Logo of the Dutch governmentGo to homepage

Government support for entrepreneurs

This article is related to:


This information is provided by Netherlands Enterprise Agency

A blacklist is a list of persons or organisations who should be ​avoided and not ​trusted. A company may choose not to do business with them (either permanent or temporarily) or only under certain conditions. Business owners can create their own blacklist to keep a record of unwanted customers or fraudulent employees. If they choose to do so, and their business is located in the Netherlands, they must comply with the Dutch Data Protection Act (Wet bescherming persoonsgegevens, Wbp).

Blacklist requirements

In the Netherlands, you may only create a blacklist if you cannot achieve your objective by less drastic means. You must register your blacklist to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), using the Wbp Notification Program External link(Wbp-meldingsprogramma) (in Dutch). A public registerExternal link (in Dutch) maintained by the CBP lists all approved blacklists.

Please note: You must also notify the the Dutch DPA if you wish to participate in an existing blacklist.

If you want to share the personal information on your blacklist with other businesses, you must also ask the Dutch DPA for a preliminary investigation and draw up a protocol.

Your customers’ or employees’ rights

If a customer or employee is on your blacklist, you are required to inform them about this. They also have the right to inspect their personal details and to ask you to correct or delete it.

This article is related to:

This information is provided by

Netherlands Enterprise Agency