Jan Baas

Jan has been a lawyer since 1997 and joined the La Gro Geelkerken law firm in 2021. He runs a broad commercial advisory and litigation practice. His cases are on the interface between private law and public law, with a specific focus on personal data protection (privacy), administrative law and environmental law, scarce permits, and commercial contracts.

Specialist areas

  • Privacy law and personal data protection
  • Administrative law and environmental law

Background and other work

  • 2008, VMA/ Grotius Specialisation Programme in Spatial Planning Law and Environmental Law
  • 2004, Grotius Specialisation Programme in Property (distinction)
  • 1996, University of Groningen (Law)
  • Member of the Administrative Law Committee of the Hague Bar Association
  • Member of the Privacy Law Association and the Association of Privacy Lawyers
  • Member of the Environmental Law Association
  • Lecturer and keynote speaker at seminars and conferences
  • Teaches courses on privacy law and personal data protection for Instituut voor Juridische Opleidingen (ivjo.nl) and various other educational institutions.
  • Teaches a course on privacy law and personal data protection for public authorities and the ‘GDPR in Practice’ course for VNG Academy.

 Recent cases

  • In the area of privacy and data protection: assisting companies and other organisations in complying with the GDPR and other data protection legislation, through training, workshops, quick scans, assessments, and drawing up documents such as protocols for the duty to report data breaches, (privacy) policy documents, processing registers, and data protection impact assessments;
  • Frequent advisory services on and assistance in the application of the General Data Protection Regulation, including when launching new services and products, data breaches and security infringements, exercising data subject rights. Drawing up and reviewing privacy statements, data processing agreements, covenants, and commercial contracts involving the processing of personal data;
  • Compliance checks and due diligence in the area of personal data;
  • Assisting companies in audits and enforcement processes by the Dutch Data Protection Authority;
  • Civil and administrative law proceedings involving privacy law and/or personal data.
  • In the area of administrative and environmental law: assisting in permit application procedures and related procedures for (scarce) permits, such as for amusement arcades and gaming.
  • Appeal and objection proceedings on zoning plans and environmental permits;
  • Civil law proceedings on the interface between administrative and private law, both for public authorities and for enterprises;
  • Advising and representing public authorities in cases involving the Municipalities Act, Joint Arrangements Act, scarce permits, general municipal bylaw, and special laws.
  • Other practices: drawing up and reviewing, as well as negotiating on, commercial contracts; commercial collaborations, data and IT; conducting civil law proceedings.

Publications by Jan Baas

  • Note to Rotterdam District Court 19 March 2021, ECLI:NL:RBROT:2021:2306, JBP 2021/84;
  • Note to Northern Netherlands District Court 1 March 2021, ECLI:NL:RBNNE:2021:738, JBP 2021/81;
  • Note to Conseil d’État (France) 27 March 2020, Google/ CNIL, JBP 2020/97;
  • Note to four rulings by the Administrative Jurisdiction Division 1 April 2020, JBP 2020, 56-59
  • (with Rens Groen);
  • Note to CJEU 24 September 2019, C-507/17, Google/ CNIL, JBP 2020/2;
  • Note to CJEU 24 September 2019, C-136/17, GC e.a./ CNIL, JBP 2020/3;
  • Note to CJEU 29 July 2019, C-40/17, Fashion ID, JBP 2019/99;
  • Note to Court in Preliminary Relief Proceedings (Amsterdam) 15 November 2018, Stichting Museumjaarkaart, JBP 2019/1;
  • Note to CJEU 4 May 2017, C-13/16, Rigas satiksme, JBP 2017/40;
  • Note to CJEU 19 October 2019, C-582/14, Breyer, JBP 2016/82; 2015;
  • Note to CJEU 1 October 2015, C-230/14, Weltimmo, JBP 2015/125;
  • Note to CJEU 16 April 2015, C-446, 447 448 and 449/12, Willems et al/ mayors, JBP 2015/77 (with David Mulder);
  • (Cyber)security - an appropriate security level, De Bedrijfsjurist 2015 no. 2. 2014;
  • (Cyber)security and compliance - an appropriate security level, Tijdschrift voor Compliance 2014/5;
  • Duty to disclose and report in case of data leaks and security breaches, Privacy & Informatie 6, 2012 (with Marjolein van Rest).
Contact details
J.A.N. (Jan) Baas

Specialist Privacy and data protection (AVG/GDPR) & Administrative law

The GDPR is not intended to make life impossible for organisations.
Jan Baas
Lawyer, Partner
Call Jan Baas