NAALA | Not An Average Legal Advisor

Dutch Data Protection Changes

By: Sofie Geurts – Graduate intern at NAALA 

Published on 2 May, 2023

Dutch Data Protection Changes

Protection network security computer and safe your data concept. Laptop working develop coding program with key on keyboard

Sofie Geurts

Graduate intern at NAALA

Published on 2 May, 2023

The Verzamelwet Gegevensbescherming, or the Data Protection Collection Act, is a new Dutch law that amends existing data protection regulations to better align them with the European Union’s General Data Protection Regulation (GDPR). This blog post will provide an overview of the key changes introduced by the Verzamelwet Gegevensbescherming and what they mean for individuals and organizations operating in the Netherlands.

On December 2, 2022, a new act called the Verzamelwet Gegevensbescherming was introduced in the Netherlands. This act is designed to amend the Dutch Implementation Act for the General Data Protection Regulation (Uitvoeringswet AVG or UAVG) and other relevant laws to simplify and update data protection regulations. It includes both substantive and technical changes, such as modifications to data subjects’ rights under the GDPR and guidelines for processing personal data in the context of transaction monitoring.

The Verzamelwet Gegevensbescherming was introduced to address issues related to the enforcement of the General Data Protection Regulation (GDPR) in the Netherlands. Initially, there was a lot of uncertainty regarding how these regulations would be enforced. To address this issue, a motion was passed to change the future Dutch interpretation of the GDPR (UAVG). Since then, some of the ambiguity has been resolved, and the remaining issues will be addressed by the proposed Verzamelwet Gegevensbescherming.

The proposed Verzamelwet Gegevensbescherming covers various technical and substantive topics, including changes related to the exercise of rights under the GDPR, the provision of grounds for processing certain categories of personal data, and specific amendments such as financial companies’ obligations in transaction area monitoring. One of the significant changes in the proposal is related to the rights of data subjects, particularly when minors are involved. The proposal allows the legal representative and data subjects aged 12 and over to withdraw their consent at any time.

The adjustments made by the Verzamelwet Gegevensbescherming may affect businesses that process personal data. For example, the proposed changes related to the exercise of rights under the GDPR may require companies to make changes to ensure that minors can easily withdraw their consent on their own. The Verzamelwet Gegevensbescherming is expected to streamline and clarify data protection regulations in the Netherlands, benefiting individuals, organizations, and the overall economy.

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “AP”) issued an opinion on the Verzamelwet Gegevensbescherming proposal in 2021, which has been incorporated into the current proposal. In its January 2023 opinion, the AP emphasizes the importance of effective enforcement of privacy laws, safeguarding the rights of data subjects, protecting personal data when processed by government agencies, and encouraging privacy-friendly innovation. It also makes recommendations for improving the UAVG in the areas of accountability, transparency, international data sharing, and the protection of special personal data.

The Verzamelwet Gegevensbescherming proposal was submitted on December 2, 2022, and is currently pending. A report on the proposed act has been handed in on March 23, 2023. This report pertains to the amendment of the UAVG and some other laws as part of an effort to streamline and update data protection acts. This marks a step in the process of creating this law, but there is currently no information available regarding further consideration thereof. It is also unclear when the expected legislative amendment will take place. However, what is certain is that there will be changes from the current UAVG and the other laws mentioned in the proposal.

We understand the importance of complying with data protection regulations, especially in light of the ever-changing landscape of legislation. We know that it can be challenging to keep up with these changes and to understand how they apply to your organization.

Contact us today to learn more about how we can help you ensure that your organization is in compliance with the latest data protection laws and regulations.

Questions? We are happy to discuss your specific case.


Under the GDPR, children deserve specific protection regarding their personal data. In the online world, their personal data, such as their likes and habits, constitute the experiences they have and the development they go through. Combine this with the sensitivity of health data, which in general is often processed through digital health solutions. Practice shows that developers of digital health solutions wouldn’t touch children’s solutions with a ten-foot pole, as it seems impossible to comply with privacy legislation. 

Do you find yourself being responsible for more requirements than you anticipated due to the processing of personal data? As you may know, all data subjects (the natural persons you process data of) deserve protection of their personal information and have rights related to their personal data.