Vonne Laan
Privacy lawyer / advocaat
+31 (0)6 11 38 85 26


Vonne assists Dutch and international clients with various matters in the field of privacy, data protection and cybersecurity. She provides strategic advice that aligns commercial goals with compliance obligations.

More specifically, Vonne’s work entails the design and implementation of GDPR compliance plans, drafting and negotiating privacy agreements (e.g. data processing agreements), drafting other privacy documentation (e.g. privacy statements) and developing processing registers (data mapping). She also advises on privacy-related matters such as cookie policies, direct marketing campaigns and whistleblowing schemes. In addition, Vonne assists her clients in the event of enforcement by the competent authority or court proceedings.

Public speaker and writer

Vonne is a frequent speaker at conferences and seminars. She also gives guest lectures at Nyenrode Business University and the Windesheim University of Applied Sciences. In addition, she provides courses at private training institutions as well as for clients. Vonne also has many legal publications to her name and is the author of the privacy law edition of a Dutch standard series (Boom Basics Privacyrecht). She is furthermore a permanent contributor to the Dutch journals on internet law (Tijdschrift voor Internetrecht) and data protection case law (Jurisprudentie Bescherming persoonsgegevens).


Vonne has been admitted as a member of the Association of Privacy Lawyers (Vereniging Privacyrecht Advocaten). It is only open to members specialised - demonstrably and extensively - in the field of privacy law. Her other memberships include the Netherlands Association for Privacy Law (VPR) and the Netherlands Association for Information Technology and Law (NVvIR).


Vonne became interested in the concept of privacy while working as an independent copywriter. How do we perceive privacy in a continuously digitalizing society? She became a privacy lawyer at a renowned internationally operating Dutch law firm in 2013 and gained further experience in this area. She was part of the Information Technology Team for five years until she started her own law firm – Value Privacy Law – in November 2018 and combined forces with Eliëtte Vaal in May 2020 to start The Data Lawyers.

Latest Posts

On 18 May 2020, Vonne Laan provided her regular introductory lecture on privacy law for students of the University of Applied Sciences Windesheim.

Vonne Laan is the author of the book Boom Basics Privacy Law (Boom Basics Privacyrecht). This is an introductory book on privacy law, especially the General Data Protection Regulation (GDPR) and the Implementation Act thereof in the Netherlands.

Vonne Laan has been invited to speak about sharing data sets at the Day of the Privacy Officer 2020.

The Dutch Data Protection Authority published guidance on the privacy rules in relation to corona (COVID-19). But how does this guidance relate to the vision on this of other European Data Protection Authorities? Read more on this in our blog “Privacyperikelen rond Corona (COVID-19): wat zeggen de Europese privacytoezichthouders?” (in Dutch).

On 18 November 2019, Vonne Laan gave her two-yearly presentation at Nyenrode Business University (Nyenrode Business Universiteit)

Vonne Laan spoke at the Autumn meeting of the Dutch Association for Information Technology & Law (Nederlandse Vereniging voor Informatietechnologie & Recht; NVvIR). A society for approx. 500 legal counsels and lawyers that are specialised in IT and the law. 

The Commission nationale de l'informatique et des libertés (CNIL) – the French Data Protection Authority – published guidelines on how the data protection rules should be applied to blockchain technology. Next to possible issues, the CNIL also provides pointers on how blockchains can be built in a privacy compliant manner. This article provides an overview of these pointers with some additions and critical notes. 

In this article Vonne Laan argues that giving an “early bird discount” to prompt payers of privacy fines in the Netherlands, would alleviate and facilitate the congested enforcement department of the Dutch Data Protection Authority (the Autoriteit Persoonsgegevens). It’s an opinion piece written for a Dutch newspaper (het Financieel Dagblad).