Data processing agreement under Dutch law

Call now Email now

What is a data processing agreement under Dutch law?

Dutch term: Verwerkersovereenkomst | Legal basis: Article 28 GDPR

A data processing agreement (verwerkersovereenkomst) under Dutch law is a mandatory contract between a data controller and a data processor, required by article 28 of the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679). It governs the processor's handling of personal data on behalf of the controller.

The agreement must specify the subject matter, duration, nature and purpose of the processing, the type of personal data, the categories of data subjects, the controller's instructions, the processor's obligations regarding security, sub-processing, data breach notification, data subject rights assistance, and the return or deletion of data on termination.

Why it matters for international businesses

For any B2B relationship involving the processing of personal data (cloud services, SaaS, outsourcing, logistics), a GDPR-compliant data processing agreement is legally required. The Autoriteit Persoonsgegevens (Dutch Data Protection Authority) actively enforces this requirement.

Related pages: Dutch contract law guide, Dutch contract law guide, glossary of Dutch legal terms.

Last reviewed: April 17, 2026 by MAAK Advocaten N.V.

General conditions [PDF's]:

Legal information:

Opening hours:

  • Monday 8am - 7pm
  • Tuesday 8am - 7pm
  • Wednesday 8am - 7pm
  • Thursday 8am - 7pm
  • Friday 8am - 7pm
  • Saturday - closed
  • Sunday - closed

Contact information:


Registrations:

Address:

Kraanspoor 34
1033 SE AMSTERDAM
the Netherlands

Useful links:

© 2023 - 2026, MAAK Advocaten N.V., law firm in the Netherlands · Legal information