public relations aspects or IT into account.

Celine van Es is the associate we have worked with, she is also very sharp, professional, service-minded, proactive, punctual, precise and tenacious.’

Key clients

3M Company




JRCS Marine Services

Playa Hotels


a.s.r. Real Estate



The Student Hotel

Complete Innovations

Work highlights

  • Assisting a major bank on various matters including “binding corporate rules” under the GDPR which concerns internal rules that define the international policy in a multinational group of companies regarding personal data cross-border transfers within the company organization.
  • Advising JRCS Marine Services, a Japanese company with a growing European presence, on a number of compliance issues, some of which are  unique as to whether they would breach the data protection rules.

Hogan Lovells International LLP

The highly experienced Joke Bodewits heads the Hogan Lovells International LLP team which includes key associates Chantal van Dam and Benjamino Blok. The privacy and cybersecurity team advises on data protection strategies, international data transfers, and high-risk data processing, including notifications to the regulator. It also assists clients on data breaches and other contentious cases involving regulatory complaints.

Practice head(s):

Joke Bodewits


Practical, hands-on advice and very nice people to work with. Good international presence for cross-border questions and advice.’

‘Joke Bodewits is very experienced, knowledgeable, practical and hands-on and a very nice person to work with.’

‘Chantal van Dam is a very nice person to work with, practical advice and very responsive.’ 

Pels Rijcken & Droogleever Fortuijn NV

'A very skilled team' at Pels Rijcken & Droogleever Fortuijn NV handles a range of privacy and data protection law combined with extensive experience in internet and telecoms law including newer technologies such as blockchain, cloud and sensor data matters. Gerrit-Jan Zwenne advises clients from multi-nationals and start-ups to governments and regulatory authorities. He is also a full professor of privacy and data protection law at Leiden University. Meine Dijkstra specialises in IT law and data analytics and has an extensive government side practice, and senior associate Marte van Graafeiland is also a name to note.

Practice head(s):

Gerrit-Jan Zwenne 


The privacy team always has good up-to-date knowledge and remains well informed on all relevant developments in the field of privacy. The team works quickly, professionally and transparently in a good atmosphere with the client. The respectful manner in which the other party is approached is also striking.’

Deep knowledge of privacy and all related topics. Strong in privacy and data protection and very pragmatic advice. A very skilled team in a relatively novel area (blockchain and artificial intelligence). I asked them to audit a blockchain software device we developed in light of GDPR legislation. They were actively involved not only to point out weaknesses in the prototype but also advised how to improve it.’

‘The privacy team has the ability to think with the client, instead of “against” the client. What I mean by this is that they excel in analysing where the legal issues are and presenting potential solutions to these issues, aiding in the client’s risk analysis.’

Gerrit-Jan Zwenne has a very strong knowledge of privacy law and related regulations and has a great reputation in the field of privacy.’

‘Jeroen Naves provides pragmatic advice and is very knowledgeable and skilled on the topics of privacy and IT-related matters.’

‘I particularly valued the expertise of Sandra van Heukelom Verhagen and Marte van Graafeiland. Both are highly skilled, intelligent, committed and helpful, and they were able to understand the very fundamental technical details of our blockchain device, which was, in my opinion, essential to give appropriate legal advice.’ 

They are smart and very analytical, are quick and ask the right questions. They are very natural in their interaction. Marte van Graafeiland, Jeroen Naves and Sandra van Heukelom all excel at this in particular. Their vision of innovation is very helpful and also relatively rare in the legal community. Sandra van Heukelom in particular steers towards a ‘what can we do’ instead of ‘this cannot be done’ type of innovation.’

Key clients


Dutch National Railways Yes

Experian Yes

Maastricht University Medical Centre Yes

Municipalities of Amsterdam, Rotterdam,

The Hague and Haarlem

Municipality of Eindhoven

All 12 Dutch provincial authorities

Dutch Public Prosecution Service

State of the Netherlands (all ministries)

Dutch Ministry of Internal Affairs / ICTU

Work highlights

  • Advises APG and PGGM, two of the largest pension administrators of the Netherlands on the legal aspects of putting their pension administration in a blockchain. This raised new questions regarding data security.
  • Represents the Dutch National Railways in a number of, sometimes high-profile, legal proceedings initiated by individuals and/or consumer interest groups pertaining to alleged unlawful intrusions of privacy as a result of the use of the public transport card (OV-chip).
  • Advising the Dutch Ministry of Internal Affairs/ ICTU on a long-term project commissioned by the Ministry of Internal Affairs about the requirements and guarantees that should be considered when developing a number of applications to give citizens and companies control over their own data.


'A strong team with broad knowledge', the Stibbe group advises on a broad range of data privacy matters as part of its ICT practice. Judica Krikke is the highly recommended team head who advises corporates, the Dutch state and new technology clients on areas such as data protection governance structures and negotiations with the Data Protection Authority. Senior associate Marc Spuijbroek is an IT specialist who also handles data protection issues, especially in relation to cloud sourcing and outsourcing.

Practice head(s):

Judica Krikke


A strong team with broad knowledge and hands-on experience in respect of data privacy and data protection matters and excellent understanding of related IT matters. The team is built up in an efficient and cost-efficient way and makes optimal use of the experience levels available and required for a certain matter.’

Key clients

The Dutch State

Ahold Delhaize



ABN Amro

Royal Flora Holland




Stichting Cartara


Work highlights

  • Advises the Dutch State on its strategic software supplier management which includes advice on data protection aspects of cloud sourcing and other privacy challenges in relation to the use of products and services.
  • Advising a number of large corporates on their existing or intended alcohol and drugs testing practices since such testing has been declared unlawful in general by the Dutch Data Protection Authority.
  • Assisted Dyme on its Dutch licence application under the revised Payment Services Directive (PSD2) and certain related IT and privacy law aspects of their operations.


The practice at Loyens & Loeff  is led by Kim Lucassen, who also heads the firm's life sciences group. It handles GDPR compliance, data breach cases and related disputes providing 'client-oriented, tailored services, which include educational projects and knowledge update sessions'. Although life sciences, healthcare and technology are sectors of focus, it also assists clients in a range of other sectors such as insurance, electronics and banking. Senior associate Joanne Zaaijer is a member of the competition and regulatory practice, and specialises in data protection and privacy law, telecoms law  and e-commerce.

Practice head(s):

Kim Lucassen


The data privacy and data protection team of Loyens & Loeff shows an up-to-date and concise, in-depth knowledge of the subject. The team provides client oriented, tailored services, which include educational projects and knowledge update sessions. The advice provided is always to the point, concise and practical.’

Concise knowledge, enthusiasm, client oriented, prompt assistance with requests, open for discussions.’

Key clients

Zilveren Kruis Achmea

Jaguar Landrover

Orange S.A.


Hartwig Medical Foundation


Colosseum Dental Group

Pioneer Europe

Work highlights

  • Assists Zilveren  Kruis with various topics, including with several investigations that were carried out after the bankruptcy of Slotervaart and Ijsselmeer hospitals and in response to access requests received from persons whose data was provided to the investigators.
  • Assisting Jaguar Landrover with data protection law matters related to ‘intelligent cars’.
  • Advised Orange SA on its acquisition of the IT security firm Securelink.

bureau Brandeis

At bureau Brandeis, Vita Zwaan and her team 'provide excellent and pragmatical advice' in a timely and cost-effective manner. Although the team  has a good history of dealing with data protection authorities, it does not represent government departments. Instead it undertakes complex data protection matters in the telecoms and internet service providers sectors, and advises client in the health/medical, media, and retail/digital marketing sectors on all aspect of data protection, including GDPR compliance.

Practice head(s):

Vita Zwaan


What is particularly striking in the cooperation is the approachable method of communication and the involvement in our activities. They monitor the process, take initiative, provide support where necessary and are visibly involved.’

‘The processing of personal data is key within our organizations and the search for the right method, well before the introduction of the AVG, has given us a good head start. The legal memos have been drawn up in good co-creation, so that both the commercial value and the legal value are high. In addition, they use a no-nonsense approach and clear guidance.’

‘The lawyers I have worked with at Brandeis are all highly skilled professionals, have a no-nonsense mentality and are easy to work with.’

‘The team is know for their expertise, knowledge and network. They understand the client’s need and implement data privacy and data protection in a very understandable way. Their service is high-level.’

‘The privacy team, led by Vita Zwaan, provides excellent and pragmatical legal advice helping organisations implementing privacy- and telecom regulations in a timely and cost-efficient way.’

‘Due to its specific and top-quality legal and market knowledge, the team can assist very effectively with all possible privacy matters.’    

‘Bureau Brandeis provides high-quality services. They can switch/respond quickly where time pressure is present. Their advice is always clear, with an eye for practicality. They leave the choice to their customers, point out the risks and have a good insight into the customer’s business.’

‘They are quick and nimble, know the industry inside out and are not billing per second, rather for outcome.’

‘Vita Zwaan and her dedicated team are the best there is in the Netherlands when it comes to privacy and data protection issues. The lawyers are friendly, co-operative and knowledgeable.’

Key clients





Human Capital Scan

New Skool Media

Dutch Digital Agencies

Juridische Zaken

Stichting LeefH



CMS is recommended for its 'in-depth knowledge of new technologies' in tandem with providing expert advice on data privacy and protection in areas as diverse as life sciences, energy and sports. Its data compliance expertise extends to advising in the context of bankruptcies. It also provides a 24/7 breach response service which can draw on specialists across more than 50 jurisdictions and it is a member of the Dutch Blockchain Coalition among other organisations. Edmon Oude Elferink heads the team and Simon Sanders has a wealth of experience advising IT and telecoms clients on all areas of digital business.

Practice head(s):

Edmon Oude Elferink


CMS combines in-depth legal knowledge with an equally in-depth understanding of new technologies, in this case of blockchain and zero-knowledge proofs. Our digital product was not only assessed by CMS, but was also improved in the exchange of thoughts and ideas with the law firm. This not only ensured the required legal check, but also resulted in a quality boost for the project.’

‘Simon Sanders was very involved with the project. In his investigation, he was very strict, businesslike, and thorough. When he presented the results to our audience, he did this in a very inspiring way. He found a way to explain the results of his research in an accessible way.’

Key clients







Work highlights

  • As part of a broader instruction, advised Vattenfall on the acquisition of the Dutch energy company DELTA Energie. Advised on GDPR compliance and aspects of the IT carve-out and transition.
  • Advising the trustees in the bankruptcy of the MC Slotervaart on the handling of patient personal data and related requests in a GDPR-compliant manner with a view to the continuation of care by specialists in surrounding hospitals, the hospital’s retention obligations, medical research and in relation to regulatory requests.
  • Assisted Jacobs, a US company active in the field of engineering and consulting, with the role out of its GDPR readiness program in Europe.


Thomas de Weerd heads the practice at Houthoff, offering a wealth of experience to e-businesses as well as a track record advising car manufacturers and distributors on data protection matters and the issues around connected cars and smart charging of electric vehicles. In addition to advising on data protection and compliance, the practice also assists clients with investigations by the Dutch Data Protection Authority and Dutch Authority for Consumers & Markets.

Practice head(s):

Thomas de Weerd

Key clients


Volvo, Kia, Peugeot,Citroën, Renault, Fiat(FCA), Subaru, Mazda,Ford, Jaguar Land Rover,Accell, and other car and vehicle manufacturers

Royal VolkerWessels


RDW (DienstWegverkeer; the DutchDriver and VehicleLicensing Agency)

Stichting Vestia

Felyx (e-scooter ridesharing service)

Work highlights

  • Assisting Marktplaats (eBay Classifieds Group), the largest on a wide range of data protection matters, including customer relations, interactions with and enforcement by data protection supervisory authorities and online advertising.
  • Advising various major car companies and Dutch car importers on GDPR compliance matters, updating the data covenants entered into by Dutch car importers (based on a market standard developed by Houthoff), as well as legal aspects of connected cars
  • Advising Royal VolkerWessels on the company-wide implementation of the General Data Protection Regulation and the continued compliance therewith, the development and implementation of a data breach policy and the development and implementation of a cloud services policy.


A substantial team at NautaDutilh is commended for providing 'seamless consolidated advice' and for being 'responsive amidst great emergencies'. Albert van der Kolk chairs the firm's Benelux data protection and cybersecurity team; Jacqueline van Essen and Jolize Lautenbach are two of the notable, specialist partners. Aside from advising on GDPR compliance  strategies, it advises on the full range of agreements, such as data processing or data transfer agreements, combined with expertise in financial services regulations, employment and corporate transactions. The team also has expertise in dealing with the Dutch Data Protection Authority with regard to data breaches.

Practice head(s):

Albert van der Kolk


‘We have been working with Nauta Dutilh for all data protection matters pertaining to the Netherlands and broader Benelux area for close to a decade, especially the great Jacqueline Van Essen. Aside from the seriousness of their expertise, their ability to deliver seamless consolidated advice on the region has been a valuable asset. In addition, despite the great rush to GDPR compliance, the team’s organization made it very responsive amidst great emergencies.’

‘The Nauta team quickly comprehends your business needs and ensures that their advice is tailored to your concerns, practical, and immediately useful.’

‘Their breadth and depth of knowledge is exceptional compared to other firms, and their analysis of which data privacy and protection regulations and frameworks are relevant is much more efficient than other firms we’ve worked with.’

Key clients


ASR Nederland


Gofilex Investments

Payoneer Europe B.V.

Pharvaris B.V.

Uber Technologies, Inc.

VvAA groep B.V.

Work highlights

  • Advised a major bank on data protection complexities and outsourcing agreements.
  • Advised a global client on an international data transfer matter.
  • Assisted Gofilex Investments B.V., a Dutch entity operating a special organized digital delivery system, which includes a variety of digital services, including a digital network as well as physical facilities for temporary and permanent shared storage, handling, secured (inter-)national transportation and content delivery services.


At Ploum, Dennis Zieren leads a team along with senior partners Dorine ten Brink and Miranda Top-Sarneel. The team is valued for its in-depth knowledge of privacy issues and for providing 'sanity checks' for clients. Its expertise spans the notification and aftermath of major personal data breaches; advice on a variety of data privacy matters, such as inter-company data transfers inside and outside of the EEA, and data retention. This is combined with expertise in direct marketing, camera surveillance, and the use of personal data in the healthcare sector.

Practice head(s):

Dennis Zieren


‘The privacy team acts as an extended arm for privacy queries of our company. I can contact the team for in-depth privacy issues but also as a sparring partner for carrying out a sanity check.’

‘At Ploum they have a great deal of knowledge about data privacy and data protection. They know what  we do at our firm, so they know how to translate our questions about data privacy to our practice. They respond quickly to questions.’

‘They work in a team, so when one person is absent, another colleague takes over. I never have to wait long for a response. And they are always very friendly. Engaging any service provider, I expect them to deliver high quality and value. During this project with Ploum, I felt very comfortable with their level of support, input and advice given, also challenging me in a professional way.’

Key clients

Dura Vermeer

AVIA Nederland

Stichting Pameijer

MediaMarkt SaturnHolding BV


CentrientPharmaceuticals(previous : DSM SinochemPharmaceuticals)

Chiesi Pharmaceuticals


Vereniging voor Bakkerijen Zoetwaren



Unit4 Business SoftwareBV

Scheidt & BachmannNederland

JDE (Sara LeeCorporation)

Kober Kinderopvang

Kuwait Petroleum



Project Moore Advocaten

Project Moore Advocaten is a specialist IT practice that contains extensive expertise in the data protection field. In addition to the full range of IT advisory dispute resolution work, it also handles data security, GDPR compliance, and data breach notifications. Work for the team has evolved into advising on high-impact data processing operations such as international transfers; the data protection aspects of new products or services, on line direct marketing operations and the proposed e-Privacy Regulation. Jeroen Koëter, Lieneke Viergever, and Eva Visser are the senior specialists. Koëter co-founded the Netherlands Association for Privacy Lawyers and Visser has a particular focus on big data.


Project Moore offers a combination of experts in privacy and IT law. They are accessible, real craftsman in the legal expertise and creative in inventing practical solutions for legal issues.’

Taylor Wessing LLP

Frederick Leentfaar in Eindhoven and Otto Sleeking  in Amsterdam head the practice at Taylor Wessing LLP. The team is further boosted with the hire of Martijn Loth who joined from Kennedy Van der Laan in mid-2019. The practice offers the full range of data security expertise in addition to being able to harness cross-border specialists.; it advises on all aspects of GDPR compliance and data breaches together with contractual agreements, for example, a matter involving the exchange of data  between emergency assistance centres, police and recovery agencies. Also of note, the team provides clients with information tools including a global data hub.


‘They have extensive experience in the area and very good connections with their colleagues in Europe – they provided seamless advice smoothly together, which was very helpful.’

Key clients

Cell Signaling Technology Ltd.

Lysosomal Therapeutics Inc

Work highlights

  • Assisted Lysosomal Therapeutics Inc. in a clinical study involving sensitive genetic data.
  • Assisted Cell Signaling Technology Inc. in setting up its worldwide GDPR compliance program.

Vondst Advocaten N.V

At Vondst Advocaten N.V, Herwin Roerdink has an established track record dealing with data protection and online commerce in sectors as varied as consumer goods, media, and the automotive industry. IT specialist Polo  van der Putt handles IT contracts and litigation as well as to data protection and cyber security matters. In addition to the full range of advisory work, the team also provides assistance with liability issues and enforcement proceedings by the Dutch Data Protection Authority.

Practice head(s):

Herwin Roerdink


‘Down to earth and direct is what makes Vondst different from other firms in the field. The communication of the team is clear and transparent and their advice and suggestions are to the point, relevant, and useful.’

‘The knowledge and expertise of the team about privacy and data protection is big and up to date and they share their knowledge and recent (international) developments on this field with their clients, e.g. with breakfast-seminars.’ 

Key clients


Scotch & Soda

University of Amsterdam


National Postcode Lottery




Aalberts Industries

Credit Europe Bank

Work highlights

  • Advising Novamedia, including its subsidiaries on all aspects of international data protection.
  • Advising Funda on its responsibilities relating to the data processed on the platform, advice on the rights of data subjects, drafting a protocol for data breach notifications, and advice on various data processing agreements.
  • Advising the National Postcode Lottery on various data protection issues and complex on line marketing issues with respect to their national campaigns.