fivehundred magazine > Interview with... > Elisabeth Thole: why women led the way in data protection in the Netherlands

Elisabeth Thole: why women led the way in data protection in the Netherlands

Partner and head of Van Doorne’s privacy team, Elisabeth Thole, talks about how the world of technology and cybersecurity has changed and how she develops a young team.

How would you describe the cultural environment of your firm?

We have an informal and open atmosphere including the layout of our offices. We want to avoid a ‘corporate’ atmosphere and we want everyone in the firm to be themselves and develop their own ideas – this nurtures creativity. It is very pleasing to see young lawyers thrive, from when they join through to taking a partnership. And the firm is big enough that there is space for people to develop.

In what practical ways do you support your team?

Examples of this is ensuring that if a team member needs time off work for family or personal reasons, they know they can talk to their team head about accommodating this. One of my team is going to become a father for the second time and he will need time off to be with his baby. Also, young women are no longer afraid to demand things and demonstrate their ambitions, I encourage them, and the young men in the team, not to be modest. I also look for ways for them to get noticed through, for example, presenting at industry meetings. Flexible working hours and being able to work from home has helped greatly in providing a balance between work and personal lives.

How has the world of technology law changed over your career?

Back when I first started, IT, data security, and the internet generally were not areas that many lawyers were concerned with. The few lawyers interested in this area were almost all men with an interest in software development and technology generally. When I started with privacy and data protection, the general view (especially among men) was that there was no money in it, it was a ‘soft’ option and it wasn’t going to go anywhere! Now privacy is an important area, especially since the arrival of the GDPR. I am one of the board members of the Dutch Association of Dutch Privacy lawyers which has recently been established. To become a member of this association, lawyers must have at least five years’ experience, show 500 billable hours spent on privacy matters, and follow the education requirements.

Is this why the majority of the names known in this practice area are women?

I think so. With the prevailing view that it was not a viable/commercial area, women took an opportunity to break in. So now, a lot of women have forged careers in this area and are some of the most experienced and sought after in the Netherlands. Of course, now there are many men too – the split is probably 50/50, at least within our privacy team.

What are the particular challenges in your practice area?

Data protection issues cut across all aspects of our lives and all practice areas. All practitioners in this area will have to collaborate with colleagues in both the private and public sectors. They generally also have sector specialisms; our team is focused on the retail sector, healthcare and life sciences, employment law and financial institutions. In the recent past, work was geared to advice on compliance (obviously the GDPR in particular). Work now is more concerned with enforcement by the national regulators, and also with when clients should notify the regulator and what to do in the event of a data breach. As we represent many multinationals, also the issue of the transfer of data out of the EEA is also a current, difficult issue.

Most lawyers in this area will tell you that Friday afternoons are when we are notified of data problems. Breaches under GDPR must be notified within 72 hours so there is very little time and we often have to work over the weekend. Hence the need that we have flexible working hours.

Those are the challenges, but what is the ‘upside’ in working in data protection?

I love the work and working with a young team. This is a highly specialised area that is going through constant innovation, clients are frequently coming to us with new questions for us to work on. I was doing IT law for 15 years before this area became what it is now and now I also have 15 years’ experience in privacy law – I feel lucky to have been able to do my job as a frontrunner in both areas.