Personal data in the BRP

Every municipality registers personal data in the Personal Records Database (BRP), such as someone's name, birthdate, citizen service number (BSN), address, and marriage and children, if any. The municipality where someone is registered keeps these personal data.

On this page

Nonresidents are also registered in the BRP

The BRP contains personal data not only of residents of the Netherlands, but also of Dutch people abroad. These people are called non-residents.

People who live in the Netherlands for a period of less than four months may also be registered in the BRP because they work or study temporarily in the Netherlands, for example. To be permitted to do this, they need a citizen service number (Dutch BSN), which they receive if they have registered in the BRP.

Accessing or modifying your data in the BRP

Do you want to know if you have been registered in the BRP or have incorrect data rectified? In Your privacy rights regarding the BRP you can read how to do this and what other rights you have.

These organisations use the BRP

Municipalities use the personal data in the BRP themselves. Other organisations may also receive information from the BRP, such as governmental organisations that need personal data for the performance of their public duties. The Tax Administration, for example, uses personal data for levying taxes, and the Employee Insurance Agency UWV uses them for providing benefits.

In addition, municipalities are allowed to pass on personal data from the BRP to third parties, such as pension funds. Only organisations with a public or social task may receive personal data from the BRP.

To whom the municipality may pass on personal data has been arranged in Appendix 4 and Appendix 5 of the BRP Decree.

These are the rules for the BRP

The rules for the use of the BRP can be found in:

  • the Personal Records Database Act;
  • the Personal Records Database Decree.

In addition, the General Data Protection Regulation (GDPR) contains a number of additional rules for situations that have not been provided for in the Personal Records Database Act and the Personal Records Database Decree.

Municipalities and other organisations that use the BRP are therefore obliged to comply with the Personal Records Database Act and the Personal Records Database Decree as well as the GDPR.

Do you want to know more? Take a look at the BRP and the GDPR (information for professionals).

These are the controllers for the BRP

Every personal data processing has a controller. For the BRP:

  • the Municipal Executive of every municipality is the controller for the local part of the BRP of that municipality;
  • the Minister of the Interior and Kingdom Relations (BZK) is the controller for the central facility of the BRP.

The National Office for Identity Data (Dutch abbreviation: RvIG) manages the BRP on behalf of the Minister of BZK. The RvIG is responsible for the safe storage and exchange of personal data in the BRP.

The Dutch DPA supervises the BRP

The Dutch Data Protection Authority (Dutch DPA) monitors compliance with the Personal Records Database Act, the Personal Records Database Decree and with the GDPR. This means that the Dutch DPA may check if, for example, municipalities comply with Personal Records Database Act, the Personal Records Database Decree and the GDPR when using the BRP.