Privacy law

Privacy Helpdesk Privacy Quick Scan

Since the European General Data Protection Regulation (GDPR) came into force, this topic has become even more important. All companies based in the Netherlands (or other countries within the EER), doing business here and/or processing personal data of EU citizens must comply with all requirements of the GDPR. This raises many questions. What data may be requested and/or shared? Does a party qualify as a data controller or a data processor? Can consumer data be used for marketing purposes? How do you deal with health data and what should you do in case of a cybersecurity incident (e.g. data breach)?

Citizens have become more aware of their privacy rights as well (we see this in individual compensation cases but also increasingly in the form of mass claims). The Dutch Data Protection Authority (Autoriteit Persoonsgegevens), which supervises compliance with the laws and regulations in the area of personal data, is becoming increasingly active and can impose heavy fines. It is important that every company meets its obligations under the GDPR (also called compliance). At the same time, it is often important for a company to be able to innovate and/or make use of data for, inter alia, marketing purposes. Our multidisciplinary IT & Privacy team will be glad to guide you through the complex regulations in this area. We will be happy to think along about what is possible under the current legislation.

Do you have questions about privacy law?

Please contact us through the phone number below or send us an email.


This is how we can help you

Our Team

Since its establishment in 1995, our firm has an established name in the field of IT and privacy law. We keep track of all relevant developments and will be happy to provide you with a concrete and appropriate advice.

Apart from the GDPR, other rules and frameworks are also important, such as national implementation laws (in the Netherlands: UAVG), the Dutch Telecommunications Act and laws and several legislation and guidelines in the field of healthcare, IT law, intellectual property law or employment law. Ploum has a relatively large privacy team that deals with privacy law on a daily basis, whereby each lawyer has his or her own (additional) specialisation. For example, we have specific knowledge of privacy in the healthcare sector and in the workplace. We all have a passion for the IT and privacy practice and combine this with our specific expertise. Where necessary, we also consult with our colleagues from the corporate law section and/or the bankruptcy law section. Because we have all this expertise in-house, we can switch quickly and provide you with sound - and pragmatic - advice. 

Most of our more senior attorneys have completed a Grotius specialisation course and we are members of various relevant specialisation associations. These include: VIRA (Association for Information Technology Lawyers), NVvIR (the Dutch Association for Information Technology and Law), VPR (Privacy Law Association), IAPP (International Association of Privacy Professionals) and LES Benelux (Licensing Executives Society Benelux). Ploum is co-author of Global Privacy Book.

‘The proactive approach and the fact that they always put our interests first has been a great pleasure for us.’ – Legal 500 EMEA 2023

‘Excellent team. Wonderful service and advice. Easy to work with and hands-on. Very client focused.’ – Legal 500 EMEA 2023

‘Specific knowledge of the business and my company as well as in-depth knowledge on privacy and data protection.’ – Legal 500 EMEA 2023

Our assistance

Our privacy team will be happy to assist you with the following:

  • Drafting and reviewing agreements, other (required) documents and registers (compliance projects)
    data processing agreement, privacy statement, data breach protocol, data processing register, register of incidents, data retention policy, international data exchange (e.g. SCCs), (intercompany) data transfer agreement
  • Advising on a wide range of privacy issues (including themes such as marketing, food, cybersecurity, energy, e-commerce and (health)care)
    cookies, marketing/advertising, opt-in, use of photos in advertisements, consumer data, online sales, employee tracking systems, WiFi tracking, hacks, cyber-attacks, security incidents, access control, staff alcohol and drug testing, camera surveillance, processing of health data, identity documents and citizen service numbers (in Dutch: BSN), e-health and scientific research
  • Performing Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessments (worldwide)
  • Assessing obligations in the implementation of data subject rights (e.g. the right of access to or deletion of data) or setting up a related policy (SOP)
  • Advising on personal data in case of bankruptcy or acquisition (M&A);
  • Assisting in case of data breaches (e.g. notification obligations), disputes/proceedings (claims for damages or claims for access to or deletion of data) or investigations by authorities (such as the Dutch DPA).

We assist in proceedings in court as well as in arbitrations and investigations and/or sanctions imposed by authorities (e.g. the Dutch Data Protection Authority). We also have extensive experience in coordinating projects in various jurisdictions worldwide. This enables us, for example, to advise you on how to be 'compliant' with your web shop throughout Europe. We offer assistance in various other manners as well, such as by way of our Privacy Helpdesk, Privacy Tools and Privacy Knowledge Sessions (please see below).

Track Record

  • Drafting (group) agreements for the (worldwide) exchange of personal data
  • Assisting pharmaceutical companies in tightening up privacy policies and related documents (GDPR compliance), in conjunction with sector-specific legislation (e.g. drug distribution)
  • Adjusting the privacy policy of a large organisation in the arts and culture sector
  • Advising on direct marketing and the use of consumer data (opt-in vs opt-out)

Compliance projects

Do you want to be sure that your organisation complies with the basic principles of the GDPR? We have developed handy tools to examine this in a structured manner. Subsequently, we help to draft, negotiate and/or update all documents and contracts, perform DPIAs where necessary and, if desired, we also provide training to your employees for the implementation of policies. 

Privacy Tools and Privacy Helpdesk

With the Privacy Helpdesk, we provide short lines of advice, at a fixed/reduced rate, for (in particular) your Data Protection Officer (DPO) or (other) privacy officer. Our team will be pleased to provide you with fast and concrete advice that you can put into practice. With our Ploum Privacy Helpdesk, we do this immediately by telephone where possible. More information can be found here. For our clients, we also offer various Privacy Tools, such as a handy checklist that can be used when assessing data processing agreements and the Privacy Quick Scan.

Privacy Awareness Sessions

We give training sessions, workshops and/or lectures within companies and at conferences. In the field of privacy, we do this with respect to, among other things, privacy in the workplace (focused on your organisation or team, e.g. customer service, HR), privacy & marketing (incl. portrait rights) and privacy in healthcare (professional secrecy, e-health). We can help you to familiarize your employees (e.g. annually) with the GDPR obligations in practice.

Want to know more?

Please contact one of our specialists via the contact details below or

‘Committed and expert lawyers. Lots of knowledge in-house. Pleasant people to work with, always an opportunity to spar. Think along with the organisation.’ – Legal 500 EMEA 2023

‘Extensive knowledge in specific areas of law. The lawyers listen carefully to what you want and are very involved. They are always easily accessible to answer questions.’ – Legal 500 EMEA 2023

‘The internal fast-tracking and the cooperation of teams within Ploum’s organisation significantly accelerated the project.’ – Legal 500 EMEA 2023

Attorney at law, Partner

Dorine ten Brink

Expertises:  Contract law, Arbitration, Privacy law, IT-Law, Cybersecurity , Transport and Logistics, Commercial Contracts, E-commerce, German Desk,

Attorney at law, Partner

Dennis Zieren

Expertises:  IT-Law, Privacy law, Procurement law, Technology, Media and Telecom, E-commerce,

Meet the team

Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.

Personal data


Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Edit profile' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Personal data


Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Edit profile' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Create account

Get all your tailored information with a My Ploum account. Arranged within a minute.

I already have an account

Benefits of My Ploum

  • Follow what you find interesting
  • Get recommendations based on your interests

*This field is required

I already have an account

Benefits of My Ploum

Follow what you find interesting

Receive recommendations based on your interests



Why do we need your name?

We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.


A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.