What are the most significant cases, projects and/or transactions that you and/or your legal team have recently been involved in?

Led NIS 2 readiness and registration, managed GDPR compliance across 7 countries/9 entities, and secured state-aid support for Romanian plant initiatives. Drove lobbying on key legislative projects (position papers, consultations, amendments), implemented involved in different AI projects for legal community.

How do you approach managing legal aspects during periods of instability or crisis to ensure the organisation’s resilience?

 Being organised: stand up a small Crisis Legal Cell, keep a single source of truth (docs, facts, approvals), and maintain a live decision log.  Assign clear roles & responsibilities: use a simple RACI so each legal/regulatory task has an owner, approver, and due date; Track laws in real time: run a legislative radar (NIS 2/GDPR/H&S/contract/risk) with alerts; update a compliance matrix and translate changes into quick SOPs; Meet statutory clocks: keep a notification matrix with templates and named owners so mandatory filings are timely and consistent; Stabilise contracts & evidence: issue standstills/waivers where needed, use short-form amendments, preserve evidence, and notify insurers/regulators early.

What strategies do you employ to ensure the successful digital transformation of a legal department while maintaining compliance with your country’s data protection laws?

This is an excellent question and squarely within my area of expertise. We drive legal’s digital transformation through governed privacy-by-design—clear roles, DPIAs, strong vendor/SCC controls, automated retention/eDiscovery, least-privilege security, and AI guardrails—ensuring full GDPR/national compliance.

  Based on your experiences in the past year, are there any trends in the legal or business world that you are keeping an eye on that you think other in-house lawyers should be mindful of?

Here are the need-to-watch trends from a data protection + industry purchasing lens (with the “so what” for in-house):

EU AI Act goes live in phases: build AI policy, model/vendor due-diligence, and contract addenda.

EU Data Act (from 12 Sep 2025): access/portability for IoT data and cloud switching rights;

NIS 2 = supplier security by default

Cyber Resilience Act (products with digital elements): security-by-design, vulnerability handling.

New EU Product Liability Directive: software/AI now “products

Cross-border data transfers steadier

Sustainable supply-chain laws bite: Forced Labour Regulation and EUDR deforestation rules

CBAM ramp-up

  Looking forward, what trends do you foresee in the legal landscape over the next 5–10 years that companies should prepare for?

The next decade won’t reward passive compliance—it will reward governed speed. Build a function that ships change safely: AI regulation becomes business-as-usual.  Data portability & cloud exit rights expand.

Cybersecurity duties deepen and reach the supply chain. Software/AI liability hardens. If we combine rigor with velocity, Legal becomes a growth enabler—turning new rules into competitive advantage.