Pieter Roggeveen

a.i. Data Protection Officer at Nationale-Nederlanden Bank

Amsterdam, North Holland, Netherlands

About

Pieter is a senior interim privacy, data protection, compliance and data governance leader with extensive experience in statutory Data Protection Officer / Functionaris Gegevensbescherming (DPO/FG) roles, Chief Privacy Officer assignments and board-level advisory work. He advises boards, executive teams and senior stakeholders in banks, financial institutions, regulators and large corporates on GDPR/AVG, DPO accountability, AI governance, European digital regulation and compliance transformation. He is valued for independent judgment, clear analysis and firm, sometimes challenging advice, while remaining pragmatic about what can be implemented within the organisation’s governance, systems, processes and control framework. Pieter has led and professionalised privacy and data protection functions, including teams of privacy lawyers, privacy officers and data protection advisors. His work includes Privacy Control Frameworks, DPIAs, gap analyses, privacy governance, management reporting, maturity assessments, remediation programmes and controlled transitions to permanent DPO or privacy functions. Recent assignments include acting as DPO for Nationale-Nederlanden Bank, Data Protection Lead and Senior Privacy Governance Consultant at Vattenfall, a.i. Chief Privacy Officer at Erasmus MC and senior privacy governance roles for major financial, healthcare and regulatory organisations. Since 2023, Pieter is also involved on AI Act, Data Act, Data Governance Act and NIS2 readiness, helping organisations assess regulatory impact, design governance models, define implementation roadmaps and embed new requirements into risk, compliance, cybersecurity and data governance structures. He is effective in environments involving regulatory scrutiny, board reporting, C-level decision-making, cross-border dependencies and crisis-sensitive issues. Since 2016, he has managed or advised on approximately 500 personal data breach cases, including 30–40 high-impact incidents. Before becoming an independent contractor, Pieter held senior data protection, risk, compliance and data management roles, including at Capgemini. Pieter is available for senior advisory, interim leadership and programme-level roles, including Chief Privacy Officer (CPO), Data Protection Officer, AI Act / Data Act Programme Lead, Privacy & Data Governance Transformation Lead, Senior Advisor to the Board on Data Protection and AI Governance, Data Protection Lead, Chief Data Officer (CDO) and Risk & Compliance Director. ----- Earliest availability for new assignments: October 2026

Experience

  • a.i. Data Protection Officer at Nationale-Nederlanden Bank at NN
    Mar 2025 - Present · 1 yr 5 mos

    Pieter acts as interim statutory Data Protection Officer (DPO) for Nationale-Nederlanden Bank, a Dutch retail bank and fully owned subsidiary of NN Group, one of the Netherlands’ leading international financial services groups. NN Group operates across Europe and Japan, employs approximately 16,000 people and serves around 19 million customers through brands including Nationale-Nederlanden, NN, OHRA, Movir, AZL, BeFrank and Woonnu. In this complex, regulated and data-driven environment, Pieter fulfils a senior statutory role requiring independence, authority and the ability to operate at the intersection of governance, technology, risk and business strategy. In this senior independent role, based on Articles 37–39 GDPR, Pieter reports directly to the Managing Board of NN Bank and maintains alignment with the Executive Board and the NN Group DPO. He is the first point of contact for the Dutch Data Protection Authority and advises the organisation at board and senior management level on privacy governance, regulatory obligations, risk management and internal compliance. His work includes translating legal requirements into board-level decision-making, challenging the organisation where needed and embedding privacy considerations in strategic change, processes and emerging technology initiatives. Pieter also leads the Data Protection Team of 4.5 FTE, overseeing advice on data protection matters, incidents, controls, DPIAs and AI-related assessments, including AI Act governance. His assignment combines statutory supervision with hands-on executive advisory work: strengthening processes, governance and reporting lines, assessing the maturity and effectiveness of the DPO function, and preparing a structured transition to the NN Group DPO function. By combining regulatory depth with senior stakeholder management and pragmatic leadership, he contributes to a more mature, resilient and accountable privacy function. The assignment is expected to run until Q3 2026.

  • Independent Privacy, Data Protection & GDPR Compliance Consultant at Risco Consulting
    Apr 2019 - Present · 7 yrs 4 mos

    Risco Consulting is owned by Pieter Roggeveen. Pieter helps large corporates and regulated organisations strengthen privacy, data protection and data governance. He combines GDPR/AVG, risk and compliance, data management, information security and cybersecurity expertise, translating complex requirements into practical governance and execution. Through Risco Consulting, he advises banks, financial institutions, healthcare organisations, regulators and large corporates on privacy governance, DPO responsibilities GDPR compliance, compliance transformation and senior stakeholder decision-making. He also started up projects in AI governance, the Data Act, the AI Act, NIS2 & the Data Governance Act. His interim leadership roles include DPO for Nationale-Nederlanden Bank, Data Protection Lead at Vattenfall and a.i. Chief Privacy Officer at Erasmus MC, covering board and C-level reporting, team leadership, regulator engagement, privacy strategy, Privacy Control Frameworks, DPIAs, maturity reviews, remediation and handovers. Since 2016, Pieter has managed or advised on around 500 personal data breach cases, including 30–40 high-impact incidents involving senior stakeholders and board-level reporting. He is comfortable working under pressure, including crisis governance and regulatory assessment. Clients value his strategic judgement, independence, pragmatism and ability to structure complex issues. Before becoming independent, he held senior consulting and leadership roles, including at Capgemini, where he founded a 160+ consultant Risk Community. Prior he worked in data management, operational risk & information security. Pieter is available for senior interim, advisory and programme-level roles, including Chief Privacy Officer (CPO), Data Protection Officer, Privacy Transformation Lead, Senior Advisor Data Protection and AI Governance, Data Protection Lead, Chief Data Officer (CDO) and Risk & Compliance Director. Earliest availability: October 2026

  • Data Protection Lead & Senior Privacy Governance Consultant (via Risco Consulting) at Vattenfall
    Apr 2023 - Feb 2025 · 1 yr 11 mos

    At Vattenfall, one of Europe’s leading energy companies and a Swedish state-owned organisation active in Sweden, Germany, the Netherlands, Denmark and the UK, Pieter held a senior interim role across GDPR, privacy governance, information security, digital innovation and regulatory change. From April 2023, he focused on improving GDPR compliance to the required level, enhancing data protection maturity, setting up a Privacy Control Framework and establishing a clearer way of working within the privacy organisation. A major part of the assignment concerned a highly sensitive change programme within Customer Service Operations, Vattenfall’s largest department, involving a C-level executive, the Central Works Council and customer service employees. Pieter connected decision-making with day-to-day execution in a context with substantial organisational and employee impact. From June to November 2023, he also covered IAM-related cybersecurity topics as a a.i. Programme Manager, including authorisation, logging and monitoring. From January 2024, as Data Protection Lead, Pieter built and led a new Data Protection Team of 5 FTE and an IAM expert. He oversaw DPIAs, the data processing register, Legitimate Interest Assessments, Personal Data Breaches and other privacy and risk assessments, and advised Directors and C-level stakeholders on data protection matters and sensitive incidents. From September 2024, Pieter led AI Act and Data Act compliance teams, linked to Vattenfall’s innovation agenda and climate-smart digital solutions for customers. He also participated in the Agile & Project Management Team in 2023 and the Digital Innovation & IT Team from January 2024, and from March 2024 led several Data Protection and Information Security taskforces. Across the assignment, his work combined GDPR expertise, senior stakeholder engagement and practical leadership in strengthening Vattenfall’s data protection capability. He completed the assignment in February 2025.

  • a.i. Chief Privacy Officer (via Risco Consulting) at Erasmus MC
    Mar 2022 - Jan 2023 · 11 mos

    As interim Chief Privacy Officer (CPO) at Erasmus MC, the largest academic medical centre in the Netherlands, Pieter worked in a complex healthcare, research and innovation environment. Erasmus MC aims to leverage its international reputation and become one of the world’s top twenty medical institutes by 2030. Within this context, Pieter led the Privacy Knowledge Organisation, consisting of 6 FTE privacy lawyers and privacy officers, and contributed to the further development of the privacy function, governance and operating model, including priorities, responsibilities and ways of working. His responsibilities included the creation and set-up of a Privacy Control Framework, the development of the privacy strategy together with the DPO and Head of Legal, and the update of privacy policies and procedures, including DPIA-improvement, privacy policies, data breach handling, data subject rights and other key privacy processes. He was also involved in setting up and implementing the Privacy by Design solution and contributed to matters concerning data governance, digital law and ethics, including the translation of legal requirements into workable processes for care, research, support functions and innovation initiatives. The role required GDPR and data protection expertise, organisational coordination and pragmatic implementation in an environment where privacy is closely connected to patient care, medical research, scientific collaboration, data governance and innovation. It also required alignment with senior stakeholders and coordination with legal and DPO functions. Pieter deputised for the Data Protection Officer in her absence, supporting continuity in privacy oversight, advice and escalation. After the appointment of a permanent CPO, he completed the handover in January 2023.

  • Expert Consultant GDPR Compliance & Privacy Governance (via Risco Consulting) at ABN AMRO Bank N.V.
    Aug 2021 - Mar 2022 · 8 mos

    Within ABN AMRO’s Privacy Programme, Pieter held a senior advisory role in Detecting Financial Crime (DFC), the bank’s largest business unit with more than 4,000 FTE. ABN AMRO is a leading Dutch bank providing personal and corporate banking services, with a focus on inclusion, sustainability, social entrepreneurship and innovation. In this highly regulated financial services and financial crime environment, Pieter provided expert analysis and advice on the state of GDPR compliance and data protection maturity, translating AVG/GDPR requirements into a practical privacy governance, risk and control approach for the business, including KYC, AML and customer due diligence contexts. A key part of the assignment was the creation of a tailored GDPR Compliance Control Framework, integrating core data protection components such as Privacy Governance, Privacy Awareness, Privacy Policies, the Data Processing Register, DPIAs, Anonymization versus Pseudonymization, Data Quality, Information Sharing, Privacy by Design, Security of Personal Data, lawful basis, purpose limitation, data minimisation and other essential AVG/GDPR controls. The work required senior judgement on how legal obligations, risk appetite, operational processes, regulatory expectations and financial crime requirements should come together in a workable data protection framework. Pieter also delivered maturity assessments, as-is and to-be analyses, gap analyses and an improvement plan, preparing the handover to implementation and integration into the business. His work combined GDPR expertise, privacy risk analysis, data protection governance and pragmatic senior stakeholder advice in a complex banking context where lawful processing, accountability, controls, data quality, auditability, secure handling of personal data and responsible information sharing are central to both regulatory compliance and effective financial crime detection. The client provided a recommendation in March 2022 – see below.