AVG stands for Algemene Verordening Gegevensbescherming. It is the Dutch name for GDPR, the EU regulation governing personal data. Same regulation, same articles, same fines. The only difference is the language: Dutch contracts and Dutch regulators write AVG, English ones write GDPR.
If you operate in the Netherlands or Flanders, your customers and your legal team will use AVG. If you operate across the EU in English, you will use GDPR. They mean the same thing.
Why the name matters
The naming inconsistency is mostly cosmetic, but it causes real confusion in cross-border deals. A Dutch buyer reading an English DPA may wonder why "GDPR" appears everywhere and "AVG" nowhere. They are not different obligations. The English DPA is just written in English. A bilingual vendor will typically have a Dutch DPA referencing AVG and an English DPA referencing GDPR, both binding, both saying the same thing.
In Belgium, the same law is sometimes referred to in French as RGPD (Règlement général sur la protection des données). Again: same law.
When to use AVG versus GDPR
In Dutch-language privacy policies, contracts, support tickets, and onboarding flows, use AVG. The customer expects it. In English-language equivalents, use GDPR. Mixing them in the same document is fine if you parenthesize the first occurrence ("AVG (GDPR)" or vice versa), but pick one as the primary reference per document and stick with it.
Dutch authorities, including the Autoriteit Persoonsgegevens, use AVG in all their communication. If you ever need to file a data breach notification with them, the form will use AVG.
What does not change
The substance of compliance is identical. Lawful basis, purpose limitation, data minimisation, storage limitation, accuracy, integrity, confidentiality, accountability. These six principles are the heart of both AVG and GDPR. The DPIA, the DPO, the data subject rights, all the same. Translating the name does not translate any of the obligations away.
In Keloa
In Keloa, we offer a Dutch-language DPA (Verwerkersovereenkomst) that references AVG and an English-language DPA that references GDPR. Both are the same agreement. Our sub-processor list and data residency statement satisfy AVG and GDPR equally. See security for the full posture.