MATTHIAS BRUYNSERAEDE’s practice focuses on matters related to privacy and cybersecurity law, including evolving domestic and international privacy and data protection laws, data breach and cyber incident response, data use and sharing questions, and internal audits regarding privacy and cybersecurity issues. More recently, Matthias has been focusing on the new EU digital data and cyber laws, including the Digital Services Act (DSA), Digital Markets Act (DMA), the Artificial Intelligence Act (AI Act), the Network and Information Security 2 Directive (NIS2 Directive), the Cyber Resilience Act (CRA), the Critical Entities Resilience (CERD), and the Digital Operational Resilience Act (DORA).
In particular, Matthias has experience advising on:
- compliance with EU and UK data protection legislation, such as drafting records of processing agreements, privacy, and cookie policies;
- preparing for compliance with and data strategies for the new EU digital data and cyber laws;
- cross-border data transfer and cloud computing matters, including the implications of Schrems II CJEU case law and the EU-U.S. Adequacy Decision;
- data privacy and security terms as part of technology transactions, for example data processing agreements;
- internal audits involving privacy, data security, and regulatory compliance;
- COVID-19-related data protection issues;
- cybersecurity incidents and personal data breaches; and
- due diligence and deal counseling for mergers related to data security and privacy risks.
Prior to joining Sidley in 2022, Matthias was part of the intellectual property, information technology, and data protection practice in an international law firm based in Brussels.
*Only admitted to practice in Belgium. Not admitted to practice in England and Wales.