De Notify-Staatscourant
Uitgegeven krachtens Koninklijk Besluit · Koninkrijk der Nederlanden
OPENBAAR · Autoriteit Persoonsgegevens (AP)
No.
Stcrt-NL-004
Date
2026-05-27
Effective
2026-01-01
Status
In force

AVG, UAVG, Postfilter Robinson and Bel-me-niet Register: the consent framework for transactional and marketing delivery to Dutch consumers

The Autoriteit Persoonsgegevens (AP) enforces the AVG together with the AVG Implementation Act (UAVG). Marketing communication is governed by article 11.7 Telecommunications Act (opt-in requirement + soft opt-in for existing customers). Postfilter (DDMA) and Bel-me-niet Register are national do-not-contact registers — 4notify integrates both automatically at the API edge.

EmailSMSWebhook
Preamble

Pursuant to the General Data Protection Regulation (EU 2016/679), the AVG Implementation Act and Telecommunications Act article 11.7, the Autoriteit Persoonsgegevens issues the following Notice on consent management procedures in electronic delivery by 4notify.

Cited statutes
AVG artikel 6 lid 1

Six lawful bases: consent, contract, legal obligation, vital interests, public interest, legitimate interests.

Telecommunicatiewet artikel 11.7

Opt-in for marketing, soft opt-in for existing customers with similar products and clear unsubscribe.

UAVG artikel 39 lid 1

Data breach notification within 72 hours to AP; affected individuals without undue delay where high risk.

Implementation
01

Lawful basis registration per delivery

Every delivery envelope carries one of the six AVG bases; locked at template registration.

02

Postfilter Robinson + Bel-me-niet cross-check

Pre-send check against DDMA Postfilter and Bel-me-niet Register; registered numbers/emails excluded.

03

Right to be forgotten within 30 days

GDPR Art. 17 requests propagate within 24h to 4notify; suppression list updated across all MNOs.

04

72-hour breach notification webhook

Envelope incident generates webhook to Data Protection Officer within 1 hour for 72-hour AP notification.

Delivery envelope
json
{
  "gebeurtenis": "aflevering.consent_envelope",
  "verwerkingsverantwoordelijke_id": "NL-CTRL-12345",
  "rechtmatigheidsgrond": "soft_opt_in",
  "soft_opt_in_bewijs": {
    "eerdere_transactie": "BESTEL-2025-09-14-94821",
    "soortgelijke_producten_match": true,
    "uitschrijflink_aanwezig": true
  },
  "postfilter_check": "geslaagd",
  "bel_me_niet_check": "geslaagd",
  "aflevering": { "kanaal": "email", "sjabloon": "promo_kerst_v2" }
}
Sample message
EmailSubject: Your unsubscribe preference has been updated

Dear Sir or Madam, Your marketing consent has been withdrawn effective immediately. You will no longer receive marketing emails, but transactional messages (order confirmations, delivery alerts) will continue. For other GDPR rights, including right to be forgotten, contact [email protected].

Compliance checklist
  • AP registration of controller current
  • Data Protection Officer (FG) configured at controller level
  • Soft opt-in evidence per marketing delivery stored
  • 72-hour breach notification webhook reachable
What 4notify does differently

4notify is the only A2P service provider that stores per-envelope soft opt-in evidence, mirrors Postfilter Robinson + Bel-me-niet at the API edge and emits 72-hour breach notification webhook on every envelope incident.

Frequently asked questions
Does soft opt-in apply to SMS?

Yes — Telecommunications Act art. 11.7 paragraph 3 applies to "electronic messages", which includes SMS, MMS and OTT.

What if the controller is not registered with AP?

4notify blocks marketing delivery at the API edge until valid AP registration; transactional delivery (contract basis) remains available.

Issued by Royal Decree of
the Notify Ministry of Notices
2026-05-27 · Stcrt-NL-004

Start free

14 days, no card. Dutch + English support during the working week.

Other notices