Alston & Bird Privacy, Cyber & Data Strategy Blog

Wim Nauwelaerts

Wim Nauwelaerts

About Wim Nauwelaerts

Wim Nauwelaerts is a partner in the Brussels office, leading Alston & Bird’s European Privacy, Cyber & Data Strategy Team. Wim has over 20 years of experience working with global companies on their data protection, privacy, and cybersecurity needs, including General Data Protection Regulation (GDPR) readiness, data transfer, data security and breach requirements, and compliance training.

[Read Bio]

EU-wide Breach Notification Template On The Horizon

By , and

                  Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and ran EU-wide data breach notification template to help companies comply with the requirements of the EU General Data Protection […]

Belgian Data Protection Authority Issues Updated Guidance on Direct Marketing Rules

By and

On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch). The BDPA reviewed its original guidance to help companies from all sectors navigate applicable EU privacy and data protection law requirements […]

First Milestone in the Implementation of the EU AI Act

By

The AI Act (Regulation (EU) 2024/1689 of June 13, 2024, laying down harmonized rules on artificial intelligence) is the European Union’s comprehensive legal framework on AI, which aims to promote the responsible development and use of artificial intelligence in the EU. The timeline for implementation of the AI Act follows a staggered approach: while the […]

Green Light for the Enforcement of NIS 2 in Limited EU Countries Only

By , and

EU Member States had until today, October 17, 2024, to transpose the Network and Information Security (NIS) 2 Directive into their national laws. As Directives are not directly applicable in EU Member States, the EU legislator required all 27 Member States to incorporate into their local laws the requirements of NIS 2 and to make […]

Belgian Data Protection Authority Publishes Guidance on the Interplay between the GDPR and the AI Act

By and

On 19 September 2024, the Belgian Data Protection Authority (DPA) issued new Guidance on the interplay between the recently adopted EU Regulation on Artificial Intelligence (the AI Act) and the General Data Protection Regulation (the GDPR), which aims to provide further insight into the use of artificial intelligence (AI) systems that process personal data. The […]