Background - Practices (Details)

Privacy and Cybersecurity


Privacy and cybersecurity issues are becoming increasingly important in today’s technologically advancing environment. More than ever, companies need to understand their rights and obligations in this area and need to be aware that non-compliance may not only result in heavy fines but will also be perceived very negatively by the market.

The EU General Data Protection Regulation (in force since May 2018) introduced new principles, concepts and obligations, which have resulted in many companies revising their personal data processing practices and culture. Crucially, the Regulation i) extends the enforcement powers of data protection authorities (e.g., by way of heavy fines) and ii) is of wide-reaching effect: it affects not only those businesses established in the EU but also companies that are not established in the EU but that are offering goods or services to data subjects in the EU or who monitor the activities of such data subjects.


For more than two decades, we have been closely monitoring EU and Belgian developments in the data protection area. During this time, we have advised many national and multinational clients from different industry sectors, with a particular focus on life sciences, TMT, energy, utilities, retail, as well as HR departments in general.

In order to provide our clients with a pan-European and global service, we have developed a network of experienced data protection lawyers in other jurisdictions with whom we have had strong ties for many years. We are also closely involved in Crowell & Moring’s U.S. Data Protection and Cybersecurity group and work closely with our U.S. colleagues on cross-border issues involving the international transfer of personal data.

The Challenges of New Technology

In this technological age, an important part of our practice consists of advising clients on the processing of personal data through the internet, the storing and international transfer of personal data and related cybersecurity issues, the use of “big data” and profiling for marketing purposes, the use of new technologies in the workplace, such as email monitoring and the use of social media by employees. In particular, we advise telecommunications companies and internet service providers regarding sector specific data protection obligations.


We help our clients achieve data protection compliance through day-to-day counseling and contractual work and through global and Europe-wide privacy audits. We analyze our clients’ existing data protection practices and make recommendations for compliance. In this way, we help our clients to better understand their data processing, map the location and flows of the data and identify potential threats and compliance issues.

We develop and implement tailor-made privacy programs, which may include the drafting of privacy policies and procedures, notices, data transfer agreements and advice on security measures to be taken. We assist our clients in their contacts with the various Data Protection Authorities in Europe.


It is not enough that our clients know the law and have the necessary policies and procedures in place to handle data in a safe and secure way. The knowledge and culture of the people actually handling the personal data on a daily basis is crucial. It is pointless to have policies and procedures in place when these are not applied and complied with in practice. An important part of our service therefore consists of training key staff on applicable law and the client’s internal procedures.

Our Team

Our privacy and cybersecurity team is composed of experienced lawyers from each of our firm’s core practice areas, including corporate, commercial, employment and TMT. The practice is led by partners Frederik Van Remoortel (CIPP/E, former member of IAPP European Advisory Board) and Maarten Stassen (former member of the IAPP European Advisory Board), who also focuses on other legal and operational aspects of the digital ecosystem. Partners Thomas De Meese, who has a particular focus on TMT and competition law, and Emmanuel Plasschaert, who concentrates on HR data protection complete the Brussels team.

Practice head Maarten Stassen has a strong record in international data protection work alongside innovation technology expertise, while Frederik Van Remoortel has experience advising companies on data protection regulations and compliance. Legal 500 EMEA

‘Maarten Stassen is one of the brightest and most talented lawyers I have ever met. He is a team player, and an excellent lawyer‘. Legal 500 EMEA

“'Our firm has worked with Frederik Van Remoortel on data privacy matters during the last years. He has deep knowledge of data privacy regulations (GDPR and other pieces of legislation with privacy aspects) and has provided us with excellent guidance on data privacy matters. I am impressed with this responsiveness, accurate and practical advice.’” Legal 500 EMEA