Last reviewed: December 2024

☒   omnibus – all personal data

☒   sector-specific

Financial, telecommunications, public, energy and the healthcare sectors, among others, have sector-specific regulations and/or industry codes of conduct.

☒   constitutional

Last reviewed: December 2024

Please refer to the EU Chapter for detailed information regarding EU-wide legislation.

• General Data Protection Regulation ("GDPR") of 27 April 2016, available https://eur-lex.europa.eu/eli/reg/2016/679/oj
• The Dutch GDPR Implementation Act ("UAVG") of 16 May 2018, which serves to supplement the GDPR, available here.
• Dutch Telecommunications Act (Telecommunicatiewet) of 19 October 1998 (as amended), implementing the ePrivacy Directive, available https://wetten.overheid.nl/BWBR0009950/2024-01-01.

Please refer to the EU Chapter for detailed information regarding EU-wide legislation.

• Dutch Telecommunications Act (Telecommunicatiewet), implementing the European Electronic Communications Code ("EECC"), available here
• Dutch Network and Information Security Act (Wet beveiliging netwerk- en informatiesystemen” or “Wbni”), implementing the Directive on Security of Network and Information Systems ("NIS Directive"), available https://wetten.overheid.nl/BWBR0041515/2024-10-01. The Wbni will be replaced by the Dutch Cybersecurity Act (“Cyberbeveiligingswet”), once final and adopted, implementing the NIS 2 Directive (here: https://eur-lex.europa.eu/eli/dir/2022/2555/oj). The Dutch implementation of NIS 2 is delayed; it is currently envisaged that the Dutch Cybersecurity Act will enter into force in Q3 of 2025.

Last review date: December 2024

No specific Dutch legislation. Please refer to the EU Chapter for detailed information regarding EU-wide legislation.

Last reviewed: December 2024

National developments

No material updates to key data privacy or cyber security laws are anticipated at national level, except for the implementation of EU legislation, such as  the NIS 2 Directive.