Brinkhof‘s Amsterdam-based data protection practice is led by Quinten Kroes who has longstanding expertise in the TMT sector and advises multinational and international technology companies and technology-adjacent entities on Dutch data privacy issues. The practice advises on GDPR compliance and represents clients in data privacy and protection class actions. The team continues to be key in assisting clients with privacy enforcement issues, often defending them from investigations initiated by the Dutch Data Protection Authority (DPA). Remy Chavannes leads on ‘rights to be forgotten’ cases and is mandated by online platforms for assisting with online liability matters.
Data privacy and data protection in Netherlands
Brinkhof
Praxisleiter:
Quinten Kroes
Weitere Kernanwälte:
Remon van Saane; Marije Rijsenbrij; Remy Chavannes; Dorien Verhulst
Referenzen
‘Practical and to the point advice.’
‘Quinten Kroes and his team, including Remon van Saane and Marije Rijsenbrij, are very knowledgeable and pleasant to work with.’
‘Quinten Kroes has an in-depth knowledge of the field, and knows his clients. Remon van Saane has a strategic view and is good at getting an understanding of how the business of clients works.’
Kernmandanten
X Corp.
VoetbalTV
DPG Media
Criteo
Duchenne Netherlands / Duchenne Parent Project / Yumen Bionics
Odido Netherlands B.V.
Eriks
Highlight-Mandate
- Represented Criteo SA in several cases concerning its responsibility as an adtech provider relying on tracking cookies.
- Represented Google in class action litigation initiated by two claim vehicles, SBP and SMC, which have launched competing collective damages claims for alleged infringements of data protection, e-privacy and consumer law.
- Represented DPG Media in relation to its objections and appeal against a €525,000 fine imposed by the Dutch DPA for its policy of requiring data subjects to submit a copy of their ID if they sought access or removal of their personal data.
De Brauw Blackstone Westbroek
De Brauw Blackstone Westbroek centres its data privacy practice around public and private enforcement matters. The team stands out for its expertise in data protection litigation and investigations, often representing major technology companies in class actions and follow-on mass claims civil litigation. The team also assists clients with cybersecurity incident responses and critical advisory services. Practice head Geert Potjewijd is well versed in EU and international data protection laws, advising on a large number of GDPR collective actions in the Netherlands. Co-lead Axel Arnbak is the go-to for data and cybersecurity issues, recognised for his expertise in regulatory issues and is often invited to testify before the European and Dutch parliaments as a privacy and cybersecurity specialist.
Praxisleiter:
Geert Potjewijd; Axel Arnbak
Referenzen
‘Good local knowledge.’
Kernmandanten
Salesforce, Inc.
Meta Platforms, Inc.
Uber Technologies, Inc.
TikTok Technology Limited
Amazon Europe Core S.à r.l.
Gen Digital Inc. (Avast Software)
ABN Amro Bank N.V.
Highlight-Mandate
- Assisted Uber with several litigations and regulatory enforcement mandates related to driver deactivations, ride allocation and data governance.
- Assisted Meta with several class actions involving data protection and consumer law claims before the Amsterdam Court of Appeal and District Court.
- Assisted TikTok with a class action pending in the Netherlands regarding alleged GDPR and consumer law violations.
Hogan Lovells International LLP
Joke Bodewits leads the privacy and cybersecurity practice at Hogan Lovells International LLP which is well-equipped to handle global cyber incidents, AI, data governance and a slew of other issues. Bodewits is a cybersecurity specialist and is key to the firm’s global and EU cybersecurity compliance projects and data governance strategies. She regularly handles enforcements actions based on the GDPR and utilises her background in IT law to advise on complex cybersecurity incidents. The practice is sought out by global clients and assists them with time-sensitive issues such as major cyber attacks including ransomware issues. Chantal van Dam assists a mix of international and domestic clients with global data retention strategies and privacy projects.
Praxisleiter:
Joke Bodewits
Weitere Kernanwälte:
Chantal van Dam
Kernmandanten
Booking.com
Wolters Kluwer
Amylyx Pharmaceuticals
Verisure
PVH
Bencis Capital Partners
Insulet
Fluor Corporation
Azerion Group
Tikehau Capital
Zimmer Biomet
Highlight-Mandate
- Assisted Insulet with all matters relating to data protection, e-Privacy, AI, cybersecurity compliance and with compliance with the medical device regulation.
- Advised PVH on data governance and data use and optimisation, marketing and cybersecurity.
Kennedy Van der Laan
The privacy, cybersecurity and regulated markets team at Kennedy Van der Laan is known for its sector expertise across finance, transport and logistics, telecoms, entertainment and healthcare. The team is noted for its expertise in assisting clients with investigations and enforcement proceedings locally and abroad. Internal investigations, legal proceedings against data subjects exerting thier rights under data protection law, and obtaining permits under Dutch data protection law are all key pillars of the practice. The sizeable team is led by Hester de Vries, Quirine Tjeenk Willink, Rosalie Brand and Judica Krikke. De Vries is a data protection authority and assists technology multinationals and public sector institutions with data protection law issues. Enforcement matters are handled by specialist Tjeenk Willink, Brand is the go-to for cybersecurity matters, and Krikke advises on IT aspects of data protection issues.
Praxisleiter:
Hester de Vries; Quirine Tjeenk Willink; Rosalie Brand; Judica Krikke
Referenzen
‘Kennedy Van der Laan has a data privacy and data protection team with several specialists who work together as a team. Privacy and its protection is a wide working field and the firm has plenty colleagues who assist in case there are interfaces with other fields.’
‘After working in the beginning with Hester the Vries as privacy specialist, Kennedy Van der Laan moved on along with our daily problems in protecting data. Rosalie Brand has the combination of ultimate knowledge about privacy, its protection and preventing accidents. Her experience in this working field makes it possible to act fast and in short term. Just what a company needs.’
‘The privacy team at Kennedy Van der Laan excels at clearly interpreting our complex processes from a legal perspective. The accompanying process descriptions are often better than our own policies! Kennedy thoroughly delves into matters, enabling them to uncover all possible risks. Their knowledge of case law, EDPB guidelines, and legislation is outstanding, allowing us to share the Data Protection Impact Assessments with the regulator with complete confidence.’
Kernmandanten
Meta Platforms Ireland
Blauw Research
Schiphol Group
FedEx
Koninklijke Ahold Delhaize
Stichting BKR
Northwave
Translink Systems B.V.
Azerion
Stichting Aidsfonds – Soa Aids Nederland
Highlight-Mandate
- Advised an IT provider in Canada on a security incident, resulting in legal proceeding against the IT provider.
- Assited Northwave with legal advice regarding notification obligations to the DPA and other authorities and on ransom payments and liability claims.
- Assisted Stitching BKR with legal proceedings regarding the rights of data subjects as well as provided strategic advice regarding the legal embedding of the national credit registration system managed by BKR.
Pels Rijcken & Droogleever Fortuijn NV
Pels Rijcken & Droogleever Fortuijn NV‘s privacy and data protection team sits within the wider privacy and technology department and is led out of The Hague by Gerrit-Jan Zwenne and Marte van Graafeiland. The practice advises both public and private sector clients including representing the Dutch State in high-profile proceedings. The team also often represents non-profit foundations as claimants in collective redress litigation against big technology enterprises, and assists defendants in class action law suits against foundations. Other key work includes assisting clients with data breaches, data subject access rights and use of data collection and processing methods. Zwenne is a leading figure in the data protection space, while van Graafeiland focuses on data protection issues involving the public domain.
Praxisleiter:
Gerrit-Jan Zwenne; Marte van Graafeiland
Weitere Kernanwälte:
Lars Groeneveld; Nina Bontje
Referenzen
‘The team has thorough and in-depth knowledge of data protection law. They also have a strong foundation in academia. They are easily accessible and easy to deal with.’
‘Gerrit-Jan Zwenne has an excellent and up-to-date knowledge of data protection law, with a strong academic foundation; he thinks quickly and originally.’
‘The factor that makes the team stand out is Gerrit-Jan Zwenne. Pels Rijcken is the law firm that represents the government. That makes them unique anyway and they have all resources to be best in class with any and all innovations.’
Kernmandanten
Data Privacy Stichting
Stichting Bescherming Privacybelangen
Stichting Consumers United in Court
Surfshark Incogni
Infomedics
Parliament (Tweede Kamer)
Reclassering Nederland
Dutch State
Highlight-Mandate
- Represented the Ministry of Health in a class action related to the aftermath of a covid-19 data breach.
- Represented DPS in a class action against Meta for infringements of both the Dutch DPA and the GDPR.
- Represented SBP in a data protection class action alongside Lemstra van der Kor, against Google.
Van Doorne
Van Doorne‘s privacy and data team is led by data protection expert Elisabeth Thole who is praised as a ‘leading figure in the data protection scene’. The team advises clients on a wide range of issues including data compliance, data-related regulatory proceedings, mass claims and recourse claims as well as data breaches. Thole sits in Amsterdam and has longstanding expertise in privacy, handling both contentious and non-contentious privacy issues. She works closely together with Özer Zivali who handles a mix of data protection and cybersecurity matters. Zivali excels in contentious data protection issues, advising on mass claims, cross-border data breaches and enforcement matters.
Praxisleiter:
Elisabeth Thole
Weitere Kernanwälte:
Özer Zivali
Referenzen
‘One of the leading data protection teams in the Netherlands which also has quite a reputation Europe wide.’
‘Elisabeth Thole is a leading figure in the data protection scene. Very capable and skilled. She is very active on international level. Özer Zivali has learnt a lot from Elisabeth and developed his own profile, being an expert in his doings.’
‘Leaders in their field, unmatched expertise and experience, while also being very approachable and pleasant to work with.’
Kernmandanten
GGD GHOR Nederland
Green Tomato Holding/ New York Pizza
Havenbedrijf Rotterdam
Achmea
IDEXX
Dutch National Police
TU Eindhoven
Vereniging Publiek Gezondheid en Veiligheid Nederland
Highlight-Mandate
- Represented GGD GHOR Nederland in relation to the investigation of the Dutch DPA into a widely reported data breach in the Netherlands related to systems used for covid-19 testing.
- Assisted Green Tomato Holding with its GDPR notification duties towards the Dutch DPA and the affected data subjects after it fell victim to a ransomware attack.
- Assisted TU Eindhoven with administrative appeal proceedings at the highest administrative court, on the right of inspection started by a data subject, under both the former data protection regime and GDPR.
A&O Shearman
A&O Shearman‘s Amsterdam data privacy team advises on a range of regulatory data protection issues. The team advises both international and domestic corporates and multinationals, utilising its international network to advise on issues involving multiple jurisdictions. It is also well versed in emerging legislation as well as enforcement and cybersecurity matters. Nicole Wolters Ruckert leads the team and advises clients on data protection implications of the GDPR, DSA, AI Act, and other key legislations.
Praxisleiter:
Nicole Wolters Ruckert
Referenzen
‘Very professional team, always up to date and always pro-active in thinking along with their client in solutions for legal issues, for less complex as well as very complex matters and organisations.’
‘Very good working relationship, also proactive and offers more than ‘just’ good quality legal advice; this team really works on finding real solutions.’
‘The team have broad and in-depth knowledge of data and data privacy, including comprehensive oversight of connecting pieces of (EU) legislation and are able to translate this into concrete implications for our business and specific legal issues that come up.’
Highlight-Mandate
Bird & Bird
Bird & Bird‘s privacy and data protection practice draws on the firm’s expertise in regulated industries including life sciences, online platforms, telecoms and finance to advise clients on data regulation and security incidents. The practice is jointly led by data experts Berend Van Der Eijk and Wilfred Steenbruggen. Van der Eijk is well versed in advising international clients with a focus on technology and fintech on EU data regulations including the Data Act, AI Act and Digital Services Act (DSA). Steenbruggen manages data compliance involving the GDPR and regulatory enforcement matters. The team is supported by two strong data-focused associates Chloë Verschoor and Shima Abbady.
Praxisleiter:
Berend van der Eijk; Wilfred Steenbruggen
Weitere Kernanwälte:
Chloë Verschoor; Shima Abbady
Referenzen
‘The team is very responsive and able to quickly help and come up with solutions. The team at Bird & Bird has thorough knowledge of the GDPR, relevant developments and access to a global network they can easily leverage for other jurisdictions.’
‘Working together with Berend van der Eijk over the past years has been great. He is very smart and brings solid expertise and experience. Berend provides honest advice with the right amount of detail.’
‘Shima Abbady is on the rise. Very knowledgeable on AI. She is able to quickly adapt to our challenges and tries to come up with pragmatic solutions. Always fun to work with Shima.’
Kernmandanten
European Commission
Discord
Teva Pharmaceuticals
Bridgestone
Substack
Mapbox
Speedcast
Sdu
Groep Digitale Diensten
ABB
Adyen
Nuts Groep
Viaplay
DocuSign
WeTransfer
Domino’s Pizzas
Epson
Adidas
Coloplast
Delta Energie
Elastic
Nextdoor
Highlight-Mandate
- Advising Teva Pharmaceuticals as DPO on daily data protection law compliance.
- Assisting the European Commission with setting up the European Blockchain Sandbox as well as advising on its European Blockchain Services Infrastructure (EBSI) project.
- Advised a global payment provider on data protection law compliance and wider data regulation, including artificial intelligence.
Eversheds Sutherland
Eversheds Sutherland‘s data privacy and cybersecurity team assists clients with international and national projects, advising on regulatory issues and cybersecurity incidents. The firm has expanded its DPO as a service offering and utilises an automated data protection impact assessment tool to assist clients. Practice head Olaf van Haperen is based in Rotterdam and is an expert in personal data protection and cybersecurity, advising an array of sectors including healthcare, fintech and blockchain. Robbert Santifort is well versed on new technologies and advises on issues such as AI, anonymisation and data scraping.
Praxisleiter:
Olaf van Haperen
Weitere Kernanwälte:
Robbert Santifort
Referenzen
‘The team has been very helpful with matters around new legislation. They understood the unique situation of us and looked for possible solutions and provided different options. This was no one-size fits all but took into account the circumstances.’
‘Individuals were well engaged, available on short notice and willing to find the best solution for us.’
‘Active self-starters with an eye for the need of the business and its international scope as well as the requirements of the privacy framework project.’
Kernmandanten
Cyrus One
Unilever
Shell
ESET
Adidas
Getir
Microsoft
Paypal
Zorgverzekeraars Nederland
Kering Group (ao Gucci, Balenciaga, Yves Saint Laurent etc.)
Gibson Brands
Rheem
Cognizant
EPAM
Zorginstituut Nederland
ORTEC
Experian
Highlight-Mandate
- Assisted CyrusOne data centres with DPO services, focused on the management of the entire data protection compliance program across Europe.
- Advised Zorginstituut Nederland on the data protection issues of project ZE&GG around care evaluation and the assessment of existing medical care for which there is still insufficient scientific evidence.
- Represented Zorgverzekeraars Nederland in two legislative procedures leading to the adoption of a new health care insurance law around the processing of special category data for secondary use purposes.
Loyens & Loeff
Loyens & Loeff has a strong Amsterdam-based data protection and privacy team which unites the expertise of its other practices in Belgium, Luxembourg and Switzerland to advise international and domestic clients on global data protection issues. The team is well equipped to handle a range of issues related to cybersecurity, IT and AI, telecoms, DSA and consumer goods. Kim Lucassen leads the team and is specialised in an array of data privacy and protection issues, and is supported by Nina Orlić who advises on cybersecurity and regulatory data protection matters.
Praxisleiter:
Kim Lucassen
Weitere Kernanwälte:
Nina Orlić
Referenzen
‘Very impressed with Nina Orlić who gives accurate and pragmatic advice in the area of data privacy. She has very thorough knowledge of the subject matter and is a true talent!’
‘The team is great to work with. Kim Lucassen is the star of Dutch data protection legislation.’
‘Kim Lucassen is super responsive and amazing to work with. She posses a sharp legal mind and is looking for creative commercial solutions all the time.’
Kernmandanten
Alliander
Banco Santander S.A. / Santander Consumer Finance S.A.
Bol.com
Colosseum Dental Group
Dunea N.V.
Laced Europe Ltd
Pharmaceutical Research Associates Group B.V.
Tata Communications Netherlands B.V.
Highlight-Mandate
- Advised PRA NL on dispute strategy and represented PRA NL in Dutch proceedings before the District Court of Noord-Nederland.
- Advised Bol on all aspects of an possible abuse of dominance investigation, and represented Bol vis-à-vis the ACM.
Project Moore Advocaten
Project Moore Advocaten fields a specialised data protection practice that advises on contentious and non-contentious data privacy and protection issues. The firm is well equipped to assist the health and life sciences sectors with data privacy issues. Céline van Waesberge is the key name to note for clients within the life sciences sector. Eva Visser utilises her expertise in IT to advise on data protection aspects of technology and IT matters, while Jeroen Koëter advises on a range of data privacy issues. The team has also advised on AI issues, cross-border data compliance projects and data protection disputes.
Weitere Kernanwälte:
Jeroen Koëter; Céline van Waesberge; Lieneke Viergever; Eva Visser
Referenzen
‘Very thoughtful, not only legally but also practicality. In our case, as part of an international company, it also is important to be able to convey the Dutch point of view and the Dutch way of doing things internally in our group.’
‘This practice stands out for its friendly and flexible approach, fostering open communication and strong relationships. The team’s strengths lie in diverse expertise and personalized service, allowing to truly understand and address clients’ needs. Clients can expect responsive support and tailored strategies, backed by deep industry knowledge.’
‘I’ve had the pleasure of working with this firm, and what truly sets them apart is their exceptional level of service and genuine approachability. The individuals I interacted with consistently demonstrated a commitment to understanding my needs and providing tailored solutions.’
Kernmandanten
Coöperatie Samen Digitaal Innoveren (SDI)
The Netherlands Institute for Sound and Vision (Beeld & Geluid)
Voedselbanken Nederland
KNB
Radboud University Medical Centre
Dutch National Police
The Dutch Ministry of Justice and Security
The Employee Insurance Agency (UWV)
Custodial Institutions Agency (DJI)
Curio
Mitsubishi Logisnext Europe
Nikon Corporation (Japan) and Nikon Holdings Europe BV
Dsm-firmenic
Arcadis Nederland
ASML
KLM Royal Dutch Airlines
Transavia Airlines
Picnic
The Association of Dutch Municipalities
Highlight-Mandate
- Advised Mitsubishi Logisnext Europe on elevating its GDPR compliance level following significant organisational changes and increased enforcement of the GDPR across Europe.
- Advised Voedselbanken Nderland on GDPR compliance of the use of personal data across its food bank network.
- Assisted Radboud University Medical Center with drafting a standard contract allowing third-party researchers across the world to access and use patient datasets for scientific research.
CMS
CMS‘ Amsterdam privacy and cybersecurity team is led by cybersecurity expert Erik Jonkman who has a wealth of experience handling cyber incidents and data breaches. The firm also fields a cyber security response service to aid with cyber incidents such as ransomware matters and IT supplier failures. The practice assists a mix of international and domestic clients and advises clients from a number of sectors including insurance, automotive, IT and transport.
Praxisleiter:
Erik Jonkman
Referenzen
‘Erik Jonkman is approachable and can translate complex matters into simple solutions. He has enormous substantive knowledge in the field of privacy and AI.’
‘Erik Jonkman is highly qualified, professionally friendly and always to the point. He never misses an important detail.’
‘Great team with very good responsiveness and flexibility. Experience in cyber and in communicating to clients suffering a crisis.’
Kernmandanten
AIG
Beazley
Chubb
SkyShowtime
Qbuzz
ASR
citizenM
QBE
PLUS Retail
NEQSOL
ID Logistics
Primark
Lemonade
I-SEC
Kubota
Highlight-Mandate
- Advised AIG on cyber security incidents and data breaches for AIG cyber insureds.
- Advised Chubb on cyber security incidents and data breaches for Chubb cyber insureds.
- Advised Beazley on cyber security incidents and data breaches for Beazley cyber insureds.
Freshfields Bruckhaus Deringer
Freshfields Bruckhaus Deringer‘s data privacy practice has five core focuses which consists of regulatory inquiries and appeal proceedings following regulatory enforcement decisions, data privacy-related litigation, data compliance projects, data incident preparation and response and transactional data privacy matters. The team often advises multinationals from regulated sectors such as technology, IT, finance, energy and entertainment. Mark Egeler leads the practice from Amsterdam and is the go-to for all data-related contentious and non-contentious issues.
Praxisleiter:
Mark Egeler
Weitere Kernanwälte:
Darya Bondarchuk; Mijke Sinninghe Damsté
Referenzen
‘The team is well equipped to advise international companies on how to comply with data privacy law, regulations, and guidelines in different jurisdictions. They are great at providing practical advice for multinational companies in this ever-changing data privacy landscape.’
‘Mark Egeler seems to know every case in Europe that relates to the data protection issues our company is facing, and provides excellent practical guidance that reduces risk while minimising impact to the business.’
‘The Freshfields team does a particularly good job of leveraging expertise from attorneys across their global offices, which has helped our work to be more efficient.’
Kernmandanten
Global Technology Company
Adobe
A Platform Technology Company
CVC Capital Partners
Macromill
Essent NV
Talpa
Volkswagen
Highlight-Mandate
- Represented a global technology company in a global data breach response with more than 25 countries involved and several regulatory inquiries.
- Represented Adobe in a class action brought by Dutch foundation Stichting Data Bescherming Nederland (SDBN) under the Dutch WAMCA-regime, over alleged violations of the GDPR, the Dutch Telecommunications Act and the Charter of Fundamental Rights of the European Union.
- Advised a global platform technology company on data protection compliance across the board.
Greenberg Traurig LLP
Greenberg Traurig LLP is noted for its focus on advising the State of the Netherlands on privacy issues, often against big technology companies. Other than the Dutch State, the team also advises domestic and foreign public entities and corporates as well as entities in the Dutch educational sector. The team is led by Herald Jongen who is well-versed on IT outsourcing and data protection issues. Nienke Bernard has been active in handling negotiations and acts as the main contact for clients in privacy matters.
Praxisleiter:
Herald Jongen
Weitere Kernanwälte:
Nienke Bernard
Referenzen
‘The team has great knowledge and understanding of the working of GDRP on all aspects of personal data. They know how to use that knowledge to obtain terms and conditions for their clients so that they can use products and services in a compliant manner.’
‘Knowledge, quick turnaround on drafts, humour and in our case knowledge of the challenges within Dutch government organisations.’
‘Highly experienced, smart, kind and hands-on lawyers. They have a diverse team with multiple talents. They have the back-up resources from a global law firm.’
Kernmandanten
State of the Netherlands (Ministry of Justice and Security)
State of the Netherlands (National Cyber Security Centre of the Dutch State (NCSC))
State of the Netherlands (Ministry of the Interior and Kingdom Relations)
State of the Netherlands (Ministry of Education & Science)
Surf
Sivon
Athora Netherlands N.V.
Anonos, Inc.
Bird B.V.
European Stability Management (ESM)
The Athlete’s FoodCoach B.V.
Skyhaus BVBA
Simac ITNL B.V.
ML6
Highlight-Mandate
- Assisted the State of the Netherlands with their deal with AWS to enable government-wide use of their cloud services.
- Advising Skyhaus B.V. on setting up their U.S. entity and ringfencing liability risk with respect to intellectual property rights in their AI software.
- Advising Anonos, Inc. on their data embassy tool’s compliance with the data protection rules.
Houthoff
Sitting within the TMT practice, the privacy and data protection team at Houthoff handles data protection-related litigation and provides clients with regulatory advice. The team has been litigating on issues such as data subjects’ rights and information requests. Automotive, transport and insurance sectors are all key focus areas for the firm. Jurre Reus was recently promoted to counsel in July 2024 and continues to represent clients in data-related litigations and assist clients with setting up data compliance frameworks. Team lead Thomas de Weerd advises on data protection matters and IT law.
Praxisleiter:
Thomas de Weerd
Weitere Kernanwälte:
Jurre Reus
Kernmandanten
Marktplaats and 2dehands.be
RDW
XPeng
VolkerWessels
Hyundai
Nexperia
Mazda
Kia
Miro
Ford
Spencer Health Solutions
Jaguar Land Rover
Chery Automobile
Hearst
Stellantis Financial Services
Huawei
Nationale-Nederlanden
Petrobras
Highlight-Mandate
- Represented RDW in a litigation before the Council of State regarding a complaint lodged with the Dutch DPA over automated comparisons of vehicle registration databases for the purpose of imposing administrative fines.
- Advised VolkerWessels on its cybersecurity response.
- Assisted Hyundai with setting up a new CRM platform, including all issues regarding the use of cookies, the design of user interfaces, and the use of profiling and behavioural advertising.
NautaDutilh
NautaDutilh‘s Amsterdam data protection and cybersecurity group specialises in assisting technology sector clients with a range of privacy and data matters. The team often advises clients on data protection matters that involve specific technical aspects including class actions involving privacy compensation claims, dealing with sensitive personal data, cross-border GDPR matters and issues related to cyber security. Practice head Joris Willems assists clients with contentious and non-contentious data protection issues and often advises financial institution’s on data-related issues. Sarah Zadeh and Danique Knibbeler are also key members of the data protection team.
Praxisleiter:
Joris Willems
Weitere Kernanwälte:
Cyril Christiaans; Sarah Zadeh; Danique Knibbeler
Referenzen
‘My experiences with Cyril Christiaans and Sarah Zadeh from NoutaDutilh have been very positive. Both were available and responded quickly to my requests. Especially Sarah Zadeh was very skilled in her field. Her knowledge of the IT world really helped me in making the right choices.’
‘I have worked with Joris Willems on several cases in the past and rely on his knowledge of our industry which makes our data protection concerns quite specific.’
‘The rather young team at Nauta Dutilh is extremely dynamic and passionate about the subject matter. They have great visibility in the marketplace and each of its members are extremely active in the data protection community. It makes them the go-to team of the Benelux region on all tech-related matters.’
Kernmandanten
ABN Amro Bank
American Express
Apple
a.s.r. Nederland
Boston Consulting Group
Bloomberg
Captin
CBRE Global Investors
Deloitte
Ginkgo Bioworks
Prosus
HAL Investments
Infomedics
ING Bank
Knab Bank
Keensight Capital
Lineage Logistics
Meta
Ministry of Finance
Municipality of The Hague
Nederlandse Spoorwegen (Dutch Railways)
Nationaal Park De Hoge Veluwe
NVB (Dutch Banking Association)
NIBC
NPM Capital
Nord Security
Petrobras
Rabobank
Rosewood
RTL Group
SVn (Stimuleringsfonds Volkshuisvesting Nederlandse gemeenten (SVn))
Sky Group Holding B.V.
Tata Consultancy Services (TCS)
Tencent
Triodos Bank (nu publishable)
Trivago
Uber
International Card Services
Volksbank
Shell
Highlight-Mandate
- Assisted Prosus with developing its innovative AI tool including drafting fair use and privacy policies.
- Advised a.s.r. Nederland N.V. on the sale of Aegon Bank N.V., including analysis, drafting contracts and negotiating the transfer of all personal data.
- Represented the French and Belgian associations of accidental Americans, along with several individuals, in legal actions against the Belgian, Dutch and Luxembourg tax authorities.
Osborne Clarke
Osborne Clarke has a global data privacy and protection team that is well equipped to assist international clients with multi-jurisdictional data protection issues such as data processing compliance, day-to-day data protection advice and data localisation. The Amsterdam-based team is jointly led by Joanne Zaaijer and Coen Barneveld Binkhuysen, with Zaiijer assisting with cross-border data transfers, data privacy implementation, data retention and a slew of other issues. Dewi Harkink is another name to note and is well versed on data privacy law.
Praxisleiter:
Joanne Zaaijer; Coen Barneveld Binkhuysen
Weitere Kernanwälte:
Dewi Harkink
Referenzen
‘Team with a deep expertise in data protection, well organised that provides business-oriented and pragmatic advice.’
‘Joanne Zaaijer is business-oriented, friendly and results-driven.’
‘Dewi Harkink has strong communicative skills to manage expectations and proper quality of work delivered.’
Kernmandanten
Adidas
Baxter
Danone
HEMA
Henkel
Levi9 Global Sourcing B.V.
Meta
Oaky
Sonos
XXImo
Highlight-Mandate
- Advised Meta on data protection, including in relation to Instagram and Facebook.
- Advised Henkel on data processing compliance and other privacy and protection issues.
- Advised Baxter’s Dutch entity and US headquarters on day-to-day privacy and data protection law issues.
SOLV Advocaten
SOLV Advocaten is an IT-focused boutique firm that stands out for its expertise in representing claimants in complex class actions as well as advising clients on non-contentious data privacy issues. The practice is led by Douwe Linders who leads on GDPR-infringement class actions and Wanda van Kerkvoorden who is an expert in both IT and data privacy issues. The firm is known for assisting software and e-commerce clients but has recently grown its client base to include the retail and healthcare sectors.
Praxisleiter:
Wanda van Kerkvoorden; Douwe Linders
Referenzen
‘Wanda van Kerkvoorden is highly knowledgeable and very client focused.’
‘Very experienced team with deep industry knowledge.’
‘The whole team is brilliant, Wanda van Kerkvoorden stands out.’
Kernmandanten
Jumbo Supermarkets
Catawiki
Holland Casino
Sanoma Learning
Multitankcard
Stichting ICAM
SOMI
Highlight-Mandate
- Represented SOMI Foundation in a €1.4bn data privacy class action against TikTok.
- Represented Foundation ICAM in a €3.2bn data privacy class action against the Dutch State.
- Advised Multi Tank Card on GDPR-related issues of Qrid, a platform for electronic vehicle charging.
AKD
AKD fields a well-rounded data protection team which assists with regulatory and compliance issues, international data transfers, enforcement and litigation. Class actions is a primary focus of the team which typically represents plaintiffs. The team is led by Martin Hemmer who is experienced in handling enforcement actions by the Dutch DPA as well as court proceedings involving personal data requests.
Praxisleiter:
Martin Hemmer
Weitere Kernanwälte:
Renée Schipper; Sophie Hendriks
Referenzen
‘As far as I am concerned, AKD’s practice in the field of data protection law is unique because of its high degree of professionalism. If requested, advice is given quickly and professionally in understandable language. Contacts are pleasant and the lines are short.’
‘Advice is expressed in a digestible and easy to understand way. The attention and understanding given to the background and reason for the request for advice are taken into account when looking at a case. AKD stands head and shoulders above the rest when it comes to contacts and communication methods.’
‘AKD’s expertise in data protection and experience to guide clients through the complex legal landscapes of privacy and data security, both preventatively and in response to incidents, enables them to assist clients and to advise in legal proceedings before court.’
Kernmandanten
Stichting Data Bescherming Nederland
Hyundai Global Services Europe B.V.
CIZ
Dutch Data Protection Authority
Port of Rotterdam N.V.
Aevitae B.V.
Municipality of Eindhoven
Municipality of Breda
Samsung SDS Global SCL Netherlands Cooperatief
Univé
Stichting DUWO
Stichting Thuisvester
Highlight-Mandate
- Represented Stichting Data Bescherming Nederland in a mass claim against Amazon regarding the large-scale unlawful processing of the personal data of Amazon account holders.
- Advised several Ports and Port Authorities on the use of CCTV, AI techniques and transfers of data in light of drug-related issues, smuggling and other criminal matters.
- Represented the Dutch Data Protection Authority in legal proceedings about various enforcement cases.
BarentsKrans
BarentsKrans‘ data privacy practice has grown with the hire of new practice head and data protection expert Marc Elshof in October 2023, following his departure from Dentons. The Hague-based team advises both domestic and international clients with data protection and cybersecurity issues. Key matters include advising on the EU digital governance legislation, building global privacy frameworks and cybersecurity advice. Elshof is well-versed in assisting clients with negotiations for IT and outsourcing contracts.
Praxisleiter:
Marc Elshof
Referenzen
‘A balanced approach (i.e. win-win orientated rather than win-lose) which creates favourable negotiation dynamics.’
‘Marc Elshof inspires trust and constructive negotiations.’
‘It has been a pleasure to work alongside Marc Elshof, who is a partner with the privacy and technology team. He brings over a decade of experience (including some experience in London) of leading international technology and data projects. Solid lawyer with a solid team!’
Kernmandanten
BMW Financial Services
Bunq
DuckDuckGo
Analog Devices Inc.
Unibail-Rodamco-Westfield
Feld Entertainment
Fourthline
Foot Locker
ING Bank
Lumera
Mattr
Playa Hotels & Resorts
Saphyre
SkyKick
Stichting 113
Highlight-Mandate
- Advised SkyKick’s on all its technology, privacy, and data-related matters, including the AI Act, Data Act, NIS2, and GDPR, as well as on five contracts with new customers.
- Assisting Lumera with its outsourcing deal with a Dutch pension fund, from RfP stage to final contract negotiations.
- Advised Foot Locker on its strategic privacy, technology, and e-commerce matters.
bureau Brandeis
Independent law firm bureau Brandeis is well versed in data privacy and telecom matters and excels in representing claimants in data protection-related class actions. Christiaan Alberdingk Thijm leads the team with his focus on digital copyright litigation after former practice co-head Vita Zwaan, an expert in mass claims, litigation and enforcement issues related to data protection, departed for Rubicon Impact & Litigation in November 2024 together with Jacob van de Velde.
Praxisleiter:
Christiaan Alberdingk Thijm
Weitere Kernanwälte:
Nienke de Bruijn; Minke Gommer
Referenzen
‘Exceptionally personal and transparent in their approach.’
‘Nienke de Bruijn and Minke Gommer have done an outstanding job.’
‘Hands-on mentality, very good knowledge and experience as well as nice people.’
Kernmandanten
Spotzer Digital
Alfen
RAI Amsterdam
NewBees
Stichting Massaschade & Consument
The Privacy Collective
Maxeda DIY Group
Civinc B.V. and Stichting Civinc
Polarsteps
StuDocu
Timelex
Pathé
Marktplaats
Highlight-Mandate
- Represented Stichting Massaschade & Consument in a class action against Google before the District Court of Amsterdam on behalf of Android users in the Netherlands regarding the violation of laws on data protection.
- Represented Stichting Massaschade & Consument in collective damages actions against TikTok before the District Court of Amsterdam and the Amsterdam Court of Appeals based on the GDPR and the new Dutch collective claim regime.
- Assisted Pathé with updating its internal and external privacy policies, taking into consideration its new business ventures, partnerships and corresponding processing activities.
Dentons
Dentons mainly advises finance, fintech and retail clients on data protection regulatory and compliance issues. The team has assisted clients with data regulatory projects involving new issues such as use of non-personal data. Alexander Odle leads the team and has expertise across IP, data and technology matters. Associate Rosemarie Schaar often advises on IT-related agreements. Previous practice head Marc Elshof left the firm in October 2023.
Praxisleiter:
Alexander Odle
Weitere Kernanwälte:
Rosemarie Schaar
Referenzen
‘Pragmatic approach, business-minded and always get the job done.’
‘They understand your needs like no other and can place themselves in the shoes of their clients.’
Kernmandanten
EuroParcs
Feld Entertainment Inc.
Foot Locker
Nutrinova
ING Bank
Saphyre
Stichting Hulptroepen Alliantie
Matchwornshirts
The Social Hub
Highlight-Mandate
- Advised a major Dutch client operating throughout Europe on a significant data breach by one of their third-party suppliers.
- Advised a global player in the automotive industry on data privacy in relation to their distribution model and ensuring seamless data sharing in accordance with EU data protection laws.
- Assisted an international neo-bank with a comprehensive privacy assessment for a public transport project, covering the full data flow, identifying all possible risks and remediation measures.
DLA Piper
DLA Piper advises international clients on global privacy and data protection issues from Amsterdam. The team is especially well versed in assisting technology sector clients on matters such as the intersection between AI and personal data, the online use of data, data breaches and GDPR implementation. Practice head Richard van Schaik handles a mix of data protection and cybersecurity matters.
Praxisleiter:
Richard van Schaik
Weitere Kernanwälte:
Radha Pull ter Gunne
Referenzen
‘DLA Piper always understands exactly what we are looking for and are prepared to deliver. They are flexible and great to work with. Highly recommended.’
‘The team is unique because of its global reach and seamless collaboration across jurisdictions, making it uniquely positioned to handle complex, multi-national issues. I appreciate their strong expertise in IP, IT and AI and their great service delivery.’
‘The lawyers at DLA stand out for their industry knowledge and proactive, hands-on approach. Their ability to anticipate client needs and provide tailored solutions differentiates them from competitors.’
Kernmandanten
Arlanxeo
ASICS
AuthenthicID
Blink CV
Danone
Funda
Fugro
H@nd
Inter IKEA
Interogo Holding
Omron
PrivacyPerfect
Pearson plc
Rituals
Royal Reesink
SABIC
The Walt Disney Company (Benelux) B.V.
Zenimax
Highlight-Mandate
- Assisted Omron with launching its IoT product, OMRON Connect, across key EU markets by providing strategic advice on compliance, privacy, and data handling.
- Advised ASICS on the implementation of a new marketing platform, understanding data flows, updating policies, and preparing for AI Act compliance.
- Assisted H@nd International B.V. with its age-identifier product being legally compliant by performing privacy impact assessments and making necessary adjustments, enabling its rollout across various EU jurisdictions.
Holla legal & tax
Holla legal & tax‘s data protection and privacy team advises domestic and international clients on GDPR compliance, international data transfers, personal data breaches and other key data privacy issues. The team is based in ‘s-Hertogenbosch and led by Kim de Bonth who is an expert in data protection legislation and advises clients from a wide range of sectors such as healthcare, businesses services, energy and IT.
Praxisleiter:
Kim de Bonth
Weitere Kernanwälte:
Femmie Schets; Ruben Krul
Referenzen
‘The team of Holla legal & tax have a very diversified & in-depth knowledge base. I can contact them on almost all legal matters (including AI related matters) inside the Netherlands. Additionally, they provide me with a solid network of foreign council when needed.’
‘Flexible, cooperative counterparts with extensive knowledge and experience.’
‘Very good pan-European coverage to assist companies working across multiple jurisdictions with their GDPR requirements. Great network within the firm, so that if an expert on another team/ matter is required, then the team will find someone to assist on short notice.’
Kernmandanten
Mizuno Corporation
Plato Group B.V.
My Jewellery B.V.
X2User B.V. (‘Rapasso’)
Achmea Schadeverzekeringen N.V. (‘Interpolis’)
Talent Inc. / Imkey B.V. (‘Resume.io’)
Liquid Enterprises B.V. (‘Team Liquid’)
Celegence LLC / Qdossier B.V.
Kiwa N.V.
Ricoh Nederland B.V.
Spotmaster B.V.
Enigma Distribution Benelux B.V. (‘Asmodee’)
OTTO Work Force B.V. and Kafra Vastgoed B.V.
Würth Elektronik Nederland B.V.
Brabant Water N.V.
Innovatie nul13 B.V.
Fabory Nederland B.V.
GEA Refrigeration Netherlands N.V.
TIAS Business School B.V.
IFG Pensions Ltd (UK)
Brover Bedrijfswageninrichting B.V.
Wij zijn Jong B.V.
Stichting BrabantZorg
MijnGemeenteDichtbij
Highlight-Mandate
- Advised Talent Company Inc. on becoming GDPR compliant, including international data transfers, accountability, transparency and direct marketing.
- Advised Celegence LLC on becoming GDPR compliant, with a special focus on international data transfers.
- Assisted Plato Group with contractual negotiations on obligations of a wholesaler under the GDPR.
HVG Law LLP
HVG Law LLP‘s digital, cyber and privacy practice is led by Saskia Vermeer de Jongh who regularly assists clients with implementing data protection projects. The Amsterdam-based practice is noted for its specialty in assisting large financial institutions with corporate aspects of data privacy and protection matters.
Praxisleiter:
Saskia Vermeer de Jongh
Weitere Kernanwälte:
Wout Olieslagers; Merien Voorboom
Referenzen
‘The team was able to map the GDPR landscape during a M&A deal, provide gap analysis and detail actions in a productive and educational environment. The team provided support of highest quality until issues had been resolved.’
‘It has a very large team with many areas of expertise that provided support during a high-paced process. The attention to detail was phenomenal with a proactive partner and process management was outstanding. The team’s ability to support our efforts in resolving GDPR actions was invaluable.’
‘The team is very approachable and smart but also very pragmatic in the approach and solutions.’
Kernmandanten
ING Bank N.V. (ING)
Koninklijke Nederlandse Voetbal Bond (KNVB)
Reisinformatiegroep B.V. (9292OV)
Shin-Etsu Silicones Europe B.V. (Shin-Etsu)
Currence iDeal B.V. (Currence)
Koninklijke Nederlandse Lawn Tennis Bond (KNLTB)
Topigs Norsvin Holding B.V. (Topigs Norsvin)
GoodHabitz B.V. (GoodHabitz)
Jetbrains N.V. (Jetbrains)
Bedrijfstakpensioenfonds MITT (Bpf MITT)
Topcon Europe B.V. (Topcon)
Verbond van Verzekeraars
Sendcloud B.V. (Sendcloud)
Coöperatieve Telersvereniging Harvest House U.A. (Harvest House)
Aruba Tourism Authority (ATA)
Atos Nederland B.V. (Atos)
NN Insurance Eurasia N.V. (Nationale-Nederlanden)
Piggy Netherlands B.V. (Piggy)
Stichting Bureau Clara Wichmann (Bureau Clara Wichmann)
Integrated System Events LLC (ISE)
European LifeCare Group A/S (ELCG)
Highlight-Mandate
- Assisted the KNLTB (Dutch Tennis Federation) with its administrative procedure appealing an administrative fine of the Dutch DPA.
- Advised Nationale-Nederlanden on various data protection matters.
- Assisted Bureau Clara Wichmann with their research on taking legal action to prevent online hate speech against women, particularly female politicians on a pro bono basis.
Ploum
Ploum‘s data privacy and protection team is led by data experts Dennis Zieren, Dorine ten Brink and Matthijs Gardien out of Rotterdam. The team is often mandated by healthcare, marketing and e-commerce clients to assist them with international data transfers, GDPR compliance and processing employee data. Cyber incidents are also a part of the team’s capabilities.
Praxisleiter:
Dennis Zieren; Dorine ten Brink; Matthijs Gardien
Referenzen
‘There’s a lot of expertise in different fields. Complex matters are generally answered quickly and professionally and availability for consultation is exceptionally good.’
‘The team is notable for its speed of thinking along and acting. It takes into account our interests and the latest developments in data privacy and data protection.’
‘Dennis Zieren and his team are very dedicated and willing to help and support in all matters.’
Kernmandanten
Codeless Technology B.V.
LMG
BovenMaas Prenataal B.V.
MAERSK
Portbase B.V.
Hutchison Ports Delta II
Arbo Unie B.V.
F24 Group
CACI B.V.
APMT MVII
Keesing Reference Systems B.V.
Highlight-Mandate
- Advised Portbase B.V. on several privacy matters, such as drafting an updated privacy and cookie statement and advising on new Dutch and EU legislation, such as the Data Act.
- Assisted CACI B.V. with multiple Data Protection Impact Assessment (DPIA) processes, providing comprehensive support to ensure legal compliance.
- Advised Maersk on the collection of diversity data from employees, safety and security measures in the workplace, and whistleblowing policies.
Taylor Wessing
The technology and data team at Taylor Wessing has a strong international network to assist domestic and overseas clients with cross-border data compliance and privacy matters. The team is well equipped to assist technology sector clients and support technology companies from seed stages to IPO. The Amsterdam team is led by Otto Sleeking who handles data processing agreements, security measures and data transfers as well as data breach claims.
Praxisleiter:
Otto Sleeking
Weitere Kernanwälte:
Martijn Loth
Referenzen
‘They provide very hands-on advice and recommendations.’
‘Martijn Loth is approachable, easy to reach and gives clear advice.’
‘Martijn Loth is a very competent, knowledgeable lawyer. He is very pragmatic, realistic and easy to work with. He is very skilled at analysing a situation and determining how to manage the dispute from a strategy perspective.’
Kernmandanten
Astrata
Atradius
BYD
CM.com
Homefashion Group (Leen Bakker & Kwantum)
ING Bank N.V.
Kawasaki Motors Europe NV
Keylane
Lidl Nederland GmbH
Hiya
Semmie
Sociale Verzekeringsbank
Sony
Technische Unie BV / Sonepar Group
Technische Universiteit Delft (TU Delft)
The NU
Vinted
Vizgen
ABN AMRO
SpaceX
WCC
Highlight-Mandate
- Assisted a global energy company with a multi-jurisdictional ransomware attack.
- Assisted a technology company in the financial services sector with the transformation needed to comply with newly enacted EU AI and cyber security legislation.
- Advised an electric vehicles manufacturer on ongoing global data protection compliance.
Turing Law
Based in The Hague, Turing Law is a boutique firm centered on IT, data and digital transformation issues. The team assists clients with personal data protection, privacy strategy and policies, data breach notifications and international transfers. Data specialists Huub de Jong and Jeroen van Woezik both co-lead the practice.
Praxisleiter:
Huub de Jong; Jeroen van Woezik
Referenzen
‘Huub de Jong is a very sharp lawyer and he knows how to clearly describe and identify the weak spots of a contract from a supplier.’
‘This small team is very knowledgeable. Pragmatic advice and easy to work with.’
‘Huub de Jong is pragmatic, quick and smart. Has been key in solving some major privacy concerns.’
Kernmandanten
Zorg van de Zaak Netwerk
Nederlands Centrum Jeugdgezibdheidszorg
Patiëntenfederatie Nederland
Ministry of Education, Culture and Science (works counsel)
Meedervoort
NovaCair
Actiz
Cerba
The Next Web (Financial Times)
Zuyderland Medisch Centrum
Stichting CJG Rijnmond
Stichting verslavingsreclassering GGZ (SVG)
Deutsche Leasing
WeTransfer Supporting Act
AWVN
Twise Victory Publishing
Gynzy
Greetz (Moonpig)
De Mandemakers Groep
Stoov
Pink Gellac
Anywhere 365
Regiozorg
Woonbedrijf
Cyclom edia
Incentro
Camenai
Stek
Cassini Technologies
Quatt
Jblaw
Van Campen Liem
Delmar
JamesEdition
Emendo Capital
Corp
Highlight-Mandate
- Assisted Nedvest with initiating a pilot privacy portfolio management service for private equity funds to ensure continuous GDPR compliance.
- Assisted a bank with ensuring responsible use of its customer data in compliance with the GDPR.
- Assisted Quatt with fast-track GDPR implementation process, providing strategic advice on its processing activities and drafting all required privacy related documentation.