Algemene Verordening Gegevensbescherming (AVG) is the Dutch name for Regulation (EU) 2016/679, the General Data Protection Regulation. It sets out how personal data of workers, candidates, and clients must be collected, processed, stored, and erased. It applies directly in all EU member states and is supplemented in the Netherlands by the Uitvoeringswet AVG.
For staffing and HR, AVG shapes the entire employee lifecycle. It requires a lawful basis for processing, data minimisation, clear retention schedules, secure storage, and a documented response process for data breaches and subject-access requests. CV handling, background checks, and payroll data all fall within scope.
Breaches can lead to significant administrative fines imposed by the Autoriteit Persoonsgegevens. Agencies and hirers that share personal data about workers typically need a processor or joint-controller agreement to allocate responsibilities.