Under the Dutch Data Protection Act (Wet bescherming persoonsgegevens), organizations could opt to appoint a data protection officer (“DPO”) and to register such DPO with the Dutch Data Protection Authority (the “Authority”). Under the General Data Protection Regulation (the “GDPR”), the appointment of a DPO is mandatory for certain organizations. In addition, it remains possible to voluntarily appoint a DPO. On the designated Privacy page on our website, you can find more information on the GDPR in general and the DPO in particular.

In anticipation of the GDPR, the registry of DPO’s with the Authority will also be updated. All organizations who have already registered their DPO, should do so again by means of an online form made available for that purpose by the Authority. After 25 May 2018, each registration that has not been done by means of the aforementioned online form, will automatically lapse. New DPO’s must be registered with the same form. One of the changes of the new form is that organizations must indicate whether the appointment of the DPO is mandatory or on a voluntary basis.