Most Read Contributor in Netherlands, January 2017
Today, the Dutch Ministry of Security and Justice published the
draft Implementation Bill General Data Protection Regulation
("Implementation Bill"). This bill
provides the first insight into the Dutch government's
implementation of new data protection principles in the light of
the European developments. The bill is highly relevant for our
clients since it will replace the current Dutch data protection
framework and requires an assessment of overall data protection
The implementation of the GDPR The Implementation Bill is the Dutch legislative response
to the European General Data Protection Regulation
("GDPR"). The GDPR was adopted in April
2016 to strengthen existing obligations and to modernise the
current data protection framework. It will apply directly in all
member states as of spring 2018. However, there is some room for
manoeuvre for national authorities to implement and specify
European principles. The bill that is presented today gives the
first insight into this national approach to the new data
In general, the Dutch government has tried to maintain the rules
which already exist in the Data Protection Act (Wet bescherming
persoonsgegevens), unless the GDPR requires a change. New
matters include, for example, local law on profiling, special
categories of personal data, rights of data subjects, and the
mandatory notification of a data breach. Other topics where the
bill provides further specification of the GDPR include rules on
health and education related data. The bill also provides
derogative grounds such as criminal investigations and
Another interesting aspect of the Implementation Bill is its
expansion of the role of the Dutch Data Protection Authority, the
("AP"). This enforcement body will
interact to a greater extent with international data protection
authorities and has stronger enforcement powers.
What is next?
The Implementation Bill is now open for public consultation until
20 January 2017. After this period, both the Dutch Senate and the
Second Chamber must debate and adopt the bill. The exact time of
entry into force is therefore unknown at this time.
We recommend our clients monitor this legislative process and
review their internal processes and policies. Whereas the GDPR was
the first incentive to evaluate overall data protection, this Bill
further clarifies and specifies the new obligations. It is key for
our clients to have their revised policies and practices up to date
by spring 2018, when the GDPR becomes directly applicable in all EU
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In early January, the Article 29 Working Party (WP29) adopted its 2017 Action Plan (Action Plan) on the implementation of the General Data Protection Regulation (GDPR).
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).