Practices

Education

Universitat Pompeu Fabra, Barcelona, Spain
Catholic University of Leuven, J.D., cum laude

Admissions

Belgium

Languages

English
Dutch (Fluent)
French (Fluent)
Spanish (Fluent)
Catalan (Fluent)

Privacy & Cybersecurity – Risky Business: Preparation, Prevention, Regulation

Click to read this article from
Crowell & Moring's Regulatory Forecast 2018.

Maarten Stassen

Partner

Brussels

mstassen@crowell.com
Phone: +32.2.214.2837
7, Rue Joseph Stevens
Brussels, B - 1000
Belgium

Maarten Stassen is a partner in the Brussels office of Crowell & Moring, where he is a member of the firm's Privacy & Cybersecurity Group. His practice focuses on privacy and data protection, including the General Data Protection Regulation (GDPR) and cross-border data transfers solutions, as well as on the legal and operational aspects of the digital ecosystem, including Internet of Things (IoT), MedTech, and upcoming technologies such as Distributed Ledger Technology (e.g. Blockchain).

Before joining Crowell & Moring, Maarten was a director in Deloitte’s Cyber practice, as well as the Faculty Leader of the European Privacy Academy. He has been focusing on privacy and data protection law for many years, first as a lawyer in both Spain and Belgium, and later as European Privacy Officer of an international health insurance company.

Characterized by his entrepreneurial spirit and drive to provide client-specific, business-focused, practical and pragmatic advice, Maarten has extensive experience advising a wide range of private organizations and public sector entities on national and international privacy and data-protection-related matters. Clients include household names in the automotive, MedTech, transportation, financial services, life sciences, and retail sectors.

Maarten has both a Belgian and a Spanish law degree. His international experience helps to provide a different point of view for his clients. Maarten is fluent in Dutch, English, French, Spanish, and Catalan.

Maarten is Vice-Chair of the American Bar Association (ABA) Privacy and Computer Crime Committee (Science & Technology Law Section) and Co-Chair of the Brussels KnowledgeNet of the International Association of Privacy Professionals (IAPP), as well as a former member of its European Advisory Board. He teaches at the Data Protection Institute and is a frequently asked speaker at privacy and data protection events.

Being a practitioner in matters of blockchain, Maarten is part of the Beltug Blockchain Task Force which meets, discusses, and makes suggestions and recommendations to Beltug regarding issues, activities, and lobbying efforts that can be undertaken in the area of blockchain. Topics can extend beyond the national borders of Belgium.

Representative Matters

Advised several national and international companies on how to prepare in a practical, pragmatic, and legally compliant manner for the General Data Protection Regulation (GDPR). Clients include European and Asian car manufacturers, a major international player in the beverage industry, as well as several leaders in the MedTech and retail industry.
Advised several international companies, including leaders in the travel and leisure industry, on international data transfer mechanisms such as Binding Corporate Rules and standard contractual clauses, which included the review, drafting, and submission of the corresponding legal documents.
Lead a team that carried out Binding Corporate Rules on-site audits on a worldwide scale and advised on the different legal and operational aspects of such a program.
Advised a U.S.-based international leader in the food industry on the implementation of a global privacy program.
Advised a global fashion company on the implementation of a global privacy program.
Advised several international players in the financial services industry on compliance with privacy and data protection matters.
Advised several start-ups on building their business case in a privacy and data protection-compliant manner.
Advised on the privacy and data protection-related aspects of upcoming technologies such as Blockchain.
With his experience in the new European data protection framework, lead several GDPR readiness assessment projects at companies of different sizes and industries, allowing organizations to take informed and risk-based decisions and guiding them through the change process towards practical and pragmatic compliance with the new GDPR requirements.
Apart from teaching frequently on the subject and chairing and facilitating half-day IAPP workshops on Data Protection Impact Assessments (DPIAs), Maarten has the practical experience of carrying out DPIAs for several clients. The focus of the assessments is to limit the likelihood of any data breach or privacy-intrusive operation and to implement the “Privacy by Design” concept in a business-focused, effective, and legally compliant manner.
As the Faculty Leader, speaker, and facilitator at the European Privacy Academy, Maarten has been teaching for several years on various privacy-related topics, including Privacy by Design, Privacy Impact Assessments, breach notification, privacy vs. security, HR-related topics, etc.
As European Privacy Officer of a major international health insurance company, Maarten was in charge of implementing its global privacy program in the European divisions.

Affiliations

Admitted to practice: in Belgium and before the European Court

Other Affiliations

American Bar Association (ABA), Privacy and Computer Crime Committee (Science & Technology Law Section), Vice-Chair
Member Beltug Blockchain Task Force
European Advisory Board, International Association of Privacy Professionals (IAPP), 2014 – 2016
IAPP KnowledgeNet Brussels, Co-Chair
IAPP - Certified Information Privacy Professional/Europe (CIPP/E)
IAPP - Certified Information Privacy Manager (CIPM)

Speeches & Presentations

"Data Protection Impact Assessments, The Full Picture," IAPP Europe Data Protection Congress 2019, Brussels, Belgium (November 19, 2019). Chair and Speaker: Maarten Stassen.
"GDPR, CCPA, and other Hot Topics in Data Privacy," Silicon Legal Strategy, Santa Monica, CA (November 12, 2019). Presenters: Jeffrey L. Poston, Paul M. Rosen, Maarten Stassen, Jarno Vanto, and Heidi Waem.
"GDPR, CCPA, and other Hot Topics in Data Privacy," Silicon Legal Strategy, San Francisco, CA (November 11, 2019). Presenters: Jeffrey L. Poston, Maarten Stassen, Jarno Vanto, Kristin J. Madigan, and Heidi Waem.
"Will GDPR kill blockchain?" Beltug N-sight seminar: Blockchain - Transformation from Hype to Reality, Grimbergen, Belgium (November 6, 2019). Speaker: Maarten Stassen.
"GDPR & Blockchain: Challenges & Opportunities," Blockchain in Government, HOWEST (October 24, 2019). Speaker: Maarten Stassen.
"GDPR Audits & Certifications," Programme in European Data Protection (GDPR), Solvay Business School (October 23, 2019). Speaker: Maarten Stassen.
"The ICO Bares its (Sharp) Teeth: What You Need to Know About GDPR One Year On," Crowell & Moring, London (October 17, 2019). Moderator: Jeffrey L. Poston; Panelists: Ambassador Robert Holleyman, Maarten Stassen, and Laurence Winston.
"Discussion with the Belgian Regulators," Privacy Café, Data Protection Institute, Antwerp, Belgium (September 24, 2019). Debate moderated by Maarten Stassen.
"Blockchain: Data Protection Challenges", Beltug Privacy Council, Brussels, Belgium (September 3, 2019). Speaker: Maarten Stassen
"The GDPR - 1 Year Later," IJE/IBJ Deep Dive, Brussels, Belgium (May 24, 2019). Speakers: Emmanuel Plasschaert, Maarten Stassen, Frederik Van Remoortel, and Heidi Waem.
"Privacy & Compliance in the Cloud," LSEC, Cloud Security Alliance BeLux Summit 2019, Brussels, Belgium (May 14, 2019). Speaker: Maarten Stassen.
"Digital Health Roundtable," Brussels, Belgium (April 24, 2019). Moderator: Maarten Stassen. Speakers: Jodi Daniel, Frederik Van Remoortel, Jurgen Figys, Evelina Roegiers, Evi Mattioli, and Judith Bussé.
"Digital Advertising: Data Protection Risks and Challenges," Comeos, Data Protection Working Group, Brussels, Belgium (April 23, 2019). Speaker: Maarten Stassen.
"Internet of Things – Legal and IT Risks & Challenges," IJE/IBJ Open Table, Brussels, Belgium (April 4, 2019). Presenters: Tom Pace (Cylance), Maarten Stassen, Emmanuel Plasschaert, Eric Montens and Heidi Waem.
"Global Trade Strategy Forum," R3 Research Webinar (February 26, 2019). Speaker: Maarten Stassen.
"Recent Developments in International Cyber and Privacy Laws: Implications on Insider Threat Program," Webinar, ABA Public Contract Law Section Cybersecurity, Privacy, and Data Protection Committee (December 18, 2018). Speaker: Maarten Stassen.
"Cybersecurity Incident Management," IJE/IBJ Open Table, Brussels, Belgium (November 30, 2018). Presenters: Evan D. Wolff, Maarten Stassen, Frederik Van Remoortel, and Heidi Waem.
"Busting Myths and Legends About Blockchain," IAPP Europe Data Protection Congress 2018, Brussels, Belgium (November 29, 2018). Speaker: Maarten Stassen.
"Privacy Impact Assessments, The Full Picture," IAPP Europe Data Protection Congress 2018, Brussels, Belgium (November 27, 2018). Chair and Speaker: Maarten Stassen.
"Data Breach & Incident Handling, The Full Picture," IAPP Europe Data Protection Congress 2018, Brussels, Belgium (November 27, 2018). Chair and Speaker: Maarten Stassen.
"Tackling Big Data and IoT Challenges and Enforcement Trends in the EU’s Digital Single Market," ICPHSO International Symposium, Brussels, Belgium (November 12, 2018). Chair and Speaker: Maarten Stassen.
"GDPR and Beyond," Crowell & Moring's Trade Association Breakfast Series, Washington, D.C. (July 31, 2018). Speakers: Maarten Stassen, Jeffrey L. Poston, and Peter B. Miller.
"Supply chain risk management: blockchain, forced labor, the U.K. Modern Slavery Act, and the General Data Protection Regulation (GDPR)," Trade in 2018 - What's Ahead?, Webinar (April 19, 2018). Presenters: Michelle J. Linderman, Jeffrey L. Snyder, Maarten Stassen and Aaron Marx.
"GDPR: Pain Points and Enforcement Risk," ABA Section of Antitrust Law Spring Meeting, Washington, D.C. (April 2018). Speaker: Maarten Stassen.
"GDPR: An EU Framework for Managing Privacy and Data Security Risk," Wilson Center, Washington, D.C. (April 3, 2018). Speakers: Evan D. Wolff, Peter B. Miller, and Maarten Stassen.
"Data Protection Impact Assessments, The Full Picture," IAPP Global Privacy Summit 2018, Washington, D.C (March 2018). Chair and Speaker: Maarten Stassen.
"Beyond the First Year - Regulation in the Trump Era," Crowell & Moring Webinar (February 28, 2018). Presenters: Thomas A. Lorenzen, James G. Flood, W. Scott Douglas, Christine M. Clements, Jodi G. Daniel, Robert Meyers, Michael Boucher, Daniel Cannistra, Jennifer A. Ray, Maarten Stassen, Jenny E. Cieplak, and Matthew B. Welling.
"Digital Circle: A Blockchain Bootcamp," Brussels (January 18, 2018). Chair and Speaker: Maarten Stassen.
"GDPR: Why Should Indian Companies Care?" Trade and Investment Partnership Summit (TIPS), Brussels, Belgium (December 5, 2017). Speaker: Maarten Stassen.
"Privacy Impact Assessments, The Full Picture," IAPP Europe Data Protection Congress 2017, Brussels, Belgium (November 7, 2017). Chair and Speaker: Maarten Stassen
"Data Protection Officer Course," Data Protection Institute (DPI), Antwerp, Belgium (November 6, 2017). Presenter: Maarten Stassen.
"The GDPR Deadline is Near. Issues and Priorities Towards Compliance," Crowell & Moring Seminar, Brussels, Belgium (October 26, 2017). Speakers: Emmanuel Plasschaert, Frederik Van Remoortel, and Maarten Stassen.
"Privacy Impact Assessments, The Full Picture," IAPP Global Privacy Summit 2017, Washington, D.C. (April 2017). Chair and Speaker: Maarten Stassen.
"Privacy Impact Assessment & Privacy by Design," CPDP Congress 2017, Brussels (January 25, 2017). Speaker: Maarten Stassen.
"GDPR: Identifying Key Challenges from a Practitioners Perspective," LSEC Leaders in Security, Brussels (December 19, 2016). Advisory Panel Member: Maarten Stassen.
"Customer Data: Their Rights, Your Obligations," European Customer Experience Conference, Athens, Greece (November 23, 2016). Speaker: Maarten Stassen.
"GDPR, Main Changes & Challenges," VOKA, Belgium (October 20, 2016). Speaker: Maarten Stassen.
"EU General Data Protection Regulation, the Impact on Japanese Companies and the Reaction To Be Taken," Seminar, Japanese Desk Deloitte, Belgium (June 9, 2016). Speaker: Maarten Stassen.
"Corporate Compliance, Privacy Update," Euronext, Brussels (April 26, 2016). Speaker: Maarten Stassen.
Half-Day Workshop, IAPP Europe Data Protection Congress, Brussels (2016). Chair and Speaker: Maarten Stassen.
"Privacy for Start-Ups," Deloitte Innovation Centre Academy, Leuven, Belgium (April 27, 2015). Speaker: Maarten Stassen.
"Privacy in Practice, Privacy Impact Assessments & Multidimensional Data Mapping," ETNO, Data Protection, Trust & Security Working Group, Brussels (April 24, 2015). Speaker: Maarten Stassen.
"Privacy Impact Assessments: The Full Picture," IAPP Europe Data Protection Intensive 2015, London, UK (2015). Chair and Speaker: Maarten Stassen.
"Staying Ahead of the Wave: From Cyber Security to Cyber Resilience," CPDP Congress, Brussels (2015). Chair and Speaker: Maarten Stassen.
"Building a Global Privacy Programme," IAPP Europe Data Protection Congress, Brussels (2014). Speaker: Maarten Stassen.
"How To Build a Global Privacy Programme," IAPP Europe Data Protection Intensive, London, UK (2014). Speaker: Maarten Stassen.
"Building a Global Privacy Programme," IAPP Europe Data Protection Congress, Brussels (2013). Speaker: Maarten Stassen.
"How To Build a Global Privacy Programme," IAPP Europe Data Protection Intensive, London, UK (2013). Speaker: Maarten Stassen.
"Internal Staff Awareness as a Key Link in the Secure Data Chain," E.N.G.'s 7th Senior Executive Summit, Strategic Data Protection & Compliance, Amsterdam (October 3, 2012). Speaker: Maarten Stassen.
"La LOPD y la Diligencia del Empresario," Expansión Speaker: Maarten Stassen.
"Cross-Border Mergers: A Practical Introduction," Brussels and Barcelona Bar Associations, Barcelona, Spain Speaker: Maarten Stassen.
"El Nuevo Reglamento de Protección de Datos: Un Año de Experiencia," Gómez-Acebo & Pombo, Barcelona, Spain Speaker: Maarten Stassen.
"La Aplicación del Nuevo Reglamento de la LOPD," Chamber of Commerce of Belgium and Luxembourg, Barcelona, Spain Speaker: Maarten Stassen.

Publications

"Why consent is the weakest link," Crowell & Moring's Data Law Insights (October 10, 2019). Author: Maarten Stassen.
"Court of Justice of the European Union Finds that Pre-Ticked Checkboxes Are Not Valid Consents under GDPR," Crowell & Moring's Data Law Insights (October 9, 2019). Authors: Maarten Stassen, Heidi Waem and Louis Vanderdonckt.
"Belgian Data Protection Authority Finds Merchant Violated GDPR by Requiring Customers to Provide Electronic ID to Receive Loyalty Card," Crowell & Moring's Data Law Insights (October 8, 2019). Authors: Maarten Stassen and Louis Vanderdonckt.
"What we can learn about joint controllership from the CJEU Fashion ID ruling," Crowell & Moring's Data Law Insights (August 21, 2019). Authors: Maarten Stassen and Heidi Waem.
"The EU Cybersecurity Act: Addressing the Risks of a Connected Europe," Crowell & Moring's Retail & Consumer Products Law Observer (August 2, 2019). Author: Maarten Stassen.
"How New EU Cyber Sanctions Compare To US Policy," Law360 (July 30, 2019). Authors: Michelle J. Linderman, Maarten Stassen, David Wolff, and Heidi Waem.
"One year Later: GDPR’s Impact on the Retail Sector," Crowell & Moring's Retail & Consumer Products Law Observer (May 30, 2019). Author: Maarten Stassen.
"Can Blockchain Future-Proof Supply Chains? A Brexit Case Study," R3 Global Trade Strategy Forum (January 2019). Contributors: Maarten Stassen and Louis Vanderdonckt.
"ICPHSO International Symposium Panel on GDPR and the EU’s Digital Single Market," Crowell & Moring's Retail & Consumer Products Law Observer (December 13, 2018). Author: Maarten Stassen.
"Outcome of Privacy Shield Review Uncertain, Despite U.S. Steps Toward Compliance," Crowell & Moring's Data Law Insights (October 18, 2018). Authors: Maarten Stassen and Lee Matheson.
"A New Privacy And Data Control Framework In California," Thomson Reuters Westlaw (August 14, 2018). Authors: Jeffrey L. Poston, Paul M. Rosen, Maarten Stassen, and Joshua T. Foust.
"With The GDPR, The Dawn Of The New Normal Approaches," Law360 (March 23, 2018). Author: Maarten Stassen.
"How Belgium is preparing for life under the GDPR," Information Law Journal, Volume 9, Issue 2 (Spring 2018). Author: Maarten Stassen.
"Blockchain – Progress and Promise," Crowell & Moring's Regulatory Forecast 2018 (February 2018). Contributors: Maarten Stassen, Jeffrey Snyder, Laura Foggan, Matthew Welling, Jenny Cieplak, Jodi Daniel, and Mitchell Rabinowitz.
"Privacy & Cybersecurity – Risky Business: Preparation, Prevention, Regulation," Crowell & Moring's Regulatory Forecast 2018 (February 2018). Contributors: Jeffrey Poston, Mark Sportack, and Maarten Stassen.
"U.K. Announces Fines Up To $24M For Cyber Noncompliance," Crowell & Moring's Data Law Insights (January 31, 2018). Authors: Maida Oringher Lerner, Maarten Stassen and Michael G. Gruden.
"New GDPR Guidance from EU Commission," Crowell & Moring's Data Law Insights (January 25, 2018). Authors: Maarten Stassen and Michael G. Gruden.
"The New European General Data Protection Regulation," Crowell & Moring (October 2016). Contributors: Thomas De Meese, Emmanuel Plasschaert, Maarten Stassen, and Frederik Van Remoortel.
IAPP Europe Data Protection Digest Editorial: Maarten Stassen.

Client Alerts & Newsletters

"The European Commission’s Standard Contractual Clauses: Good News from the Advocate General, but We’re Not Out of the Woods," Privacy Law Alert (January 8, 2020). Contacts: Frederik Van Remoortel, Jeffrey L. Poston, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Maarten Stassen, Louis Vanderdonckt, Jarno Vanto
"The Swedish Data Protection Authority Investigates the Right to Access Under the GDPR," Privacy Law Alert (June 18, 2019). Contacts: Maarten Stassen, Evelina Roegiers, Jarno Vanto
"Lessons Learned from the First Belgian GDPR Fine," Privacy Law Alert (June 3, 2019). Contacts: Frederik Van Remoortel, Maarten Stassen, Louis Vanderdonckt
"U.K. Accelerating Plans to Go Driverless," Regulatory Alert (February 7, 2019). Contacts: Jeffrey C. Selman, Gordon McAllister, Cheryl A. Falvey, Amar Singh Mann, Simon Evers, Maarten Stassen
"A New Privacy and Data Control Framework in California," Privacy Law Alert (June 29, 2018). Contacts: Jeffrey L. Poston, Christopher A. Cole, Evan D. Wolff, Paul M. Rosen, Robert Holleyman, Maya Uppaluru, Maarten Stassen, Michael G. Gruden, CIPP/G
"The Month in International Trade – May 2018," International Trade Bulletin (June 8, 2018). Contacts: Jeffrey L. Snyder, Edward Goetz, Frances P. Hadfield, Michelle J. Linderman, David (Dj) Wolff, Elena Klonitskaya, Carlton Greene, Alan W. H. Gourley, Erik Woodhouse, Emmanuel Plasschaert, Jeffrey L. Poston, Jeane A. Thomas, CIPP/E, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Maarten Stassen, Frederik Van Remoortel, Eduardo Mathison, John B. Brew
"GDPR Compliance: The Beginning – Not the End," Privacy Law Alert (May 25, 2018). Contacts: Jeane A. Thomas, CIPP/E, Frederik Van Remoortel, Emmanuel Plasschaert, Jeffrey L. Poston, Peter B. Miller, CIPP/G/US/E, CIPM, CIPT, Maarten Stassen

In the News

Legal Tech's Predictions For Privacy in 2020
January 2, 2020 — LegalTech News
2019 Corporate Transactions Roundup-European Regulatory Actions Pressure U.S. Companies And Regulators
November, 2019 — Bloomberg Law
"We May Need GDPR 2.0," Warns Law Firm
October 18, 2019 — dataIQ
Europe Data Protection Digest
October 18, 2019 — IAPP
Google's Win In EU Signifies Proportionality Is Key To GDPR Enforcement
September 30, 2019 — Legaltech News
European Parliament Explores Regulating Blockchain, With Focus On Trust
October 29, 2018 — Legaltech News
France's Regulatory Guidance On GDPR, Blockchain Leaves More Questions Than Answers
October 5, 2018 — American Lawyer
Vague On Cybersecurity Requirements, GDPR Worrying Experts Over Security Gaps
June 19, 2018 — LegalTech News
Why Blockchain Poses An Unusual Challenge For GDPR Compliance
May 25, 2018 — American Lawyer
5 Common Myths Abut EU's New Data Protection Regime
May 11, 2018 — Law360
Inside Track: Zuck's In-House Entourage | GDPR Confusion | Salesforce + Social Justice
April 11, 2018 — The American Lawyer
The GDPR's Legitimate Interest' Is Creating Legitimate Confusion
April 6, 2018 — Legaltech news
EU Encryption, Decryption Plans Leave Privacy Stakeholders Wary
October 31, 2017 — Washington Internet Daily
Crowell & Moring Adds Arent Fox IP Duo In California
October 11, 2017 — The Recorder

Firm News & Announcements

Apr.16.2019	Legal 500 EMEA Recommends Crowell & Moring in 11 Practice Areas and Recognizes 14 Lawyers
Jan.03.2019	Crowell & Moring Elects Eight New Partners and Promotes 21 Associates to Counsel
Oct.03.2017	Leading Privacy and Cybersecurity Lawyer Maarten Stassen Joins Crowell & Moring’s Brussels Office