Business.gov.nl uses cookies to improve the website. These functional and analytical cookies do not contain your personal data. Do you want to watch video content? Third parties may place tracking cookies to track your online behaviour. You can refuse these tracking cookies. How cookies are used on Business.gov.nl.

Rules for working with data

Published by:
Netherlands Enterprise Agency, RVO
2 min read
Nederlandse versie

Are you an entrepreneur working with data? Then you have a number of obligations, among other things concerning security and privacy. There are European rules and regulations for working with data.

Reusing or analysing data

Do you analyse data? Such as customer data for marketing purposes? What you can and cannot do depends among others on the type of data. Do you, for example, handle personal data relating to customers, staff, or other persons, such as name, address, and telephone numbers? Then privacy rules (GDPR) apply.

If it concerns, for example, sensitive data such as data concerning health, you must, among others:

  • be transparent about what you do with the data 
  • have permission
  • implement (technical) security measures

Check what you need to do to protect personal data.

Using data from smart devices or services

Do you offer smart devices that collect and send data? For example, wearable devices to measure bodily functions? If you are the manufacturer of the device or the developer of the service, you must comply with the rules of the Data Act.

Among other things you must make sure that users:

  • get clear information on which data are collected and how
  • get easy access to their data
  • can share their data with others or have the data shared with others

Find out which requirements you must meet if you sell smart devices.

Data in cloud services

Do you offer cloud services? You must ensure your users:

  • can easily switch to another cloud service provider
  • can take their data with them
  • can exchange their data with one another when they use different cloud services at the same time
  • know in advance how they can switch to another provider (this information must also be clearly stated in the contract)

Learn more about the Data Act rules for cloud services (in Dutch).

Data on platforms for social media services (intermediate services)

Does your business offer online intermediate services such as an online platform, hosting company, or social media service? For example, a website or app where users can post video’s, images, or reviews? If so, you must keep to the rules of the Digital Services Act (DSA) that ensure a secure, reliable, and predictable online environment. 

You must for instance, make sure that you:

  • are easily accessible to users and the authorities
  • prevent the circulation of illegal content
  • have a complaints system in place

Sharing and offering data

Do you have a data intermediation service? A data intermediation service offers services that connect data holders and data users with the aim of sharing data. You must keep the Data Governance Act (DGA) to ensure greater trust in data sharing.

You must for example:

  • register your data intermediate service with the Netherlands Authority for Consumers and Markets (ACM).
  • ensure that the data you receive are not used for anything else than sharing it with the data user at the data holder’s request.

This article is related to:

How would you rate this page?(question 1 of max 3)
We are sorry to hear that. How can we improve?(question 2 of 3)

Questions relating to this article?

Please contact the Netherlands Enterprise Agency, RVO

Rules for working with data | Business.gov.nl