Lauren Cuyvers

LAUREN CUYVERS focuses her practice on strategic cross-border compliance, regulatory enforcement, and litigation related to EU data privacy, digital, and cybersecurity laws, with a particular emphasis on legislation related to AI. Her practice covers the full spectrum of, and strategic interactions between, the EU AI Act, GDPR, EUDPR, ePrivacy Directive, EU Data Act, Cyber Resilience Act, NIS2 Directive, and DORA. Lauren is a highly technical lawyer and has deep experience guiding multinational companies through complex EU and UK regulatory frameworks, focusing on regulatory risk and strategy, complex cross-border incident response, high-stake regulatory investigations, and crisis management. Lauren’s practice also covers data privacy and cyber transactional work, particularly in data-heavy transactions.

Lauren assists clients in a range of industries, including in the payments, energy, private equity, and life sciences sectors, but has a particular interest and focus on the tech industry, having advised and represented the world’s leading companies in the social media, cloud computing, data centre, software, and semiconductor space.

Lauren is a sought-after speaker on the new EU digital data, AI, and cyber laws, and has featured on panels at global conferences such as the IAPP Europe Data Protection Congress 2024 and 2025, and the IAPP AI Governance Global Europe 2025 Congress. She was recently quoted in Law.com and Law360 in relation to the EU AI Act.

Legal 500 UK 2023 recognizes Lauren for Data Protection, Privacy, and Cybersecurity.

Lauren is a Certified Information Privacy Professional/EU and recently served a two-year term as an EU advisory board member at the International Association of Privacy Professionals (IAPP). She also serves on the European Data Protection Board’s (EDPB) Support Pool of Experts.

Prior to joining Sidley, Lauren was an associate in the IP and data protection practices of other international law firms based in Brussels, where she advised and litigated for clients in the life sciences, technology, and media sectors, focusing on IP (patents), data privacy, and TMT matters. In 2014, Lauren served as an assistant attaché at the Permanent Mission of Belgium to the United Nations in New York and obtained an LL.M. in EU Competition and IP law.

She is fluent in Dutch, English, and French.

 

 

Some of Lauren’s recent experience includes advising, assisting and representing:

• Great Hill Partners on its strategic majority investment in Peter Park System GmbH in relation to the EU AI Act.
• a U.S. client with global cyber risk management and incident response following a large-scale ransomware attack.
• a biotechnology company with EU Data Act compliance.
• a U.S. diagnostics company with EU AI Act compliance.
• a U.S. airline with EU cyber risk management and compliance.
• Audeze LLC, an audio technology brand, in its acquisition by Sony Interactive Entertainment LLC.
• a U.S. tech client in a data privacy regulatory investigation by an EU Data Protection Authority.
• U.S. clients on the interpretation and implementation of the various legislative proposals in the EU Digital Strategy Package, including the Digital Services Act and the AI Act.
• on various aspects of emerging AI regulatory and legal frameworks, in particular the EU AI Act.
• a global social media company on the impact of ePrivacy and GDPR requirements in relation to interpersonal communications.
• an emerging supercomputing company with the interpretation and implementation of EU data privacy and data sovereignty restrictions and assistance with expansion into the EU market.
• U.S. clients with the interpretation and implementation of requirements under the new EU cyber laws, including NISD2 and DORA.
• U.S. and EU clients on the EU General Data Protection Regulation (GDPR) regulatory compliance and enforcement issues.
• U.S. clients on the impact of the EU GDPR on U.S. e-discovery.
• on data privacy issues in emerging technologies, including blockchain and artificial intelligence.
• on cybersecurity and data breach matters in sophisticated supply chain attacks and vulnerability management.
• clients on the impact of the GDPR in cross-border arbitration.
• a company in the life sciences industry following a security incident, including the rollout of a large-scale notification process and assessing privacy and data protection risk in a cross-border internal investigation.
• various clients on aspects of IP and EU data privacy and cybersecurity transactional work.

Lauren is an active member of the firm’s Emerging Enterprises Pro Bono Program. Her pro bono practice focuses on GDPR compliance counselling and related data privacy advice.