Allen & Overy LLP‘s ‘very skilled‘ data protection team focuses on four core areas – privacy advice and compliance work, managing the relevant aspects of transactions, cybersecurity issues including data breaches, and investigations brought by the regulators. Peter Van Dyck co-leads the practice, and also acts as head of the firm’s Belgian IP and IT groups. Filip Van Elsen, who oversees the global technology and TMT practices, is another senior name to note. Associate Sarah De Wulf joined from Stibbe in August 2022, shoring up the junior end.

The Brussels outpost of Bird & Bird‘s international data protection group regularly collaborates on cross-border mandates. Practice head Benoit Van Asbroeck is noted for his broad-ranging expertise, which spans issues relating to e-commerce, digital marketing, cloud computing, the Internet of Things, AI, 3D printing, cookies, electronic signatures, intermediary liability and automated objects. Hein Hobbelen has extensive experience representing clients before the European Commission and other sector regulatory authorities. The firm also offers a bespoke privacy consultancy arm through Bird & Bird Privacy Solutions.

Recently, CMS has distinguished itself as a go-to counsel for cybersecurity incidents, attracting a growing number of businesses which have fallen victim to ransomware, DDoS and man-in-the-middle attacks. Other areas of strength include AI, the Internet of Things, and cross-border data transfers. Tom De Cordier oversees the dedicated team of data protection specialists, and is valued for his ability to leverage the firm’s global reach to assist with projects spanning multiple jurisdictions. Thomas Dubuisson is the name to note at senior associate level.

With equal expertise in data protection and cybersecurity issues, Fieldfisher is noted for its ‘practical approach‘, arranging work across four broad privacy pillars – operational compliance, commercial and project-related advice, crisis management, and dispute resolution. Tim Van Canneyt and Olivier Proust jointly head up the technology and data department; the former is lauded as an ‘exceptionally bright and pragmatic lawyer‘, while the latter is noted for his expertise in advising companies of all sizes on their global privacy compliance programmes. In terms of sector specialisms, the team focuses particularly on the technology, finance, life sciences and energy industries.

Multinational companies turn to Linklaters for assistance with the full gamut of data governance projects; particular strengths include international data transfers, management of cybersecurity crises, implementation of cloud-based solutions, and compliance reviews. Tanguy Van Overstraeten heads up the firm’s global data protection practice, as well as overseeing the TMT offering locally. Guillaume Couneson is lauded by one client as ‘the absolute reference point for privacy and data in the Belgian market‘. The partners are supported by a strong bench of specialised practitioners, including managing associate Valérie Heremans and counsel Claudia Allatta.

The ‘outstanding legal team‘ at boutique Timelex is able to ‘navigate the complexities with ease‘. GDPR compliance projects and high-level privacy and data litigation are the core pillars of the practice, and the group is also regularly called on to assist European, national and regional governmental bodies with legislation preparation. Clients value the depth of the senior bench, which includes Jos Dumortier, Frederic Debusseré, Edwin Jacobs and Hans Graux. The firm also fields a strong roster of more junior experts; Ruben Roex is one such name.

Household names from the full gamut of industry sectors instruct the privacy and cybersecurity team at Wilson Sonsini Goodrich & Rosati to advise on all issues related to the use of data globally. GDPR compliance, strategic counselling, breach management, data transfer strategies, and representation before authorities are all strengths. Key contact Cédric Burton is ‘adept at leading his team in providing strategic advice‘. In June 2023, Yann Padova joined the Brussels office from Baker McKenzie in France; he now splits his time between the two jurisdictions, and is particularly focused on representing clients before the French authorities.

In addition to its long-standing reputation for GDPR compliance work, ALTIUS is increasingly gaining prominence in the more niche areas of personal camera data processing, direct marketing, cookies and traffic data retention, national identifiers, and health and research data. Key senior contact Gerrit Vandendriessche also regularly conducts data protection-related cases before the Belgian Data Protection Authority, as well as the civil and administrative courts. Counsel Jan Clinck is likewise recommended.

The IPTech group at Baker McKenzie CVBA/SCRL brings a ‘solution-based approach‘ to regulatory work, advising multinational companies on all aspects of data governance and cybersecurity, as well as handling privacy enforcement work and litigation on a local, regional and global level. The firm is also becoming increasingly well versed in emerging issues, including those relating to data centres, machine learning and AI. Elisabeth Dehareng oversees much of the key work, and is noted for her skill in assisting multinational companies dealing with cyber incidents.

Cooley LLP‘s dedicated European data protection practice has been rapidly built up by Patrick Van Eecke, who is seen by one client as ‘the expert to turn to‘, and now fields a deep bench of ‘the most skilled practitioners‘. The team handles the full gamut of advisory work, including assisting with compliance programmes, as well as representing key industry players in high-stakes investigations and contentious mandates. In terms of more niche specialisms, the group is developing a stellar reputation for advising on issues relating to digital signatures, blockchain and e-commerce.

With a client base spanning the full gamut of industry sectors, Covington & Burling LLP‘s specialised data privacy and cybersecurity group is seen by major multinationals as a go-to for handling government investigations and enforcement actions, advising on regulatory and compliance issues, and assisting with global data breaches. The team is also well versed in the range of novel data-related legislation, including the AI Act, Data Act, and Digital Markets Act. Daniel Cooper, who originally founded the European data privacy practice, continues to oversee the work.

DLA Piper fields a ‘very talented‘ core team focused on data protection and cybersecurity work, nestled within the firm’s wider IPT practice; Heidi Waem, who is singled out by one client as an ‘expert in the field‘, leads the dedicated group and was promoted to partner in May 2023. The department is well known for representing major industry players in dealings with the Belgian Data Protection Authority at all stages, and is also noted for its digital strategy work. Kristof De Vulder leverages his expertise in the technology sphere to provide support.

Since its inception in September 2022, data protection boutique Faros has grown to ‘distinguish itself through its highly pragmatic approach, displaying a deep understanding of operational and business challenges‘. On the advisory side, the team regularly assists with issues concerning access to data, direct marketing set-ups, breach notification requirements, and international data transfers. The firm is also regularly instructed to appear in proceedings before the Belgian Data Protection Authority. Anouk Focquet, one of the original founding partners, is singled out for her ‘great job leading the team‘.

‘Star lawyer‘ Jörg Hladjk helms the dedicated cybersecurity, privacy and data protection practice at Jones Day, frequently cooperating on key mandates with experienced practitioner Laurent De Muyter. In addition to GDPR compliance work, the team predominantly focuses on four key areas – advising on cyber and ransomware attacks, developing binding corporate rules for global data transfers, handling the data aspects of transactions, and assisting critical infrastructure companies. Clients are regularly able to benefit from the firm’s global network.

Working as part of Osborne Clarke‘s international network, the Brussels-based IP, IT and data group advises on the full gamut of interactions with the Belgian Data Protection Authority, including handling investigations, as well as drafting data protection and whistleblowing policies and carrying out audits. Recently, the firm has been particularly active in the data exchange and transfer space, and has assisted several major EU and US clients with complex international data transfer projects. Practice head Benjamin Docquir is noted for his ‘creative solutions‘.

Crowell & Moring‘s privacy and cybersecurity group advises on issues concerning the collection, use, transfer, and protection of data both within the EU and globally, counting ‘some of the major players on the Belgian market‘ among its client list. Maarten Stassen heads up the Europe-wide practice, and regularly appears before the Belgian Data Protection Authority and the Market Court. Other key names in the team include Frederik Van Remoortel and counsel Yung Shin Van Der Sype.

For Deloitte Legal, data protection and privacy work forms a core component of the IP and IT team’s regular workload. The group assists with practical questions regarding the applicability of data protection legislation, as well as advising on data ownership, localisation, retention, and transferability issues. Jurgen Egger and Matthias Vierstraete oversee and co-ordinate the wider practice, regularly leading on key regulatory mandates.

The ‘very versatile‘ digital and data protection practice at Eubelius is built around five key areas – innovative data projects; litigation and incident response; non-contentious issues, including data transfers and GDPR compliance; contract drafting; and audits. Anneleen Van de Meulebroucke, who founded the group, made partner in January 2023, and continues to lead on both advisory and contentious mandates. Pieter Callens, who oversees the IP and IT offering, lends support.

Noted for its ‘proactive stance in adapting to regulatory shifts‘, Hunton Andrews Kurth LLP‘s privacy and cybersecurity team is ‘able to work through multiple layers and numerous laws to help with planning and strategic solutions‘. As well as advising on GDPR compliance issues and globalisation projects, the group regularly responds to data breaches. David Dumont heads up the practice, ably assisted by counsel Anna Pateraki and associate Laura Léonard.

Since the highly regarded ‘reference point in the sector‘ Peter Craddock joined Keller and Heckman LLP to grow the privacy, data security and digital media offering, the firm has steadily gained recognition for its regulatory expertise in these spaces. Data protection, AI and machine learning governance have become particular areas of strength. The team has also lately worked on projects regarding user identification across multiple devices.

Operating best at the intersection between IP, IT and dispute resolution work, Liedekerke‘s ‘excellent‘ team typically assists with GDPR compliance audits and implementation projects, as well as advising on the use of data by public authorities. Commercial expert Etienne Kairis oversees much of the work. Other key contacts include IP specialist Sarah van den Brande and associate Myrtle Gevers.

At Loyens & Loeff, the ‘sharp‘ Belgian data protection and privacy group sits within the firm’s wider litigation and risk management practice, and typically works in close co-operation with the Dutch, Luxembourgish and Swiss offices. The workload spans the full gamut of relevant issues, ranging from privacy policy drafting to assistance with data transfers. The team also leverages the support of a well-regarded disputes department to handle contentious mandates. Stéphanie De Smedt is the key senior contact.

Fielding a team of ‘trusted advisers, problem solvers, and creative thinkers‘, Lydian‘s information governance and data protection group handles compliance work, international data transfers, marketing and e-commerce issues, record management, and cybersecurity matters. Practice head Bastiaan Bruyndonckx oversees a growing team, which is consistently gaining strength at the junior end; associate Françoise Billen, who joined from CMS in October 2022, was the latest example.

Morrison Foerster‘s Brussels office acts as a hub for the firm’s privacy and data security offering, with global practice co-chair Alex van der Wolk presiding over an expanding team of dedicated specialists, including ‘very promising‘ recently promoted of counsel Marijn Storm and ‘inquisitive‘ associate Marta Hovanesian. The department is particularly noted for its expertise in handling cybersecurity incidents, and is regularly instructed on pan-European data breaches; compliance advice is another stalwart of the group.

Pierstone is differentiated by its core focus on legal issues specifically concerning the digital economy. Aside from contract drafting and GDPR complaince advice, the team is increasingly called on to provide assistance with more general privacy policy issues. Technology specialist Patrice Vanderbeeken is singled out for his ‘flexibility, swiftness and diplomacy‘, while Alain Strowel brings valuable IT and IP experience to the group.

The ‘extremely collaborative‘ data protection team at Van Bael & Bellis advises a roster of major multinationals on GDPR compliance programmes, ethical impact assessments, cybersecurity issues, e-privacy matters, cross-border data transfers, and data breaches. In terms of industry focus, the firm is noted particularly for its expertise in the life sciences space. Counsel Thibaut D’hulst is the key senior contact.

According to clients, when boutique AContrario.Law is instructed, ‘the outcome will be right, and still achieved in a pragmatic way‘. Projects relating to GDPR compliance form the core of the practice. Founding partner Magali Feys ‘stands out through the way she is able to rapidly understand complex situations and challenges‘. Data security lead Tim Wulgaert has extensive experience in developing, reviewing and improving strategies, governance and policies.

Alston & Bird LLP‘s privacy, cyber and data strategy team ‘does an exceptional job of providing practical advice‘; the group is well versed in assisting with security incident responses, cybersecurity preparedness, privacy and data protection compliance, and information governance, as well as advising on the related strategic and operational considerations. The ‘nimble and pragmatic‘ Wim Nauwelaerts heads up the practice.

Sitting within the firm’s broader IP, IT and media department, which is headed up by Jean-François Henrotte, Lexing‘s data protection specialists are regularly instructed by global groups, SMEs, public authorities and start-ups. The group often provides clients with DPO outsourcing services, as well as advising on compliance issues and appearing before the Belgian Data Protection Authority.

Monard Law‘s ‘perfectly matched‘ privacy and data protection team is seen as a go-to for clients looking to navigate the growing regulatory framework governing the collection, storage, distribution and use of personal data. On the non-contentious side, the group carries out audits, drafts contracts and navigates risk. In the contentious space, the practice is well versed in representation before domestic courts and regulatory bodies. Commercial specialist Kristof Zadora is the key name to note.

Best known for its work in the life sciences, TMT and financial services sectors, Simmons & Simmons leverages its contentious prowess to handle data protection-related mandates on behalf of clients from these industries. Olivier Mignolet and Alejandro Guerrero provide dispute resolution and TMT expertise respectively, while Jérémie Doornaert is the key GDPR specialist.

The data and privacy offering at Simont Braun comprises a group of dedicated practitioners drawn from the digital finance, IP and ICT departments; the resultant cross-practice team is therefore able to handle both broader and more niche regulatory issues. Data transfers, processing agreements and internal policies are some key areas of strength. Joan Carette and Emmanuel Cornu lead on much of the work.

In October 2022, Squire Patton Boggs‘ data privacy, cybersecurity and digital assets offering in Brussels was injected with talent following the acquisition of the team formerly based at Steptoe LLP; Charles Helleputte and Diletta De Cicco are some of the key senior arrivals. As well as advising on GDPR compliance issues, the group assists with breach preparedness and crisis management work.

Stibbe‘s TMT team is well versed in the full gamut of data protection work, from compliance advice, to negotiation of data processing agreements, to representation in relevant proceedings. Recently, the group has also been increasingly instructed to handle issues stemming from cybersecurity incidents. Senior contact Erik Valgaeren is ‘particularly noted for his ability to advise on the risk based on his understanding of the approach of the Belgian regulators and courts‘.