Most Read Contributor in Netherlands, February 2017
Today, the Dutch Ministry of Security and Justice published the
draft Implementation Bill General Data Protection Regulation
("Implementation Bill"). This bill
provides the first insight into the Dutch government's
implementation of new data protection principles in the light of
the European developments. The bill is highly relevant for our
clients since it will replace the current Dutch data protection
framework and requires an assessment of overall data protection
The implementation of the GDPR The Implementation Bill is the Dutch legislative response
to the European General Data Protection Regulation
("GDPR"). The GDPR was adopted in April
2016 to strengthen existing obligations and to modernise the
current data protection framework. It will apply directly in all
member states as of spring 2018. However, there is some room for
manoeuvre for national authorities to implement and specify
European principles. The bill that is presented today gives the
first insight into this national approach to the new data
In general, the Dutch government has tried to maintain the rules
which already exist in the Data Protection Act (Wet bescherming
persoonsgegevens), unless the GDPR requires a change. New
matters include, for example, local law on profiling, special
categories of personal data, rights of data subjects, and the
mandatory notification of a data breach. Other topics where the
bill provides further specification of the GDPR include rules on
health and education related data. The bill also provides
derogative grounds such as criminal investigations and
Another interesting aspect of the Implementation Bill is its
expansion of the role of the Dutch Data Protection Authority, the
("AP"). This enforcement body will
interact to a greater extent with international data protection
authorities and has stronger enforcement powers.
What is next?
The Implementation Bill is now open for public consultation until
20 January 2017. After this period, both the Dutch Senate and the
Second Chamber must debate and adopt the bill. The exact time of
entry into force is therefore unknown at this time.
We recommend our clients monitor this legislative process and
review their internal processes and policies. Whereas the GDPR was
the first incentive to evaluate overall data protection, this Bill
further clarifies and specifies the new obligations. It is key for
our clients to have their revised policies and practices up to date
by spring 2018, when the GDPR becomes directly applicable in all EU
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
To coincide with Data Privacy Day, we have prepared a roundup of five recent announcements and developments in the world of privacy and data protection.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).