Matthias Bruynseraede

MATTHIAS BRUYNSERAEDE’s practice focuses on regulatory and transactional matters related to EU and UK privacy, cybersecurity, AI, and data regulation laws, including domestic and international privacy and data protection laws, data breach and cyber incident responses, data use and localization questions, and internal audits regarding privacy and cybersecurity issues. More recently, Matthias has been focusing on the EU data, cyber, and AI laws, including the Digital Services Act (DSA), Digital Markets Act (DMA), the Artificial Intelligence Act (AI Act), the Network and Information Systems 2 Directive (NIS2 Directive), the Cyber Resilience Act (CRA), the Critical Entities Resilience Directive (CER), and the Digital Operational Resilience Act (DORA). 

In particular, Matthias has 6 years of experience advising on:

• compliance with EU and UK data protection legislation, such as drafting records of processing agreements, privacy, and cookie policies;
• preparing for compliance with and data strategies for the EU digital data and cyber laws; 
• due diligence and counseling for transactional matters, including mergers and acquisitions related to privacy, cybersecurity, AI, and data risks;
• cross-border data transfer and cloud computing matters, including the implications of Schrems II CJEU case law and the EU-U.S. Data Privacy Framework;
• data privacy and security terms as part of technology transactions, for example data processing agreements;
• internal audits involving privacy, data security, and regulatory compliance;
• a regulatory investigation of a U.S. tech client carried out by an EU Data Protection Authority; and
• cybersecurity incident response plans and personal data breach management.

Recent experience includes advising:

• Thermon in its US$2.2 Billion Combination With CECO Environmental, an environmentally focused, diversified industrial company.
• Grab Holdings Ltd. on its strategic investment in Vay Technology GmbH, a remote driving technology company.
• STORY3 Capital Partners, the Los Angeles based private equity firm, on its significant minority investment in Adanola, a leading UK-based athleisure and activewear brand.
• Industrial Partners in its acquisition of AGCO’s Grain & Protein Division (NYSE: AGCO), a large precision agriculture technology and machinery company.
• Lottomatica Group S.p.A (formerly known as Gamenet Group S.p.A.), a portfolio company of funds managed by affiliates of Apollo Global Management, Inc., in its acquisition of SKS365.
• A global clinical technology company on the impact and implementation of new EU digital data and cyber laws.
• A global payment services company on forming data strategy for compliance with DORA.
• CTM Group Inc., in its acquisition of ScooterBug Best Lockers, a provider of mobility and locker solutions across leisure and entertainment sites and major tourist destinations.
• Crown Bioscience in its acquisition of the IndivuServ business unit of Indivumed GmbH, which includes the acquisition of both a biobank comprised of almost one million samples with associated clinical data and an extensive network of more than 60 clinical divisions in the United States, Europe, and Asia.
• Sixth Street Growth in its Series A investment in Logile, Inc., a provider of retail labor planning, workforce management, inventory management, and store execution compliance solutions to businesses.

Matthias has participated in several pro bono matters, including for clients based in the EU and U.S., principally advising on the application of the GDPR to their processing activities.