Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions
Login
Nederlands

Domain names

Overviewpage Domain names

Cybersecurity

Overviewpage Cybersecurity

Who we are

Overviewpage About SIDN

What we do

SIDN Labs

Homepage SIDN Labs

News

Domain names

Overviewpage Domain names

Who we are

Overviewpage About SIDN

What we do

SIDN Labs

Homepage SIDN Labs

News

Cybersecurity

Overviewpage Cybersecurity

Vacancies

Loading vacancies
More vacancies

News

Loading news
More news and blogs

News

Loading news
More news and blogs

How SIDN’s Privacy Board oversees responsible data use

More than 10 years of assuring privacy in practice

Close-up of a green button with the word privacy on a modern keyboard
  • Wednesday 17 December 2025

When SIDN set up its own Privacy Board in 2014, privacy protection was not widely recognised as a priority within a lot of organisations. At the time, SIDN Labs was starting to study the traffic to the .nl name servers, using the ENTRADA research platform they had created. That development, combined with stricter European legislation – later to result in the General Data Protection Regulation (GDPR) – made it clear that the structural, expert review of data processing activities was essential. “It was a logical step,” recalls Karin Vink, SIDN’s Data Protection Officer and Chair of our Privacy Board. “We wanted to be able to innovate responsibly, with consideration for the privacy of all data subjects.”

Internal Privacy Board

Portrait Karin Vink, Legal Counsel at SIDN
Functionaris Gegevensbescherming bij SIDN

Many enterprises now have one person, or even a whole team, tasked with privacy protection within the organisation. However, that was far from the norm in the registry world more than 10 years ago when we put together our multidisciplinary Privacy Board.The board is a permanent body with the authority to independently assess whether new projects, services and studies comply with the applicable legislation and regulations, and with SIDN’s own high data privacy standards.

Still topical

“Nowadays, privacy protection remains just as topical, but it’s an increasingly integral part of operations at many organisations. It’s relevant to every company and every other organisation, something that they need to act on and have a policy on. I’m struck by – and very pleased to see – just how privacy-aware SIDN personnel have become over the years. It means that our efforts to raise awareness have had an effect. Last year, for example, we got all the teams within SIDN to play a privacy-themed version of a popular Dutch board game. As they went around the board, players were confronted by issues and dilemmas relating to privacy and personal data processing. Then, this year, we set up a real escape room in the SIDN car park, where all the challenges related to security and privacy.

Multidisciplinary and independent body

SIDN’s Privacy Board is made up of people from departments that often handle personal data, including our Support Department and our research department, SIDN Labs. Since last year, the CISO has also been a member, so that privacy and security are mutually reinforcing. “That combination is very important. And, in most cases, privacy and security are mutually complementary interests,” says Karin. “Conflicts are more likely to arise between convenience and security than between privacy and security.”

Karin is SIDN’s Data Protection Officer. Therefore, as Chair of the Privacy Board, she concerns herself mainly with the process and with oversight, while the other board members perform the substantive analyses.

How does the review process work in practice?

A privacy policy has to be drawn up for every new project, service or study that will involve personal data processing. That policy then has to be submitted to the Privacy Board for review. Without the board’s approval, the initiative can’t go ahead. Privacy policies are drawn up using a template, with mandatory sections defining the purpose of the activity, the categories of data to be processed, the legitimate basis for processing and the associated risks. The board then reviews the policy, following a fixed procedure:

  1. Analysis of the proposal The board considers whether the proposed processing is consistent with the GDPR and SIDN’s internal policies. Particular attention is given to the legitimate basis – often ‘reasonable interest’ – and the need for processing.

  2. In-depth interviews The Privacy Board interviews the colleagues that submitted the privacy policy to obtain clarification, and information about alternatives or the scope for using less personal data.

  3. Decentralisation and data minimisation review Is the proposed processing proportional? Could the research goals be secured using less data or less detailed data? The board addresses such questions in line with an internal assessment framework.

  4. Judgement and publication The Privacy Board’s judgement is documented. Wherever possible, the privacy policies and reviews are published. However, privacy policies that contain commercially sensitive information and those that relate to the processing of personal data exclusively about SIDN personnel remain internal.

The procedure described has never yet led to a project being totally rejected. “What does happen,” says Karin, “is that something is flagged up during the interviews with the colleagues who submitted a privacy policy, leading to revisions. So, together, we arrive at more intelligent, secure or efficient personal data processing.”

Privacy and security are not at odds

SIDN operates a vital part of the Netherlands’ digital infrastructure, which millions of people make use of every day. Clearly, therefore, the security of the .nl domain is vital – but how does that relate to privacy? According to Karin, security and privacy are often mutually complementary. “A lot of our data processing is intended to make the internet more secure. And the data subjects are not affected by the processing, except insofar as security improves.”

It’s nevertheless vital that there is always a legitimate basis for processing. Our reasonable interest in the stability and security of .nl often provides the legal basis for processing. By reviewing proposed projects at an early stage, the board prevents conflicts between the interests at stake.

Growing risks posed by data and AI

Asked about the impact of AI and other developments, Karin responds: “New technologies bring new challenges. We see and hear evidence of that every day in the news. The amount of available data is growing, and it’s getting easier and easier to combine data from various sources. That enables conclusions to be drawn, including conclusions that relate to individual people. Increasingly, that’s done using AI – with all the attendant risks. Now, although the personal data that SIDN processes is not extremely sensitive, once AI is involved, the need for a critical Privacy Board is all the greater.”

Upcoming developments and awareness

In 2026, our Privacy Board will continue to pay particular attention to developments in the field of AI and its potential impact on SIDN’s personal data processing. “And, of course, we’ve got another good awareness campaign coming up for our personnel, because a continuous focus on privacy remains important,” asserts Karin.

All privacy policies and the associated Privacy Board reviews are published on our website: https://www.sidn.nl/en/about-sidn/privacy-board.

Related articles