- Represented a global company offering products and manufacturing/logistics services in numerous privacy and data protection projects. Providing advice on global data protection compliance issues impacting the company’s business, including the creation and implementation of global data protection standards and advising on compliance with the GDPR. Advised on the implementation of alternative data transfer mechanisms and the impact of the proposed ePrivacy Regulation.
- Represented a U.S.-based aerospace and defense technology company on all aspects of EU data protection law, including the company’s GDPR compliance project. Assisted with the implementation of SaaS-based critical communications and enterprise safety solutions.
- Counseled a global media company on its pan-EU GDPR compliance efforts and managed a two-year GDPR compliance project.
- Advised a Swiss-based biopharmaceutical company on a variety of pan-EU data protection questions, including the launch of medical apps, the collection and use of patient data, the processing of personal data in the context of clinical trials, and general compliance with the GDPR.
- Advised a U.S.-based manufacturer of cosmetics, fragrance, and hair care products on EU data protection and privacy matters. Assisted with GDPR compliance and advised on the offering of free Wi-Fi in its stores.
- Advised a multinational conglomerate corporation on cross-border employee monitoring questions.
- Represented a multinational manufacturer of sports apparel and footwear in various matters, including innovative marketing initiatives, privacy in the context of wearables, and compliance with the GDPR.
- Advised a private bank and investment services provider on EU data protection compliance matters, including the provisions of anti-money laundering services and the cross-border transfer of personal data.
- Counseled a multinational human resources consulting firm on the implementation of GDPR compliance measures and the launch of a new talent management system.
- Represented a global provider of business intelligence, mobile software, and cloud-based services on all aspects of EU data protection law.
Partner,
- Phone: +32 2 486 8822
- Other Phone: +1 202 239 3709
- Email: wim.nauwelaerts@alston.com
With over two decades of experience, Wim provides critical privacy, cybersecurity, and data protection support for multinational organizations to ensure their valuable data assets are used appropriately and safeguarded from risk.
Wim Nauwelaerts is the partner-in-charge of Alston & Bird’s Brussels office, leading the firm’s European Privacy, Cyber & Data Strategy Team.
A true veteran in his field, Wim Nauwelaerts has been advising multinational companies on privacy, data protection, and cybersecurity matters for almost 25 years. His practice spans a variety of industries, with a particular emphasis on life sciences, media, and technology.
Wim has developed internationally recognized experience in assisting clients with General Data Protection Regulation (GDPR) compliance projects, including implementing cross-border data transfer strategies and preparing transfer impact assessments. He frequently counsels clients on data subject access requests, and is also well-versed in drafting and negotiating GDPR-related contract terms.
In his cyber practice, clients who have suffered a cyber breach incident usually bring Wim in at an early stage to help assess their legal obligations and develop a strategy on notifications to regulators and affected individuals.
Wim has written and spoken widely on privacy and cyber-related topics, such as data transfers out of Europe, cross-border breach notifications, and data protection enforcement.
-
General Publications May 2025“Cybersecurity 2025: Belgium,” Chambers and Partners, May 2025.This article discusses various aspects of Belgian cybersecurity laws and regulations.General Publications May 2025“Cybersecurity 2025: Belgium,” Chambers and Partners, May 2025.This article discusses various aspects of Belgian cybersecurity laws and regulations.
-
May 7, 2025Innovations in Fintech / Insurtech: New York Legal SummitTopics will include tech-focused legal issues facing the fintech/insurtech industries, such as data privacy and security issues for emerging fintech/insurtech technology, such as the use of generative AI; IP protection and enforcement issues in fintech/insurtech; and in-house perspectives.May 7, 2025Innovations in Fintech / Insurtech: New York Legal SummitTopics will include tech-focused legal issues facing the fintech/insurtech industries, such as data privacy and security issues for emerging fintech/insurtech technology, such as the use of generative AI; IP protection and enforcement issues in fintech/insurtech; and in-house perspectives.
-
Speaking Engagement May 7-9, 20252025 Privacy + Security Forum Spring AcademyJennifer Everett and Wim Nauwelaerts will be will be panelists at this event that brings together thought leaders in the areas of privacy and security law.Speaking Engagement May 7-9, 20252025 Privacy + Security Forum Spring AcademyJennifer Everett and Wim Nauwelaerts will be will be panelists at this event that brings together thought leaders in the areas of privacy and security law.
-
Webinar March 26, 2025AI Legal Insights: Shaping Tomorrow – Program 6Join us for the sixth program in The AI Legal Insights: Shaping Tomorrow Webinar Series. This discussion, hosted by EU, UK, and U.S.-qualified attorneys will explore the changing landscape and regulations concerning the use of AI in the workplace and how to navigate and overcome the challenges it presents to drive efficiency in your business.Webinar March 26, 2025AI Legal Insights: Shaping Tomorrow – Program 6Join us for the sixth program in The AI Legal Insights: Shaping Tomorrow Webinar Series. This discussion, hosted by EU, UK, and U.S.-qualified attorneys will explore the changing landscape and regulations concerning the use of AI in the workplace and how to navigate and overcome the challenges it presents to drive efficiency in your business.
-
Blog Posts March 20, 2025Belgian Data Protection Authority Issues Updated Guidance on Direct Marketing Rules
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch). The BDPA reviewed its original guidance to help companies from all sectors navigate applicable EU privacy and data protection law requirements […]
The post Belgian Data Protection Authority Issues Updated Guidance on Direct Marketing Rules appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.
Blog Posts March 20, 2025Belgian Data Protection Authority Issues Updated Guidance on Direct Marketing RulesOn March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch). The BDPA reviewed its original guidance to help companies from all sectors navigate applicable EU privacy and data protection law requirements […]
The post Belgian Data Protection Authority Issues Updated Guidance on Direct Marketing Rules appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.
-
General Publications March 2025“Reporting ICT-Related Incidents and Cyber Threats Under DORA: Challenges and Obstacles,” Data Protection Leader Magazine, March 2025.This article provides insight on the challenges and obstacles of reporting ICT-related incidents and cyber threats under the EU’s Digital Operational Resilience Act.General Publications March 2025“Reporting ICT-Related Incidents and Cyber Threats Under DORA: Challenges and Obstacles,” Data Protection Leader Magazine, March 2025.This article provides insight on the challenges and obstacles of reporting ICT-related incidents and cyber threats under the EU’s Digital Operational Resilience Act.
-
Webinar February 26, 2025AI Legal Insights: Shaping Tomorrow – Program 5Join us for the fifth program in The AI Legal Insights: Shaping Tomorrow webinar series. This insightful panel discussion with EU and UK-qualified attorneys will cover recent developments around the regulation of artificial intelligence in the EU.Webinar February 26, 2025AI Legal Insights: Shaping Tomorrow – Program 5Join us for the fifth program in The AI Legal Insights: Shaping Tomorrow webinar series. This insightful panel discussion with EU and UK-qualified attorneys will cover recent developments around the regulation of artificial intelligence in the EU.
-
Webinar February 12, 2025A Look Ahead: Privacy and AI in 2025Please join us for a session exploring upcoming trends in privacy and AI for 2025.Webinar February 12, 2025A Look Ahead: Privacy and AI in 2025Please join us for a session exploring upcoming trends in privacy and AI for 2025.
-
Blog Posts February 2, 2025First Milestone in the Implementation of the EU AI Act
The AI Act (Regulation (EU) 2024/1689 of June 13, 2024, laying down harmonized rules on artificial intelligence) is the European Union’s comprehensive legal framework on AI, which aims to promote the responsible development and use of artificial intelligence in the EU. The timeline for implementation of the AI Act follows a staggered approach: while the […]
The post First Milestone in the Implementation of the EU AI Act appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.
Blog Posts February 2, 2025First Milestone in the Implementation of the EU AI ActThe AI Act (Regulation (EU) 2024/1689 of June 13, 2024, laying down harmonized rules on artificial intelligence) is the European Union’s comprehensive legal framework on AI, which aims to promote the responsible development and use of artificial intelligence in the EU. The timeline for implementation of the AI Act follows a staggered approach: while the […]
The post First Milestone in the Implementation of the EU AI Act appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.
-
Advisories December 10, 2024Privacy, Cyber & Data Strategy Advisory | D-Day for the EU Cyber Resilience ActOur Privacy, Cyber & Data Strategy Team discusses the new Cyber Resilience Act (CRA) that affects manufacturers and distributors of connected devices that are in use anywhere in the European Union.Advisories December 10, 2024Privacy, Cyber & Data Strategy Advisory | D-Day for the EU Cyber Resilience ActOur Privacy, Cyber & Data Strategy Team discusses the new Cyber Resilience Act (CRA) that affects manufacturers and distributors of connected devices that are in use anywhere in the European Union.
Languages
- Dutch
- English
- French
Bar Admissions
- Antwerp and Brussels, Belgium
Education
- University of Georgia (LL.M., 1994)
- Vrije Universiteit Brussel (J.D., 1992)
Memberships
- Brussels Bar
- Antwerp Bar
- International Association of Privacy Professionals (IAPP)
Wim Nauwelaerts, Technology & Privacy partner, describes how Alston & Bird meets the needs of banks and financial institutions with combined experience in financial services, privacy and data security.