Wim Nauwelaerts

About Wim Nauwelaerts

Wim Nauwelaerts is a partner in the Brussels office, leading Alston & Bird’s European Privacy, Cyber & Data Strategy Team. Wim has over 20 years of experience working with global companies on their data protection, privacy, and cybersecurity needs, including General Data Protection Regulation (GDPR) readiness, data transfer, data security and breach requirements, and compliance training.

[Read Bio]

How to Comply with the EU AI Act: Guidance from the Spanish AI Regulator

December 15, 2025 By Alice Portnoy and Wim Nauwelaerts

On December 10, the Spanish supervisory authority for the EU AI Act (Agencia Española de Supervisión de Inteligencia Artificial, or AESIA) published a set of 16 detailed guidelines and non-binding checklists (available online here in Spanish) designed to help companies navigate their obligations under the AI Act, which entered into force in August 2024. The […]

New EU Regulation Clarifies Cybersecurity Rules for IoT Devices and Other ‘Products with Digital Elements’

December 10, 2025 By Paul Greaves, Wim Nauwelaerts and Kelly Hagedorn

On November 28 2025, the European Commission adopted a regulation implementing the Cyber Resilience Act (‘CRA’) – an EU-wide law which lays down cybersecurity requirements for companies that design and sell ‘products with digital elements’. PDEs can take many forms including IoT devices, hardware components, and certain software. The CRA imposes cybersecurity obligations in connection […]

The EU Digital Omnibus: A European Data Law Shake-Up May Be Coming

November 21, 2025 By Alice Portnoy, Wim Nauwelaerts and Paul Greaves

On November 19, the European Commission (EC) released its EU Digital Omnibus proposal – a 153-page document accompanied by an explanatory memorandum and a Staff Working Document. This proposal introduces amendments, deletions, and replacements to several cornerstone EU digital laws, including: The GDPR. The Data Act. The AI Act. The ePrivacy Directive. Other instruments such […]

EU-wide Breach Notification Template On The Horizon

July 24, 2025 By Hanna Hewitt, Wim Nauwelaerts and Alice Portnoy

Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and an EU-wide data breach notification template to help companies comply with the requirements of the EU General Data Protection […]

Belgian Data Protection Authority Issues Updated Guidance on Direct Marketing Rules

March 20, 2025 By Alice Portnoy and Wim Nauwelaerts

On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch). The BDPA reviewed its original guidance to help companies from all sectors navigate applicable EU privacy and data protection law requirements […]