Logo of the Dutch governmentGo to homepage

Government support for entrepreneurs

This article is related to:

Protection of personal data

This information is provided by Netherlands Enterprise Agency

If you do business in the Netherlands, you must comply with the Dutch Data Protection Act (Wet bescherming persoonsgegevens, Wbp). This act states that you must handle the personal data of your customers and employees carefully. This involves, for example, securing the data against loss or theft. You also have to inform your customers and employees about what happens to their data. In some cases, you must report your data processing to the Dutch Data Protection Authority, DPAExternal link (Autoriteit Persoonsgegevens).

Please note that the Data Protection Act will be replaced by the General Data Protection Regulation (GDPR) as of 25 May 2018. Read more about the GDPR key changes External link.

Protection of personal data

You must take suitable measures to protect data pertaining to your customers and employees. You may, for example, not collect and further utilise more personal data than that which is truly necessary. You must also limit access to personal data.

Duty to disclose information

You must tell your customers or employees which of their personal data you will use and what for. You must also provide them with your own details (company name and address) and inform them if you share their personal data with other organisations. It is mandatory to include a privacy statement on your website. This can be done using the privacy declaration generator (verklaringgenerator)External link (in Dutch).

Report processing of personal data

If you are starting a company in the Netherlands and you will be processing personal data, you must report to DPA. However, you may be exempt from having to report. Please contact the Dutch DPAExternal link for more information.

Reporting theft, loss or abuse of personal data

You must notify DPAExternal link (in Dutch) and the persons involved of any theft, loss or abuse of personal data for which you are responsible. If you fail to notify any data breach in time, DPA may impose a fine.

Online procedure via Message Box

If you have to report your use of personal data for a procedure subject to the Services Act (Dienstenwet), you can also do this via Message Box. Message Box is a secure email system that enables you as an entrepreneur to exchange digital messages with Dutch government agencies.

This article is related to:

This information is provided by

Netherlands Enterprise Agency