MATTHIAS BRUYNSERAEDE’s practice focuses on regulatory and transactional matters related to EU and UK privacy, cybersecurity, AI, and data regulation laws, including domestic and international privacy and data protection laws, data breach and cyber incident responses, data use and localization questions, and internal audits regarding privacy and cybersecurity issues. More recently, Matthias has been focusing on the EU data, cyber, and AI laws, including the Digital Services Act (DSA), Digital Markets Act (DMA), the Artificial Intelligence Act (AI Act), the Network and Information Systems 2 Directive (NIS2 Directive), the Cyber Resilience Act (CRA), the Critical Entities Resilience Directive (CER), and the Digital Operational Resilience Act (DORA).
In particular, Matthias has 6 years of experience advising on:
- compliance with EU and UK data protection legislation, such as drafting records of processing agreements, privacy, and cookie policies;
- preparing for compliance with and data strategies for the EU digital data and cyber laws;
- due diligence and counseling for transactional matters, including mergers and acquisitions related to privacy, cybersecurity, AI, and data risks;
- cross-border data transfer and cloud computing matters, including the implications of Schrems II CJEU case law and the EU-U.S. Data Privacy Framework;
- data privacy and security terms as part of technology transactions, for example data processing agreements;
- internal audits involving privacy, data security, and regulatory compliance;
- a regulatory investigation of a U.S. tech client carried out by an EU Data Protection Authority; and
- cybersecurity incident response plans and personal data breach management.
Prior to joining Sidley in 2022, Matthias was part of the intellectual property, information technology, and data protection practice in an international law firm based in Brussels.
*Only admitted to practice in Belgium. Not admitted to practice in England and Wales.