Background - Practices (Details)

Privacy & Cybersecurity


Privacy and cybersecurity issues are becoming increasingly important in today’s technologically advancing environment. More than ever, companies need to understand their rights and obligations in this area and need to be aware that non-compliance may not only result in heavy fines but will also be perceived very negatively by the market.

The EU General Data Protection Regulation (in force since May 2018) introduced new principles, concepts and obligations, which have resulted in many companies revising their personal data processing practices and culture. Crucially, the Regulation i) extends the enforcement powers of data protection authorities (e.g., by way of heavy fines) and ii) is of wide-reaching effect: it affects not only those businesses established in the EU but also companies that are not established in the EU but that are offering goods or services to data subjects in the EU or who monitor the activities of such data subjects.


For more than two decades, we have been closely monitoring EU and Belgian developments in the data protection area. During this time, we have advised many national and multinational clients from different industry sectors, with a particular focus on life sciences, TMT, energy, utilities, retail, as well as HR departments in general.

In order to provide our clients with a pan-European and global service, we have developed a network of experienced data protection lawyers in other jurisdictions with whom we have had strong ties for many years. We are also closely involved in Crowell & Moring’s U.S. Data Protection and Cybersecurity group and work closely with our U.S. colleagues on cross-border issues involving the international transfer of personal data.

The Challenges of New Technology

In this technological age, an important part of our practice consists of advising clients on the processing of personal data through the internet, the storing and international transfer of personal data and related cybersecurity issues, the use of “big data” and profiling for marketing purposes, the use of new technologies in the workplace, such as email monitoring and the use of social media by employees. In particular, we advise telecommunications companies and internet service providers regarding sector specific data protection obligations.


We help our clients achieve data protection compliance through day-to-day counseling and contractual work and through global and Europe-wide privacy audits. We analyze our clients’ existing data protection practices and make recommendations for compliance. In this way, we help our clients to better understand their data processing, map the location and flows of the data and identify potential threats and compliance issues.

We develop and implement tailor-made privacy programs, which may include the drafting of privacy policies and procedures, notices, data transfer agreements and advice on security measures to be taken. We assist our clients in their contacts with the various Data Protection Authorities in Europe.


It is not enough that our clients know the law and have the necessary policies and procedures in place to handle data in a safe and secure way. The knowledge and culture of the people actually handling the personal data on a daily basis is crucial. It is pointless to have policies and procedures in place when these are not applied and complied with in practice. An important part of our service therefore consists of training key staff on applicable law and the client’s internal procedures.

Our Team

Our privacy and cybersecurity team is composed of experienced lawyers from each of our firm’s core practice areas, including corporate, commercial, employment and TMT. The practice is led by partners Frederik Van Remoortel (CIPP/E, former member of IAPP European Advisory Board) and Maarten Stassen (former member of the IAPP European Advisory Board), who also focuses on other legal and operational aspects of the digital ecosystem. Partners Thomas De Meese, who has a particular focus on TMT and competition law, and Emmanuel Plasschaert, who concentrates on HR data protection complete the Brussels team.

Crowell & Moring’s group, which is composed of ‘excellent data privacy experts’, has a focus on advising clients from the healthcare, life sciences, energy and TMT sectors. […] Frederik Van Remoortel provides ‘practical and to-the-point advice’ and heads a team that also benefits from the experience of competition and regulated industries partner Thomas De Meese and employment specialist Emmanuel Plasschaert. Legal 500 EMEA, 2018

Maarten Stassen, who has extensive experience in data protection matters, joined from Deloitte Legal in October 2017.” Legal 500 EMEA, 2019

“Senior counsel Frederik Van Remoortel is ‘reliable like a Swiss watch’” Legal 500 EMEA, 2016

Representative Matters

Day-to-day Advice

  • Regularly answered questions such as: ‘Can I transfer this set of personal data to third parties in the US?’ ‘How long must I retain certain personal data?’ ‘Can I use customers’ personal data for targeted advertising?’
  • Advised on the use of customers’ personal data for the installation of so-called ‘smart meters.’
  • Advised several companies on data retention periods.

Privacy Audits

  • Worldwide privacy compliance projects with respect to personal data processed by the HR departments of a U.S. and a Belgian multinational.
  • Privacy audit and compliance project for an important Belgian telecommunications company (including customer and supplier data, user data, and marketing data).

Litigation and Contractual Work

  • Conducted legal proceedings with respect to the conformity with privacy laws of a ‘bad payer list’ set up by several undertakings in the same sector.
  • Reviewed contractual documents between doctors, hospitals, patients and the client (a manufacturer of medical devices), and notified the client’s data processing with the relevant data protection authority.
  • Drafted privacy policies: for the personnel of several Belgian and multinational companies, (e.g., in the telecommunications sector); and for the websites of national and multinational clients.