Brinkhof‘s Amsterdam-based data protection practice is led by Quinten Kroes who has longstanding expertise in the TMT sector and advises multinational and international technology companies and technology-adjacent entities on Dutch data privacy issues. The practice advises on GDPR compliance and represents clients in data privacy and protection class actions. The team continues to be key in assisting clients with privacy enforcement issues, often defending them from investigations initiated by the Dutch Data Protection Authority (DPA). Remy Chavannes leads on ‘rights to be forgotten’ cases and is mandated by online platforms for assisting with online liability matters.

De Brauw Blackstone Westbroek centres its data privacy practice around public and private enforcement matters. The team stands out for its expertise in data protection litigation and investigations, often representing major technology companies in class actions and follow-on mass claims civil litigation. The team also assists clients with cybersecurity incident responses and critical advisory services. Practice head Geert Potjewijd is well versed in EU and international data protection laws, advising on a large number of GDPR collective actions in the Netherlands. Co-lead Axel Arnbak is the go-to for data and cybersecurity issues, recognised for his expertise in regulatory issues and is often invited to testify before the European and Dutch parliaments as a privacy and cybersecurity specialist.

Joke Bodewits leads the privacy and cybersecurity practice at Hogan Lovells International LLP which is well-equipped to handle global cyber incidents, AI, data governance and a slew of other issues. Bodewits is a cybersecurity specialist and is key to the firm’s global and EU cybersecurity compliance projects and data governance strategies. She regularly handles enforcements actions based on the GDPR and utilises her background in IT law to advise on complex cybersecurity incidents. The practice is sought out by global clients and assists them with time-sensitive issues such as major cyber attacks including ransomware issues. Chantal van Dam assists a mix of international and domestic clients with global data retention strategies and privacy projects.

The privacy, cybersecurity and regulated markets team at Kennedy Van der Laan is known for its sector expertise across finance, transport and logistics, telecoms, entertainment and healthcare. The team is noted for its expertise in assisting clients with investigations and enforcement proceedings locally and abroad. Internal investigations, legal proceedings against data subjects exerting thier rights under data protection law, and obtaining permits under Dutch data protection law are all key pillars of the practice. The sizeable team is led by Hester de Vries, Quirine Tjeenk Willink, Rosalie Brand and Judica Krikke. De Vries is a data protection authority and assists technology multinationals and public sector institutions with data protection law issues. Enforcement matters are handled by specialist Tjeenk Willink, Brand is the go-to for cybersecurity matters, and Krikke advises on IT aspects of data protection issues.

Pels Rijcken‘s privacy and data protection team sits within the wider privacy and technology department and is led out of The Hague by Gerrit-Jan Zwenne and Marte van Graafeiland. The practice advises both public and private sector clients including representing the Dutch State in high-profile proceedings. The team also often represents non-profit foundations as claimants in collective redress litigation against big technology enterprises, and assists defendants in class action law suits against foundations. Other key work includes assisting clients with data breaches, data subject access rights and use of data collection and processing methods. Zwenne is a leading figure in the data protection space, while van Graafeiland focuses on data protection issues involving the public domain.

Van Doorne‘s privacy and data team is led by data protection expert Elisabeth Thole who is praised as a ‘leading figure in the data protection scene’. The team advises clients on a wide range of issues including data compliance, data-related regulatory proceedings, mass claims and recourse claims as well as data breaches. Thole sits in Amsterdam and has longstanding expertise in privacy, handling both contentious and non-contentious privacy issues. She works closely together with Özer Zivali who handles a mix of data protection and cybersecurity matters. Zivali excels in contentious data protection issues, advising on mass claims, cross-border data breaches and enforcement matters.

A&O Shearman‘s Amsterdam data privacy team advises on a range of regulatory data protection issues. The team advises both international and domestic corporates and multinationals, utilising its international network to advise on issues involving multiple jurisdictions. It is also well versed in emerging legislation as well as enforcement and cybersecurity matters. Nicole Wolters Ruckert leads the team and advises clients on data protection implications of the GDPR, DSA, AI Act, and other key legislations.

Bird & Bird‘s privacy and data protection practice draws on the firm’s expertise in regulated industries including life sciences, online platforms, telecoms and finance to advise clients on data regulation and security incidents. The practice is jointly led by data experts Berend Van Der Eijk and Wilfred Steenbruggen. Van der Eijk is well versed in advising international clients with a focus on technology and fintech on EU data regulations including the Data Act, AI Act and Digital Services Act (DSA). Steenbruggen manages data compliance involving the GDPR and regulatory enforcement matters. The team is supported by two strong data-focused associates Chloë Verschoor and Shima Abbady.

Eversheds Sutherland‘s data privacy and cybersecurity team assists clients with international and national projects, advising on regulatory issues and cybersecurity incidents. The firm has expanded its DPO as a service offering and utilises an automated data protection impact assessment tool to assist clients. Practice head Olaf van Haperen is based in Rotterdam and is an expert in personal data protection and cybersecurity, advising an array of sectors including healthcare, fintech and blockchain. Robbert Santifort is well versed on new technologies and advises on issues such as AI, anonymisation and data scraping.

Loyens & Loeff has a strong Amsterdam-based data protection and privacy team which unites the expertise of its other practices in Belgium, Luxembourg and Switzerland to advise international and domestic clients on global data protection issues. The team is well equipped to handle a range of issues related to cybersecurity, IT and AI, telecoms, DSA and consumer goods. Kim Lucassen leads the team and is specialised in an array of data privacy and protection issues, and is supported by Nina Orlić who advises on cybersecurity and regulatory data protection matters.

Project Moore Advocaten fields a specialised data protection practice that advises on contentious and non-contentious data privacy and protection issues. The firm is well equipped to assist the health and life sciences sectors with data privacy issues. Céline van Waesberge is the key name to note for clients within the life sciences sector. Eva Visser utilises her expertise in IT to advise on data protection aspects of technology and IT matters, while Jeroen Koëter advises on a range of data privacy issues. The team has also advised on AI issues, cross-border data compliance projects and data protection disputes.

CMS‘ Amsterdam privacy and cybersecurity team is led by cybersecurity expert Erik Jonkman who has a wealth of experience handling cyber incidents and data breaches. The firm also fields a cyber security response service to aid with cyber incidents such as ransomware matters and IT supplier failures. The practice assists a mix of international and domestic clients and advises clients from a number of sectors including insurance, automotive, IT and transport.

Freshfields Bruckhaus Deringer‘s data privacy practice has five core focuses which consists of regulatory inquiries and appeal proceedings following regulatory enforcement decisions, data privacy-related litigation, data compliance projects, data incident preparation and response and transactional data privacy matters. The team often advises multinationals from regulated sectors such as technology, IT, finance, energy and entertainment. Mark Egeler leads the practice from Amsterdam and is the go-to for all data-related contentious and non-contentious issues.

Greenberg Traurig LLP is noted for its focus on advising the State of the Netherlands on privacy issues, often against big technology companies. Other than the Dutch State, the team also advises domestic and foreign public entities and corporates as well as entities in the Dutch educational sector. The team is led by Herald Jongen who is well-versed on IT outsourcing and data protection issues. Nienke Bernard has been active in handling negotiations and acts as the main contact for clients in privacy matters.

Sitting within the TMT practice, the privacy and data protection team at Houthoff handles data protection-related litigation and provides clients with regulatory advice. The team has been litigating on issues such as data subjects’ rights and information requests. Automotive, transport and insurance sectors are all key focus areas for the firm. Jurre Reus was recently promoted to counsel in July 2024 and continues to represent clients in data-related litigations and assist clients with setting up data compliance frameworks. Team lead Thomas de Weerd advises on data protection matters and IT law.

NautaDutilh‘s Amsterdam data protection and cybersecurity group specialises in assisting technology sector clients with a range of privacy and data matters. The team often advises clients on data protection matters that involve specific technical aspects including class actions involving privacy compensation claims, dealing with sensitive personal data, cross-border GDPR matters and issues related to cyber security. Practice head Joris Willems assists clients with contentious and non-contentious data protection issues and often advises financial institution’s on data-related issues. Sarah Zadeh and Danique Knibbeler are also key members of the data protection team.

Osborne Clarke has a global data privacy and protection team that is well equipped to assist international clients with multi-jurisdictional data protection issues such as data processing compliance, day-to-day data protection advice and data localisation. The Amsterdam-based team is jointly led by Joanne Zaaijer and Coen Barneveld Binkhuysen, with Zaiijer assisting with cross-border data transfers, data privacy implementation, data retention and a slew of other issues. Dewi Harkink is another name to note and is well versed on data privacy law.

SOLV Advocaten is an IT-focused boutique firm that stands out for its expertise in representing claimants in complex class actions as well as advising clients on non-contentious data privacy issues. The practice is led by Douwe Linders who leads on GDPR-infringement class actions and Wanda van Kerkvoorden who is an expert in both IT and data privacy issues. The firm is known for assisting software and e-commerce clients but has recently grown its client base to include the retail and healthcare sectors.

AKD fields a well-rounded data protection team which assists with regulatory and compliance issues, international data transfers, enforcement and litigation. Class actions is a primary focus of the team which typically represents plaintiffs. The team is led by Martin Hemmer who is experienced in handling enforcement actions by the Dutch DPA as well as court proceedings involving personal data requests.

BarentsKrans‘ data privacy practice has grown with the hire of new practice head and data protection expert Marc Elshof in October 2023, following his departure from Dentons. The Hague-based team advises both domestic and international clients with data protection and cybersecurity issues. Key matters include advising on the EU digital governance legislation, building global privacy frameworks and cybersecurity advice. Elshof is well-versed in assisting clients with negotiations for IT and outsourcing contracts.

Independent law firm bureau Brandeis is well versed in data privacy and telecom matters and excels in representing claimants in data protection-related class actions. Christiaan Alberdingk Thijm leads the team with his focus on digital copyright litigation after former practice co-head Vita Zwaan, an expert in mass claims, litigation and enforcement issues related to data protection, departed for Rubicon Impact & Litigation in November 2024 together with Jacob van de Velde.

Dentons mainly advises finance, fintech and retail clients on data protection regulatory and compliance issues. The team has assisted clients with data regulatory projects involving new issues such as use of non-personal data. Alexander Odle leads the team and has expertise across IP, data and technology matters. Associate Rosemarie Schaar often advises on IT-related agreements. Previous practice head Marc Elshof  left the firm in October 2023.

DLA Piper advises international clients on global privacy and data protection issues from Amsterdam. The team is especially well versed in assisting technology sector clients on matters such as the intersection between AI and personal data, the online use of data, data breaches and GDPR implementation. Practice head Richard van Schaik handles a mix of data protection and cybersecurity matters.

Holla legal & tax‘s data protection and privacy team advises domestic and international clients on GDPR compliance, international data transfers, personal data breaches and other key data privacy issues. The team is based in ‘s-Hertogenbosch and led by Kim de Bonth who is an expert in data protection legislation and advises clients from a wide range of sectors such as healthcare, businesses services, energy and IT.

HVG Law LLP‘s digital, cyber and privacy practice is led by Saskia Vermeer de Jongh who regularly assists clients with implementing data protection projects. The Amsterdam-based practice is noted for its specialty in assisting large financial institutions with corporate aspects of data privacy and protection matters.

Ploum‘s data privacy and protection team is led by data experts Dennis Zieren, Dorine ten Brink and Matthijs Gardien out of Rotterdam. The team is often mandated by healthcare, marketing and e-commerce clients to assist them with international data transfers, GDPR compliance and processing employee data. Cyber incidents are also a part of the team’s capabilities.

The technology and data team at Taylor Wessing has a strong international network to assist domestic and overseas clients with cross-border data compliance and privacy matters. The team is well equipped to assist technology sector clients and support technology companies from seed stages to IPO. The Amsterdam team is led by Otto Sleeking who handles data processing agreements, security measures and data transfers as well as data breach claims.

Based in The Hague, Turing Law is a boutique firm centered on IT, data and digital transformation issues. The team assists clients with personal data protection, privacy strategy and policies, data breach notifications and international transfers. Data specialists Huub de Jong and Jeroen van Woezik both co-lead the practice.