Securing your business secrets: a 5-step guide

It’s the fear of many companies: the fruit of your labour ending up in the hands of a competitor. The protection of know-how, intellectual property and commercially sensitive information is vital for success. We explain how to effectively protect these assets under Dutch law in 5 essential steps.

By Bas van de Scheur

Expertise: IP & Advertising


It’s the fear of many companies: the fruit of your labour ending up in the hands of a competitor. The protection of know-how, intellectual property and commercially sensitive information is vital for success. We explain how to effectively protect these assets under Dutch law in 5 essential steps.

Intellectual property (IP) rights should be the first layer of protection around your intellectual capital. Intellectual property rights are ownership rights and include a wide range of rights, under which patent rights, copyrights, trademark rights, design rights, tradename rights, and database rights.

An essential insight in IP management is understanding that patents, while significant, should not be regarded as the sole or ultimate objective. While patents are often celebrated as key symbols of innovation and legal protection, a balanced perspective is crucial. Firstly, obtaining a patent can be a costly endeavour. According to the Netherlands Enterprise Agency (RVO), the process involves expenses ranging from €25,000 to €50,000, covering application, attorney, and examination fees. Secondly, articulating the uniqueness of your invention is a complex task. It requires a strategic balance in presenting your innovation, ensuring that it is distinctive yet not excessively narrow in scope.

A few additional important things to keep in mind regarding IP rights:

While IP rights can cover much of a company’s data and know-how, they may also leave a wide range of potentially valuable trade secrets unprotected. Consider Coca Cola’s recipe: a meticulously guarded trade secret with enormous value but unprotected by IP law.

The Trade Secrets Act
Instead of protecting the information itself, like IP rights do, the Dutch Trade Secrets Act, which is the Dutch implementation of the EU Trade Secrets Directive (2016/943), protects the entrepreneur’s good faith commercial efforts to maintain confidentiality, provided that the entrepreneur has taken reasonable measures to ensure confidentiality.

The Trade Secrets Act protects against the acquisition, use, or disclosure of your trade secrets without your consent. You will have to tolerate the use and disclosure of trade secrets if someone else independently discovers or creates the same information or if the trade secret is discovered by way of reverse engineering.

Information or know-how is a trade secret if it ticks three boxes:
We will discuss confidentiality in employment relationships in Step 3. Technical measures will be discussed in Step 4.

NDAs and confidentiality clauses in B2B contracts
One of the conditions for enforcing your rights under the Trade Secrets Act is that you have taken reasonable action to protect trade secrets against unauthorized use or distribution. In B2B contractual relationships, the primary legal instrument for protecting such information is a Non-Disclosure Agreement (NDA) during the negotiation phase and the confidentiality clause in the negotiated commercial contract.
Content of the NDA/confidentiality clause
Under Dutch law, both confidentiality clauses and NDAs are commonly used. It’s essential to carefully include specific details and obligations to protect the confidential information. To craft an effective NDA, certain key elements should be included:

Sooner or later, people will leave your organization. They will take valuable knowledge about your technology or business model with them. Incorporating specific clauses in employment contracts can help protect against that knowledge being used by competitors. These agreements form an important next layer of protection against both intentional and unintentional transfer of company know-how to competitors.

Confidentiality clause
A confidentiality clause in your employment agreements is required for successful redress under the Trade Secrets Act (see Step 2). Similar requirements apply: the confidentiality clause should include a definition of confidential information, how the information should be handled, and may include penalties for breaches.

Documents clause
A variation on the confidentiality clause is a so-named documents clause. This stipulates that employees can only keep company documents under possession for business reasons and must return or discard them immediately thereafter. Any copying or downloading of company documents during a holiday or after termination of employment, constitutes a breach of this clause, regardless of the use of the information.

Non-compete clause
A mere confidentiality clause might not be enough to fully protect your company know-how, as monitoring former employees who join a competitor, supplier or other business relation is challenging.

For this reason, including a non-compete clause in key staff contracts is advisable. This clause restricts employees from working with or for a competitor, and sometimes suppliers and business partners, for a limited period post-employment.

While common in the Netherlands, non-compete clauses must be drafted carefully, balancing the company’s need to protect its know-how and the employee’s right to work freely.

Key considerations in drafting non-compete clauses include: Penalties
The employment agreement can impose a penalty for violating the obligations described under this Step 3. The purpose of the penalty is twofold. Firstly, it allows for financial compensation without having to demonstrate damages and causation. Secondly, it acts as a deterrent to employees who might assume you will not go through the trouble of court proceedings to prevent them from joining a competitor or breaching confidentiality agreements. Importantly, the collection of a penalty does not prevent you from simultaneously taking legal action to stop the infringement.

Congratulations on getting your paperwork in order! However, there’s more to do: implementing physical and digital security measures is essential for protecting your sensitive information. Focus on two main goals: securing your data and monitoring how it’s handled within your company. Keep the GDPR in mind, some employee-focused security measures require GDPR-compliance steps.

Physical and digital security measures
From a cybersecurity perspective, it may be challenging to prevent employees from unauthorized access to or disclosure of trade secrets, particularly if they have access to sensitive information in their day-to-day job. Here are several key security measures commonly adopted by companies to mitigate these risks:
Note: implement security measures within the boundaries of the GDPR
Certain security measures, such as methods like DLP and access log reviews (see above) involve the monitoring of employees’ digital behaviour. Although such measures have become more common in many workplaces, they involve legal risks, especially from a privacy-perspective. 

When conducting employee monitoring activities, it is essential to comply with the European Union's General Data Protection Regulation (GDPR). The GDPR governs the processing of personal data within the EU and imposes strict requirements on employee monitoring, as it is considered an intrusive measure affecting employees’ right to privacy.

Key considerations for GDPR-compliant employee monitoring to prevent theft or leaking of trade secrets include:

Actions against competitors or (former) business partners: IP enforcement
In the realm of IP enforcement, you have several options to protect your assets. This involves taking legal action against any entity that infringes upon your IP rights. The scope of these actions can range from cease-and-desist orders to pursuing litigations for infringement. The key is to identify the infringement promptly and respond decisively, utilizing the full extent of IP law to safeguard your interests. This could include filing for injunctions, seeking damages, and enforcing any IP agreements or licenses that have been violated.

Actions against competitors or (former) business partners: Trade Secrets Act
If you believe that your trade secrets have unlawfully been used or distributed, there are three options of redress under the Trade Secrets Act, which can be pursued simultaneously, consecutively, or selectively. Each option requires a prior court order.

You can prohibit someone who unlawfully acquired your trade secrets to use or disclose the trade secrets or to design, produce or market goods based on those trade secrets. A court may also order a recall of products, destruction of documentation or data with your trade secrets, or a public admission of their unlawful use.
You can seize infringing products to prevent their market entry.

A cautionary note: enforcing your rights in court proceedings under the Trade Secrets Act may require you to further disclose the trade secrets to the court and to the other party or parties. After all, you will need to prove that the information is indeed a trade secret and that it was unlawfully obtained, used, or disclosed. Also, this information may end up being used in the judgment. This means that you may end up in a tighter spot than before. Against this background, additional measures to safeguard confidentiality have been introduced in the proceedings. These may include the use of confidentiality clubs, where only a limited group of people (such as lawyers and experts) are granted access to the confidential information. Additionally, courts can issue confidentiality orders and conduct parts of the proceedings in a closed setting to prevent disclosure.

Actions against (former) employees
The intentional distribution of confidential company information can be a ground for (immediate) dismissal and is also a criminal offense punishable by up to six months of imprisonment.

In addition, you can bring a claim before a civil court for breach of a confidentiality or a non-compete obligation. Your claim can consist of the following elements:
Unfair competition claims
As a last resort, if you are completely left unprotected by IP law, the Trade Secrets Act, NDAs or non-compete clauses, you can assert your rights through an unfair competition lawsuit. This involves arguing in court that a former employee or competitor has illegally obtained, used, or disclosed confidential information and you suffer damages as a result. The court’s assessment is rigorous, focusing on the legality of the actions, the confidentiality of the information, the harm caused and the parties’ conduct. The court may impose restrictions on the further use of the information and/or award damages. However, an unfair competition claim should be seen as a final option, not a primary strategy. Instead, implementing the previously discussed measures can greatly improve your chance of success in court.

Bas van de Scheur

Employment Law

Laura van Gijn

IP & Advertising

Olivier Schotel

Dispute Resolution

Julia van der Veen

Data & Digital Services

Bas Dijkmans van Gunst

Data & Digital Services

Become part of our changemaking community and sign up to our newsletters for the latest updates.