Hall Of Fame

Firms To Watch: EU regulatory: Privacy and data protection

Formed in 2017, specialist firm AContrario.Law handles data and privacy issues for complex public and private sector projects relating to Covid-19 passes and applications, urban footfall trackers, and healthcare data. Magali Feys heads up the firm.
Lexing is primarily focused on the innovation, media, and entertainment sectors, and is noted for its integrated service encompassing GDPR and general compliance work and advice to clients on developments in data law, alongside standout litigation against Belgian and European data protection authorities relating to existing and upcoming legislation. Jean-François Henrotte is the key contact.
Morrison Foerster has a global platform, advising international clients including major European and US businesses on GDPR compliance, regulatory developments, and data breach response, as well as representing companies in high-stakes privacy litigation and data-related whistleblower proceedings. The team is headed up by Alex van der Wolk.
Simmons & Simmons hired GDPR expert Alejandro Guerrero from Gibson Dunn in June 2022, further establishing a Brussels-based international practice with strength in cross-border health data transfers.

EU regulatory: Privacy and data protection in Belgium

Allen & Overy LLP

Allen & Overy LLP‘s expertise includes GDPR compliance, cybersecurity, data aspects of cross-border transactions, and investigations, with standout work including data breach responses and proceedings before regulatory authorities. Clients include a global range of companies, with the team able to handle cross-border data transformation projects and other multi-jurisdictional mandates in concert with its international offices. The group is headed by the experienced pair of Filip Van Elsen and Peter Van Dyck, who are both able to act on contentious and non-contentious data and privacy mandates involving domestic and international enforcement bodies, and have standout knowledge of regulatory regimes and legislative developments.

Practice head(s):

Peter Van Dyck; Filip Van Elsen

Other key lawyers:

Sarah De Wulf


‘A&O supported our organization with an international incident that involved regulatory agencies in multiple jurisdictions. I was impressed with the overall coordination and pro-active support.’

‘David van Boven was my primary contact who organized contacts with regulatory agencies in multiple jurisdictions. I was impressed with the overall coordination and pro-active support.’

Bird & Bird

Bird & Bird advises global clients in key fields such as tech, media, and life sciences on GDPR compliance, data projects, and data and privacy issues relating to the creation and launch of disruptive technologies, with a standout focus on the fintech space. The firm is also active in regulatory developments at the legislative level, advising the European Commission on a framework for the transfer of data from member states to third countries. Benoit Van Asbroeck heads up the practice, handling contentious and non-contentious data and privacy issues for corporate and public sector clients, with particular expertise in co-ordinating projects that intersect data and intellectual property issues. Counsel Simon Mortier is also a key member of the team, advising on compliance and legislative frameworks as well as representing clients in litigation.

Practice head(s):

Benoit Van Asbroeck

Other key lawyers:

Simon Mortier; Marc Martens; Nicolas Carbonnelle

Key clients

European Commission

Work highlights

  • Advising the European Commission in connection with a comprehensive compliance assessment and legal analysis related to the transfers of personal data from EU Member States to third countries.


The ‘dedicated, flexible‘ team at CMS handles GDPR compliance for global clients, data breach response and risk management mandates, and large-scale data projects, as well as representing major clients including Facebook in litigation before Belgian and European data authorities. The firm acts for a wide range of global names in fields such as tech and consumer goods, and is able to collaborate with its international offices on cross-border mandates. Tom De Cordier leads the team, specialising in high-stakes global data and cybersecurity mandates, while senior associate Thomas Dubuisson takes the lead on data-related litigation, and fellow senior associate Deven Dobbelaere is noted for his work as an in-house DPO for key clients.

Practice head(s):

Tom De Cordier

Other key lawyers:

Thomas Dubuisson; Deven Dobbelaere


‘Personal client contact and practical approach.’

‘Tom de Cordier and Deven Dobbelaere provide practical and down-to-earth advice and try to think broader than the privacy practice.’

‘Dedicated, flexible, easy to connect with.’

Key clients




STIB/MIVB (Brussels public transport company)

Work highlights

  • Representing Facebook in front of the Belgian Courts in proceedings brought against Facebook Inc., Facebook Ireland and Facebook Belgium by the Belgian Data Protection Authority for a series of alleged infringements of EU and national rules on privacy protection regarding the use of cookies and pixels.
  • Advising global food manufacturer, McCain, on the implementation of the GDPR requirements across the whole spectrum of their European operations.
  • Assisiting Yondr, a young global company that helps businesses fund, design, deliver and operate their data center capacity and technical real estate, in the implementation of the GDPR across all its operations globally.


Fieldfisher advises clients across the EU and globally on compliance with an array of data and privacy regulations, encompassing GDPR, the NIS, and domestic data protection law, alongside working on strategy for upcoming directives and legislation. Alongside broad compliance advice, the firm also advises on international data transfers, data breach response, and issues around direct marketing and consumer law. Clients include major players in the fields of financial services, e-commerce, and infrastructure. Tim Van Canneyt, who has a strong focus on the e-commerce space, leads the team alongside Olivier Proust, who focuses on global compliance programmes.

Practice head(s):

Olivier Proust; Tim Van Canneyt


‘Very high expertise of FF team on data protection regulations.’

‘Their engagement with their client is outstanding. Understanding of the business model and their peculiarities is unpaired, and each and every advice they provide is practical and understandable, to the point that could be passed on to the business without filters for the layman.’

‘Great listening skills.’

‘The team is exceptional in all senses, their availability, quality of the work delivered, their knowledge of the sector as well as the privacy laws and their practical implications. The advice they provide is always practical and can be easily implemented in practice.’

‘Proactivity, many of the lawyers we work with are reactive, only perform work that we ask them too. Fieldfisher as the DPO are more proactive than other firms.’

‘The team has an excellent knowledge of data protection and all its development and is at the forefront of the operationalisation of these new developments such as the transfer impact assessments. We rely on their expertise as also shown in their engagement with the personal data community.’

‘We are looking for lawyers who have an excellent knowledge of an international environment as well as French law. We are working with Olivier Proust who meets perfectly our requirements as a French lawyer based in Belgium and working in an international environment.’

‘The people are very close and responsive. In some cases we provided tight deadlines and the team made efforts to provide an answer complying with the deadlines.’

Key clients









Brussels Bar Association

Proxyclick (Condeco Software)

Work highlights

  • Assisting Infrabel, the operator of the Belgian railroad infrastructure with all aspects related to ICT, IP and Data Protection law, and amongst others, the Network and Information Security Directive, the group’s electronic signature implementation and the review and negotiation of various DPAs.
  • Assisting several of ENGIE’s divisions and group entities on various GDPR-related issues, such as amongst others, the concepts of controller and processor and international data transfer issues, general GDPR compliance matters and complex issues involving transfers of employee data outside the EU as part of public tenders.
  • Successfully defended Europcar SA in an enforcement case before the Belgian Data Protection Authority’s Litigation Chamber.


Linklaters stands out for its work on global data projects including cross-border data transfers, high-profile data breach response issues, and litigation. The firm acts for a wide range of major clients in telecoms, tech, and life sciences, and enjoys productive relationships with EU regulators and international data authorities. Tanguy Van Overstraeten leads the team, specialising in data and IT regulatory issues, while Guillaume Couneson is a key name for GDPR compliance and litigation. Managing associate Valérie Heremans has a strong focus on transactional data and international data transfers.

Practice head(s):

Tanguy Van Overstraeten

Other key lawyers:

Guillaume Couneson; Valérie Heremans; Claudia Allatta


‘Tanguy Van Overstraeten excellent knowledge and broad expertise of GDPR – exceptionally client focused – a pleasure to work with.’

‘Highly knowledgeable team with excellent communication skills and expertise in their field. Offer advice based on their experience, which brings us new insights on what happens at a global level. Very responsive and to the point answers to our requests.’

‘We rely on their excellent and thorough knowledge in the area of privacy and data protection as well as on their professional behavior.’

‘Outstanding knowledge in this area.’

‘The Data Protection and Privacy team around Tanguy Van Overstraeten is carefully composed of Data Protection experts and IT specialists. It is well orchestrated and collaborates extremely well. Linklaters is a prestigious law firm with an excellent global network. Linklaters Brussels Office has continuously provided us with clear and good-quality advice on a wide range of GDPR compliance questions in a timely manner.’

‘Tanguy Van Overstraeten is a very experienced and very well-connected Data Protection expert with a passion for IT. He is a pleasure to work with and very responsive. We rate him very highly and appreciate his pragmatic approach.’

‘Very pragmatic solutions with high legal advice.’

‘The team is reactive, available and pragmatic.’

Key clients


Degroof Petercam Asset Management

Invest Europe



AKKA Technologies


Work highlights

  • Assisted Proximus (the largest of Belgium’s three mobile telecommunications companies) for the development and operation of a new web-based and mobile device application for medical teleconsultation in Belgium.
  • Advising a growing number of international clients in relation to global data breaches.
  • Assisting a Japanese multinational company in the framework of a data subject access request under the GDPR in the framework of a court litigation.


time.lex is a specialist firm offering deep expertise in data, privacy, and IT regulations, advising corporate clients on compliance as well as providing representation in high-profile litigation, as well as working with public sector bodies including the European Commission on the drafting and implementation of new legislation, as well as representing data protection authorities in court proceedings against corporates. The team includes a number of senior data practitioners, notably Jos Dumortier, who drafted the Belgian Data Protection Act, Edwin Jacobs, Frederic Debusseré, Geert Somers , Hans Graux, and the ‘second to noneRuben Roex.

Practice head(s):

Jos Dumortier; Hans Graux; Geert Somers; Edwin Jacobs; Frederic Debusseré; Ruben Roex

Other key lawyers:

Jolien Clemens


‘While there are many consultants and lawyers who claim to be GDPR experts, there are few that actually have the depth of knowledge and experience needed to really add value. Timelex’s team seemingly knows about every single development in the field, and is tech-savvy enough to give useful advice on how to implement a compliant data protection policy in a technically feasible way.’

‘Partner Ruben Roex’s technical expertise is second-to-none. Associate Jolien Clemens is able to dive into the details of any clinical trial document and provide clear and consistent advice to our business stakeholders.’

‘This law firm has been very service oriented and thorough on everything we have asked of them. We are a pretty demanding client and they have worked long hours for us and been very supportive of what we are trying to accomplish. In truth, we would be lost without them.’

‘We have worked with Jos Dumortier and Geert Somers and find both to be extremely professional and service oriented and intent on giving us a superb product with whatever we are asking for.’

‘Their niche expertise in technology law is what makes the team stands out. This is very valuable for the clients because the lawyers speak our language.’

‘Brilliant team with a hands-on mentality.’

‘Ruben Roex is very knowledgeable, understands the sector and goes the extra mile for his clients.’

‘The team is particularly responsive in all requests for input from them. They put a lot of effort in keeping up-to-date with emerging trends and regulations related to privacy and data protection, which gives confidence about the credibility of what they suggest.’

Key clients

European Commission

European Union Agency for Cybersecurity (ENISA)

Belgian Government




AgomAb Therapeutics






International Association of Internet Hotlines (INHOPE)

Cubic Telecom

The Riverside Company

Work highlights

  • Assisting the European Commission in drafting the proposal for an EU Regulation on the European Health Data Space.
  • Assisting Komatsu with its global GDPR compliance.
  • Assisting Luminus with its GDPR implementation.

Wilson Sonsini Goodrich & Rosati

Fielding a specialist data team with expertise in EU and US legislation and regulatory regimes, Wilson Sonsini Goodrich & Rosati advises an array of blue-chip multinational clients including Mastercard, Doordash, and Wattpad on GDPR compliance, issues relating to the Digital Markets Act and Data Governance Act, and data breach response, alongside representing businesses in litigation before the Belgian DPA and European courts. Alongside this, the firm also regularly acts in innovative cases relating to blockchain, AI, and Internet of Things. Cédric Burton leads the team, offering deep experience in EU data regulations, while Laura De Boel was promoted to partner in April 2022 and is noted for her work on AI data issues, and associate Laura Brodahl also stands out for her advice on matters relating to innovation technology. Christopher Kuner is a senior counsel specialising in privacy issues.

Practice head(s):

Cédric Burton

Other key lawyers:

Laura De Boel; Christopher Kuner; Nikolaos Theodorakis; Laura Brodahl; Roberto Yunquera


‘I’ve worked with Wilson Sonsini Goodrich & Rosati teams in the U.S. and EU and across different legal sectors. WSGR’s EU Privacy and Data Protection practice team has been exemplary to work with. The EU privacy team is always reachable, very personable and give very practice advice and thorough GDPR compliance reviews. Most of all, this team is very experiences and has provided our company with lots of valuable insights to how other companies in our industry tackle similar compliance regulations.’

‘Brilliant team, very quick and responsive. Great knowledge of data protection law, superb client base.’

‘Cedric Burton, Jan Dont and Laura de Bol are brilliant and very good to work with.’

‘Excellent insight and service.’

‘Roberto Yunquera is available for any questions and very responsive. He goes above and beyond. Laura de Boel is a true professional.’

Key clients

Mastercard International and Mastercard Europe

Aurora Innovation, Inc.

Wattpad Corp.


First Orion Corp.


Legend Biotech USA, Inc.

StockX, Inc.

Doordash, Inc.

Krëfel NV


Work highlights

  • Advising Mastercard on the General Data Protection Regulation and its implementation throughout the EU.

Baker McKenzie CVBA/SCRL

Baker McKenzie CVBA/SCRL advises clients, including major European and global businesses, on commercial data considerations, GDPR compliance, and privacy issues relating to large-scale data projects and transactions. The team also works closely with domestic and European data protection authorities on contemporary issues relating to Schrems II and health data. Elisabeth Dehareng, who has a strong record in data protection issues within the tech and IT space, leads the team, regularly working on the establishment of worldwide data protection policies.

Practice head(s):

Elisabeth Dehareng

Cooley LLP

Cooley LLP acts for major global clients including Google, Meta, and Apple, on complex data protection and privacy mandates, including data breach response and protection, internal risk management and regulatory compliance policies, and litigation before European and domestic courts on data issues of contested mergers, commercial agreements, and enforcement matters. Led by data and privacy specialist Patrick Van Eecke, the team has notable expertise in tech, e-commerce, and life sciences work, and is able to co-ordinate matters involving EU, Belgian, UK, and US elements in concert with its international teams.

Practice head(s):

Patrick Van Eecke

Other key lawyers:

Anne-Gabrielle Haie


‘Hands-on lawyers, excellent expertise, thorough handling of matters.’

‘Patrick van Eecke is first class in data protection.’

‘The collaboration with the Cooley team is great and they understand our needs and budget.’

‘Cooley have particular strengths in privacy law and specifically the requirements of life science organisations running clinical trials.’

‘Anne-Gabrielle Haie is an experienced privacy lawyer and commercially focused negotiator.’

‘The team is unique in many ways but not at least Patrick Van Eecke stands out for his exceptional legal knowledge combined with a business friendly approach. They give us the legal facts and also a risk evaluation and their suggestion and preferred ways moving forward. Patrick is highly regarded in the legal community in his area and is the one you ask for advice where you require precise legal analysis transformed to what businesses need for decision making.’

‘Patrick Van Eecke stands out for his exceptional legal knowledge combined with a business friendly approach. They give us the legal facts and also a risk evaluation and their suggestion and preferred ways moving forward. Patrick is highly regarded in the legal community in his area and is the one you ask for advice where you require precise legal analysis transformed to what businesses need for decision making.’

‘The team is very business-minded and understands the practical implications of its legal advice – which is refreshing for a law firm! In addition to being great lawyers, they are a real pleasure to work with.’

Key clients






















Keros Therapeutics

Kuwait Petroleum


Meta (Facebook)


Push Gaming

Radical Philanthropies (UkraineNow)






Women Political Leaders (WPL)

Zoom Video Communications

Work highlights

  • Advising eBay on a wide range of data protection and ecommerce-related matters to their payments business globally.
  • Representing Grindr before several EU data protection authorities and related to the compliance of this App with the GDPR.
  • Representing Google in a case against the Belgian Data Protection Authority related to the limits of the enforcement powers granted to data protection authorities under the GDPR.

Covington & Burling LLP

Covington & Burling LLP works with major global tech, pharma, and medical devices companies, alongside others, on the full range of high-level contentious and non-contentious data and privacy matters, including regulatory compliance, investigations by data protection authorities into violations of the Data Protection Act, and representation in regulatory litigation, as well as advising on EU policy initiatives and new regulations. The group is noted for its cross-border expertise, working closely with its European and global offices on multi-jurisdictional mandates, and is led by Daniel Cooper, who divides his time between Brussels and London. Henriette Tielemans left the firm.

Practice head(s):

Dan Cooper


‘The Covington team knows the law inside and out and has great local counsel contacts in jurisdictions where they may not have a large presence. They are very good at providing risk-based legal advice that is reasonable and not simply a recitation of black letter law, which is always appreciated from the in-house counsel perspective.’

‘Lindsey Tonsager is very personable and has worked with us for years. She knows our industry, is willing to come on site and interact with the team, and always makes sure we are up to speed on the latest legal issues and risks in her area of expertise.’

‘Covington have a deep technical and practical understanding of current and emerging privacy issues facing global life sciences companies. The team at Covington are incredibly responsive to request for support and provide pragmatic and actionable advice which is always gratefully received.’

Key clients

Aristocrat Technologies and Aristocrat Leisure



Bristol-Myers Squibb

Business Software Alliance

Danaher Corporation

European Federation of Pharmaceutical Industries and Associations


General Mills



Takeda Pharmaceuticals U.S.A. Inc.

The World Anti-Doping Agency (WADA)

Work highlights

  • Assisting IAB Europe in an investigation before the Belgian SA that could important ramification for the digital advertising sector across the EU.

DLA Piper

DLA Piper stands out for its work on data breach response, data transfer assessments for transfers outside of the EEA, and litigation before the Belgian DPA and European courts, including a high-profile representation of bpost before the DPA in proceedings relating to the Schrems II judgment. Clients include major international names in chemicals, internet services, and life sciences, alongside a number of public sector organisations. Counsel Heidi Waem heads up the practice, and is a specialist in cross-border data compliance and litigation work, with Kristof De Vulder also playing a key role in work for tech clients.

Practice head(s):

Heidi Waem; Kristof De Vulder

Other key lawyers:

Simon Verschaeve


‘The team is very responsive and professional. They understand each complex situation and always offer pragmatic solutions. They are also extremely available.’

‘Heidi Waem has a very in-depth knowledge about data protection matters. She understands easily issues and always focus on business oriented solutions. Simon Verschaeve works very well and helps the team to understand issues with clear explanations.’

‘DLA Piper’s data protection team definitely stands out and continues to stand out for its responsiveness, flexibility, customer-oriented and no-nonsense approach. Their advice is pragmatic and tailored to our business. They are used to working with business teams and quickly go to the essence of a matter.’

‘I have mainly worked with Heidi Waem. What I value appreciate most in her is the combination of thorough legal knowledge with a pragmatic and hands-on approach. She also has the ability to explain complicated issues in a way that it is understandable for business people.’

‘The team is very approachable, open to short tune-ups, willing to think along. The team knows and understands the business and thinks in terms of solutions.’

‘I usually work with Heidi Waem. She is hands-on, listening, able to shift gears quickly. She doesn’t get stuck in theoretical reflections, but strives for concrete and to-the-point answers to specific questions. She dares to take positions.’

‘Having a clear view on and ample experience with the Data Protection Authority’s interpretation of the GDPR and its way of investigating and deciding on alleged infringement upon the GDPR, Heidi and her team can give useful advice. This advice is based on a clear balance between the client’s commercial interest and the protection of data as required by the Belgian Data Protection Authority. Also, while giving concise and useful advice, avoiding lengthy and overly theoretically explanations, Heidi and her team clearly master all legal aspects of GDPR to the smallest detail.’

‘Heidi’s availability and engagement is exemplary, always trying to find time to quickly respond to questions or to provide advice on the spot during a meeting.’

Key clients


SD Worx People Solutions

Levi Strauss & Co




SNCB/NMBS (Belgian railways)






Work highlights

  • Acting for bpost’s in data protection and cybersecurity, including acting in important proceedings before the Belgian Data Protection Authority after a data subject complaint.
  • Acting for Levi Strauss & Co on multiple aspects of its data transfer compliance.
  • Acting for a client in the insurance sector following a hacking and large data breach, involving a significant amount of health data and data sensitive to abuse in identity fraud.


Faros constitutes the former data protection practice of contrast, led since September 2022 by Anouk Focquet, a specialist in data protection and privacy work encompassing GDPR and other regulatory compliance mandates, investigations by the Belgian DPA, and litigation before domestic and European courts on data breach management and proposed fines. The firm works with clients across a broad range of industries, as well as industry associations, notably acting as DPO for the Flemish Bar Association.

Practice head(s):

Anouk Focquet

Key clients

Orde van Vlaamse Balies

Work highlights

  • Acting as data protection officer for the Flemish Bar Association (Orde van Vlaamse Balies / ‘OVB’), advising on public interest matters such as the module for the allocation of free legal aid as set forth in the Belgian Judicial Code.

Jones Day

Jones Day advises a broad client base encompassing big tech, telecoms, and traditional manufacturing companies on cybersecurity and data issues, with standout work on data breach responses, risk management, and data transfers, alongside privacy and data elements of cross-border M&A. The team, led by Jörg Hladjk, ‘one of the top data protection lawyers in Belgium‘, also offers strategic advice on the EU Cybersecurity Directive and upcoming European data legislation, as well as global regulatory issues in concert with the firm’s international offices.

Practice head(s):

Jörg Hladjk


‘Jorg Hladjk is likely one of the top data protection lawyers in Belgium. When we have a conflict, I refer them to Jorg. I know that Jorg will provide pragmatic advice that the client can readily implement.’

‘Jorg excels at representing multi-national companies who must reconcile GDPR and other EU data protection law with the data protection laws of other regions (e.g., CCPA). Jorg is always up to speed on the latest emerging laws, regulations, trends and interpretations. Jorg’s written deliverables are exceptional, his logic and advice is always well reasoned, and his language skills enable him to deliver advice in many different languages.’

Key clients

Experian Information Systems

Verint Systems

Thermo Fisher Scientific

FragBite AB

Ferro Corporation



Visible Alpha



Major Global Investment Bank

Work highlights

  • Advising Orange on a data protection and cybersecurity assessment of MásMóvil’s data processing activities in Spain and across the EU, in the context of its agreement with MásMóvil to combine their businesses in Spain to create one of the two biggest telecoms operators in Spain.
  • Advising Trustwave, a leading cybersecurity and managed security services provider focused on managed detection and response, on GDPR compliance matters, including data protection requirements for international transfers of personal data as well as data processing agreements.
  • Advising Verint Systems on data transfers, including the new standard contractual clauses for international data transfers.

Osborne Clarke

Osborne Clarke advises a wide range of Belgian and international clients, primarily within the tech and IT spaces, on data protection and privacy issues relating to outsourcing projects, software purchase agreements, fintech, and blockchain, with standout expertise in data sharing and Schrems II matters. The team is led by Benjamin Docquir, who has a strong focus on digital technology, and handles data regulatory issues relating to innovative matters involving blockchain and artificial intelligence. Counsel Laurens Dauwe advises on electronic communications and personal data issues.

Practice head(s):

Benjamin Docquir

Other key lawyers:

Laurens Dauwe


‘Osborne Clarke advises us on data protection and several innovative projects. I consider them as a highly knowledgeable, professional and responsive team of data protection experts.’

‘Benjamin Docquir is a data protection expert with a pragmatic approach.’

Key clients



Black Tiger Belgium

Work highlights

  • Advising OncoDNA on the roll-out of their AI solution for determining optimal treatments for specific forms of cancer.
  • Advising Black Tiger Belgium (formerly known as “Bisnode Belgium”) on several strategic issues related to data protection regulations and corporate compliance.
  • Advised a Public Authority on specific aspects of their Webscraping project for the detection of fraud


ALTIUS advises a diverse client base, including major names such as Google and Beiersdorf, on GDPR compliance, data protection disputes, and regulatory issues encompassing data processing, transfers, and strategic projects. The team, led by the ‘extremely knowledgeableGerrit Vandendriessche, represents clients before European and domestic courts on issues such as Right To Be Forgotten claims, and data elements of public procurement contracts, with particular strength in the tech, commerce, and telecoms sectors.

Practice head(s):

Gerrit Vandendriessche


‘Great team with solid experience.’

‘Gerrit Vandendriessche is an extremely knowledgeable lawyer in the data protection space with solid experience in the litigation space.’

‘Driven by attention to detail in delivering pragmatic advice.’

‘Gerrit Vandendriessche puts his feet in the shoes of clients.’

‘Great expertise, good communication and documentation.’

‘They really know our business. Always added value, always a pleasure to collaborate.’

Key clients








Work highlights

  • Represented Google Belgium in right to be forgotten disputes before the Belgian data protection authority and the Brussels court of appeal.
  • Assisted a provider of electronic communications in relation to Belgian rules on data retention, lawful interception and encryption.
  • Assisted Beiersdorf on data protection compliance.

Crowell & Moring

Crowell & Moring advises a global client base on GDPR compliance, strategic data issues, and represents clients before European courts and the Belgian DPA in relation to fines, data breach issues, and consumer complaints. The firm has standout capabilities in employee data considerations, international data transfers, and advice to industry associations on emerging issues in data protection. The team is led by Maarten Stassen, with Sari Depreeuw a standout figure for tech sector data litigation.

Practice head(s):

Maarten Stassen

Other key lawyers:

Sari Depreeuw; Frederik Van Remoortel; Yung Shin Van Der Sype


‘The team led by Maarten Stassen is very practical when giving advice and business minded. They are also deeply embedded in the Belgian market with strong relationships to the DPA.’

‘Maarten Stassen has a very good commercial sense and stands out as being very pragmatic.’

Key clients

40 under 40

Audax Management

Belgian Mercedes Benz Dealer Club

Federation Europeenne des Amicales des Concessionaires Mercedes-Benz (European Association of Mercedes dealers)

Data Protection Institute


DPG Media

Federale Overheidsdienst Financiën (Federal Public Service Finance)

Group Brepoels

GLMX Technologies

Ingersoll Rand (formerly Gardner Denver)


Kia Belgium



Telenet / Liberty Global

Trane Technologies (formerly Ingersoll Rand International)

Vias Institute

Work highlights

  • Advised a leading 5-star airline with international operations to further develop and implement its global privacy and data protection programme to ensure that the quality and excellence that the company is known for is reflected in this area of their operations as well.
  • Advised on the privacy and data protection-related aspects of several studies and projects.
  • Advising a number of global businesses on data protection-related data breach notification obligations.


Deloitte advises clients on ongoing data protection compliance, including GDPR compliance, alongside data and privacy regulatory issues relating to data ownership, transfers, and retention, as well as regularly representing businesses before the Belgian DPA in data breach cases and against consumer complaints. Clients include a number of domestic and international businesses in key sectors such as life sciences and tech, as well as public sector organisations, including departments of the European Commission. Jurgen Egger and Matthias Vierstraete head up the team, primarily working on IT and intellectual property issues as well as data and privacy mandates.

Practice head(s):

Matthias Vierstraete; Jürgen Egger

Key clients

European Commission – DG Digit

Beeple NV

Aquafin NV



Nipro (NDTE)

Work highlights

  • Represented a Belgian hospital before the Belgian Data Protection Authority with regards to a complaint from a data subject.
  • Represented a public transport operator in proceedings before the Belgian Data Protection Authority against a petition platform.
  • Advising Beeple NV, a software service provider, on international data transfers, drafting of DPAs, internal procedures on data subject access rights, security incidents/etc.).


Eubelius advises a wide range of corporate clients on in-house data protection and privacy considerations, including GDPR issues, data-related projects and transfers, and also provides representation in data litigation before courts and the Belgian DPA. The team has particular expertise in the healthcare and life sciences space, as well as fintech. Data specialist Anneleen Van De Meulebroucke, who was recently promoted to the partnership, leads the team alongside Pieter Callens, who is strong in IT data projects work.

Practice head(s):

Anneleen Van de Meulebroucke; Pieter Callens


‘Ms. Anneleen van de Meulebroucke is highly specialized in data protection. She combines this with litigation and a deep understanding of administrative law.’

‘We appreciate the knowledge and flexibility of the Privacy and Data Protection team of Eubelius. Highly qualified professionals, practical advice and very pleasant to work with.’

‘The Privacy and Data Protection team members are very responsive, flexible, and very professional. Dedicated to their area of law. The advice is understandable and practical to implement in the business.’

‘Eubelius has a small dedicated data protection team. This team is competent, efficient and pleasant to work with.’

‘We have been working with Anneleen Van de Meulebroucke. She is a competent and pleasant person to work with.’

Key clients

Janssen Pharmaceutical|(Johnson & Johnson Group)

Agency Digital Flanders (Agentschap Digitaal Vlaanderen)




Stad Kortrijk

Vlaamse Statistische Autoriteit




Work highlights

  • Assistance to Janssen Pharmaceutica in implementing a federated learning platform in hospitals and obtaining aggregated health data that can be further used for scientific research and framed by technical and organisational measures.
  • Representing ADF in two proceedings before the Belgian Data Protection Authority.
  • Assistance and advice to Fiberklaar in all matters of compliance with the GDPR, with a specific focus on the rules in the telecoms sector.

Hunton Andrews Kurth LLP

Hunton Andrews Kurth LLP, working in close collaboration with the firm's US teams, advises a number of high-profile multinationals on compliance with European data protection law, including GDPR and complex issues relating to new products, AI, and globalisation projects, as well as offering strong capabilities in cross-border data breach response. Practice head David Dumont is a specialist in EU and global data protection issues, and handles complex compliance mandates and contentious matters, supported by counsel Anna Pateraki.

Practice head(s):

David Dumont

Other key lawyers:

Anna Pateraki; Laura Léonard


‘We are working with David Dumont for many years. He has both a profound knowledge and great expertise on the one hand, and a very good understanding of our unique business model which allows him to provide excellent advice, tailored for our specific situation and a well-balanced practical approach.

‘The team is strong in data protection and privacy. They have a strong expertise in global and pan-EU/EMEA strategies for compliance and do an amazing job at coordinating local country answers and framing the responses up into a seamless plan/perspective.’

‘Anna Pateraki is sharp, highly responsive and practical. She provides great guidance and insights and isn’t afraid to break down an issue into the ‘bottom line’. Laura Léonard is also a strong member of the team. She always asks relevant questions and looks to understand the company’s perspective on various topics.’

Key clients

The Procter & Gamble Company

Herbalife International of America, Inc.

iHerb, Inc.

Church & Dwight

Datadog, Inc.

doTERRA International LLC

Work highlights

  • Assisting a global client with a wide variety of complex privacy and data protection matters.
  • Assisting a global company with several compliance initiatives, including building a global privacy programme framework to manage and protect all personal information maintained across the organisation.

Keller and Heckman LLP

Specialist data protection practitioner Peter Craddock joined Keller and Heckman LLP in February 2022 from NautaDutilh, bringing with him significant expertise across regulatory compliance, legislative developments, and litigation relating to data privacy and cybersecurity issues. The firm acts for a number of major European and global names, with particular strength in the travel, media, and entertainment sectors, and has argued precedent-setting cases before Belgian and European courts, including representing Proximus in a case on fundamental data protection concepts that is pending before the Court of Justice.

Practice head(s):

Peter Craddock


‘Peter Craddock is a recognized specialist in the market on tech law (including privacy and data protection). Peter combines the technical knowledge with a pragmatic approach. He is not only a specialist in tech law, but also has a good understanding of technical topics.’

‘The team is intellectually agile, energetic and always available. Our industry can be complicated to understand, due to fast-paced technology developments, and the technical background of the partner we work with facilitates a lot our interactions and significantly improves the quality of deliverables.’

‘Peter Craddock supports us in our various legal challenges. His knowledge of national and European litigation processes enables him to efficiently represent our organisation. He has become an integral member of the team, always available and providing sound advice on a wide range of topics. His pedagogy and ability to simplify has been crucial to boost communications with different types of stakeholders.’

Key clients

IAB Europe





Work highlights

  • Represented IAB Europe in litigation in an appeal against a decision by the Belgian Data Protection Authority on the Transparency and Consent Framework (TCF), and assisted IAB Europe in a range of strategic and technical discussions surrounding the TCF litigation, notably discussions with a broad range of stakeholders from the online advertising industry.
  • Assisted Proximus in pushing back against requests by the tax authorities for call detail records of Proximus subscribers, which led to a court decision against the tax authorities that is unprecedented in the telecoms sector, and represented Proximus in a case on fundamental data protection concepts that is pending before the Court of Justice of the European Union.
  • Advised Prosus on the implications of Court of Justice case law on governmental requests, including in the classifieds sector, to help proactively limit the impact on Prosus affiliated companies in the sector.

Loyens & Loeff

Loyens & Loeff acts for domestic and international companies on the full range of data protection, privacy, and cybersecurity matters, including internal policies, personal and employee data transfers, and data breach response. The team also works in close collaboration with the firm’s disputes practice in data-related litigation, including proceedings before the Belgian DPA and European courts, as well as regularly advising digital economy clients. Key names in the practice include employment-focused Filip Saelens  alongside counsel and data specialist Stéphanie De Smedt.

Practice head(s):

Filip Saelens; Stéphanie De Smedt


‘Practical advice on complex matters – thorough knowledge of data protection – clearly explaining the risks and compliance steps’

‘Stéphanie De Smedt is highly available and responsive with practical and intelligible advice in complex matters. She understands the (legal) needs of technology driven companies.’

‘Stéphanie De Smedt is consistently excellent, and very responsive, in my experience.’

‘The Loyens & Loeff team consists of experts on various aspects within the privacy and data protection framework with experience from various jurisdictions, which makes them able to give a prompt high-quality advice to their multinational clients on data protection/privacy risks in cross-border and cross-disciplinary projects.’

‘In most cases we communicate directly with Stéphanie de Smedt. Stéphanie is able to always find a suitable communication approach depending on what client’s departments/functions are involved into a discussion of a project.’

‘The Loyens & Loeff DP team in Belgium shows great expertise and experience in EU and Belgium data protection law, specifically on fairly complex issues and interplay with other regulatory laws. The team is always responsive and efficient.’

‘Stéphanie de Smedt is an expert in the field of data protection, including on key and complex topics such as sensitive data, transfers outside of the EU and data protection impact assessments. She always provides pragmatic advice of a great quality as well as recommendations at a strategic level, taking into account the business needs and the reality of industry practice.’

‘They have a deep knowledge in digital matters. They are fast and efficient.’

Key clients

Balta Group


Akzo Nobel

Meta Ireland



Work highlights

  • Represented Meta in court litigation.
  • Advised a health insurer on the implementation of a digital healthcare platform.
  • Conducted a large data privacy compliance project for a multinational industrial manufacturer.


Lydian advises domestic and international companies, including major names in financial services and telecoms, on GDPR compliance, risk management, employee data issues, and contentious issues relating to data management, cybersecurity, and surveillance. The team is led by Bastiaan Bruyndonckx, an experienced tech and regulatory lawyer, and draws upon expertise from the firm’s IT, European regulatory, and employment teams, as well as regularly receiving referrals from international law firms for cross-border matters. Counsel Olivia Santantonio is also a key contributor, specialising in the intersection of data and intellectual property.

Practice head(s):

Bastiaan Bruyndonckx

Other key lawyers:

Olivia Santantonio; Liese Kuyken


‘Lydian has very knowledgeable lawyers for the field of cyber security, that respond fast, are proactive and communicate clearly.’

‘Liese Kuyken and Olivia Santantonio have provided excellent support for incident response for cyber security. They respond quickly, have good availability and provide clear and practical advice, thinking along with the client.’

Key clients



ENGIE Electrabel




Essent Belgium


BNPP Fortis

SSI Schäfer Shop






Work highlights

  • Advising Febelco CVBA, a cooperative wholesaler distributing pharmaceuticals to pharmacies, on the further steps to achieve full compliance with the GDPR, including preparation of HR, customer and supplier facing privacy notices and review of the Register of Processing Activities (RoPA).
  • Acting as DPO for the IORP United Pensions, Aon’s multi-employer cross-border pension solution.
  • Advising Daikin Europe NV on the need for obtaining consent in Belgium for such cookies.


Boutique data firm Pierstone works with a growing portfolio of global clients, including major names in the tech space, handling GDPR and other regulatory compliance issues, transactional data, and litigation, as well as providing strategic advice to private and public sector clients on upcoming legislative developments in Belgium and at the EU level. The practice is led by data and tech regulatory practitioners Alain Strowel and Patrice Vanderbeeken, with the ‘highly skilledJeanne Jacobs providing significant in-house data protection expertise.

Practice head(s):

Patrice Vanderbeeken; Alain Strowel

Other key lawyers:

Jeanne Jacobs


‘The firm has implemented innovative solutions to assist the Group in analyzing foreign legislation in order to assess the risk when personal data is transferred outside the EU. The analyses carried out are realistic, objective and conducted with seriousness.’

‘The firm’s contacts are attentive, responsive and provide good advice. They ensure that the answers provided and documented meet expectations and if this is not the case, the questions are taken up and worked on so that the answers are provided. Patrice Vanderbeeken always oversees these aspects and is committed to ensuring that this is always the case.’

‘Experience and ties with many different other countries which are relevant to us. Teams speak French and English which is very helpful in our company.’

Key clients

Catalina Marketing

Rotterdam The Hague Airport

Lelystad Airport

Eindhoven Airport

Prime Alliance

Meters & More

EDSO for Smart Grids

European Energy Information Sharing and Analysis Centre

Polyolefin Circular Economy Platform

Microsoft Inc

Pierre & Vacances


Sequoia Capital (India)


Jensen Group


Cyril Amarchand Mangaldas

Gas Infrastructure Europe




ES Broadcast


Brussels Regional Informatics Centre (BRIC)


Toyota EU Headquarters

Nike EU headquarters

Unioncamere Europa ASBL


Rio Tinto

Work highlights

  • Advising MST on the new Data Governance Act (DGA) and its potential application to MST’s products and services.
  • Advising the Brussels Regional Informatics Centre on the digitalization of the public services of the Brussels Region, including assistance with GDPR compliance in relation to the development and management of a new platform.
  • Advising Catalina on various GDPR, ePrivacy and other EU data related legislation.

Van Bael & Bellis

Van Bael & Bellis' ‘very professional‘ team, led by counsel and data specialist Thibaut D’hulst, advises European and global businesses on GDPR compliance, strategic data projects, and cross-border data transfers relating to transactions and commercial agreements. The firm is particularly strong in the life sciences and pharma space, advising multinational companies on issues such as the retention of Covid-19 patient data.

Practice head(s):

Thibaut D’hulst


‘Van Bael & Bellis is very knowledgeable, understands the sector and has a solution-oriented approach.’

‘Thibaut D’Hulst is very professional, supported with strong expertise.’

Key clients



CSL Behring

Encoded Pharmaceuticals

Gedeon Richter


Super League Triathlon

Work highlights

  • Advised the Belgian Federal Government with regard to the storage of their Covid-19 testing database for further use.
  • Assisted Super League Triathlon with data protection compliance relating to the development of its PQ service, a platform stimulating employee health by (i) allowing teams within an organisation to compete and (ii) providing advice on training and nutrition.
  • Advised Pharma.be on the use of Real World Evidence.

Erkelens Law

Specialist aviation sector firm Erkelens Law works with global airlines and aviation companies, as well as e-commerce businesses, on data security issues relating to passenger information, health data, and privacy issues in the security space, particularly as concerns drones. The firm has notable capabilities in Passenger Name Records work, including litigating the issue before the ECJ. Catherine Erkelens heads up the team.

Practice head(s):

Catherine Erkelens

Key clients

Siemens Healthineers

All Nippon Airways

Pro Basketball League

World Arts Auctions.

Work highlights

  • Advised Siemens on implementation of GDPR compliance, review of contractual documents from a GDPR perspective.
  • Advised World Arts Auctions on data protection issues relating to online sales.

Monard Law

Monard Law, led by Kristof Zadora, handles commercial data matters for public and private sector clients, advising on GDPR compliance, e-privacy issues, data projects, and the use of personal data in marketing, as well as offering corporate clients an external DPO service. The team regularly handles cross-border mandates for international clients, and also includes specialist data protection practitioners Jill Leen and Jenna Auwerx.

Practice head(s):

Kristof Zadora

Other key lawyers:

Jill Leen; Jenna Auwerx


‘The team is always on top of things, whether it is due to their pro-active and pragmatic approach or a stellar knowledge of the applicable law and jurisprudence combined with a thorough understanding of our business. This really increases the efficiency and efficacy with regard to tackling any challenge. And where any of the aforementioned knowledge would be missing they can turn on a dime and master or research any such knowledge in full as may be required. The aforementioned combined with a down to earth, tailored and realistic approach towards any challenge and their client really sets this team apart.’

‘They distinguished themselves as team members by their good communication skills, sound judgement and analytical skills among many other qualities. Combined with their empathy, perseverance and people skills, it really creates a sense of a team effort and the idea that we really are all in it for the long haul while establishing a long term relationship.’

Key clients

WEAREONE.WORLD (Tomorrowland)

Dewaele Vastgoed en Advies

Dobco Medical Systems

Chili Publish




IPL Loomans

Metallo Group / Aurubis

Agentschap Facilitair Beheer



European Economic Association

Merit Capital



Work highlights

  • Advising the Tomorrowland group on all privacy and data protection questions related to the launch of its (digital) events and innovative endeavours.
  • Advised Lantis on privacy and data protection matters regarding a new digital access control system for a multi-million EUR mobility project.
  • Assisted IPL Loomans on conducting an overarching privacy and data protection compliance programme with cross-border (North America) aspects.

Simont Braun

Simont Braun advises high tech-focused clients, including IT companies and fintech disruptors, on data and privacy aspects of digital projects, product development, and operational issues, as well as representing clients before domestic and European courts in litigation relating to data breaches and regulatory violations. The team is overseen by Joan Carette, who has standout expertise in fintech, e-signature, and e-identification issues, alongside intellectual property specialist Emmanuel Cornu. Senior associate Jean-Christophe Vercauteren is also a key player in the firm’s data work in the fintech space, most notably handling blockchain projects.

Practice head(s):

Joan Carette; Emmanuel Cornu

Other key lawyers:

Jean-Christophe Vercauteren


‘Fast responses.’

‘Responsive team that provides quality advice.’

‘Joan Carette, partner, provides practical advice. Jean-Christophe Vercauteren, associate, is a great contact, responsive and provides quality advice.’

Key clients

Belgian mobile ID (Itsme)



Work highlights

  • Advises Belgian Mobile ID on its landmark and innovative mobile identification project.
  • Assisting Doctor Anytime Belgium, an internet platform gathering professional data of health professionals, in an administrative proceeding before the Litigation Chamber of the Belgian Data Protection Authority.
  • Advising Akulaku on their arrival on the European market through their Wisecart and Silvrr brands.

Steptoe & Johnson LLP

Steptoe & Johnson LLP advises a diverse global client base on regulatory compliance, including internal data and cybersecurity policies, responses to the Schrems II directive on personal data transfers, and issues relating to cookie frameworks. The team also has capabilities in data breach response work, including notifications, containment of breaches, and ensuing litigation before European data protection authorities. Anne-Gabrielle Haie was a new arrival in March 2023 from Cooley. Charles Helleputte left the firm in October 2022.

Practice head(s):

Anne-Gabrielle Haie

Key clients





Array Alliance

Intofuture Technology


Candlestick Technologies Corporation

Assured Partners

Lilium GMBH

International Lesbian Gay Bisexual Trans & Intersex Association

Bank of China

SRAM LLC & World Bicycle Relief

Université Catholique de Louvain

Work highlights

  • Assisting Bitfinex in the privacy and cybersecurity aspects of the launch of its tokenized securities exchange, Bitfinex Securities.
  • Assisting Auto-ISAC in ensuring that the set of procedures and structural arrangements (such as information sharing agreement) that are being developed at EU-level uses existing documentation prepared by Auto-ISAC for its members in the United States.
  • Assisted Vesuvius in building arguments that would justify the company not to produce certain documentation in courts proceedings in the United States.


Stibbe combines regulatory compliance advice to global TMT clients with representation in litigation before the Belgian DPA and European courts, including challenges to existing and proposed regulations and data breach response cases. The firm’s expertise includes work on data transfers, cross-border internal compliance issues, particularly advice to US clients on compliance with the EU Privacy Shield, and GDPR work, with practice head Erik Valgaeren a specialist in the intersection of data and privacy regulation with commercial tech, telecoms, and e-commerce concerns. Associate Carolien Michielsen has a strong focus on data and cybersecurity in relation to new technologies, AI, and digitalisation projects.

Practice head(s):

Erik Valgaeren

Other key lawyers:

Carolien Michielsen; Jan Joos


‘Theoretical and practical knowledge.’

‘Erik Valgaeren: precision, knowledge, reactivity.’

‘Stibbe is very responsive and professional, the team understands our needs and issues, provide comprehensive analysis and pragmatic solutions. As a firm with a strong presence within Europe, Stibbe understands the local privacy and data compliance practice well, which provides us insight to implement our compliance framework.’

‘Erik Valgaeren is very professional. He has very good knowledge and experience pertaining to GDPR and data compliance. Our concern about data compliance are addressed accordingly and timely and he also understands our business model well.’

‘The team are very willing to work on cross-border issues and under time pressure. We appreciate their in-depth knowledge on regulatory matters and data protection.’

‘Eric Valgaeren and Jan Joos are pragmatic and very responsive. Eric’s deep knowledge is greatly appreciated.’

Work highlights

  • Advise the Flemish Government on their project to set up a “data utility company” in order to enhance a safe and fast flow of all types of data and to create a data driven ecosystem through data pods of citizens.
  • Represented ING Belgium in a dispute before the Dispute Chamber of the Belgian Data protection Authority, following an investigation by the Inspectorate Service of the Data Protection Authority of – amongst others – ING’s IT systems.
  • Advised Bridgestone on the GDPR implications of the contemplated use of an HR-recruitment application provided by the external vendor Beamery Ltd and on the preferred (customizable) settings of that application in light of compliance with GDPR.