Heidi Waem is a data protection and privacy lawyer with almost 15 years’ experience advising clients in the FMCG, technology, media, life sciences, financial and public sector on all aspects of EU regulatory data protection compliance (including cybersecurity) and assisting them in data protection and privacy litigation before the Belgian Data Protection Authority and the regular courts.
Heidi also has a background in the broader field of IP/IT, e-commerce, consumer and contract law, so she does not look at data protection compliance in isolation but on the contrary ensures that it is duly embedded in and aligned with the broader legal framework.
Over the years, Heidi has been seconded to various companies in different sectors and this has given her valuable insight and experience as to the needs of and problems faced by businesses. She is known and appreciated by clients for her pragmatic, hands-on approach.
Heidi regularly publishes articles on data protection and privacy topics on DLA Piper’s Privacy Matters blogs, and frequently speaks on those topics during DLA Piper webinars and events from organizations like Beltug, DPO Circle and the VUB Brussels Privacy Hub.
Heidi is a member of the Beltug Privacy Council and the Belgian Council for Journalism.
- Assisting a postal and e-commerce operator in various proceedings before the Belgian Data Protection Authority (inspection service and litigation chamber) including proceedings in relation to a complaint filed by noyb with regard to alleged infringements of the GDPR rules on data transfers.
- Assisting a public sector company in proceedings before the Belgian Data Protection Authority with regard to an e-mail communication that allegedly infringed the GDPR.
- Assisting a bank in proceedings before the Belgian Data Protection Authority following a complaint of a data subject.
- Assisting a company in a dispute regarding the transfer of a database before the regular courts.
- Assisting a publisher in a libel case before the court of first instance.
- Assisting a global materials and recycling company with regard to a data subject assess request and the provision of pre-litigation advice.
- Advising companies from several sectors (including life sciences, financial and retail) on the impact of Schrems II and performing data transfer impact assessments using DLA Piper’s proprietary Transfer methodology.
- Advising a multinational retail clothing company on various aspects of EU Regulatory data protection compliance, including advice on CCTV, data processing and transfer agreements, data protection implications with regard to COVID-19 and diversity & inclusion-related processing activities.
- Advising an international client on the impact of recent EU Regulatory data protection legislative initiatives on its operations (including the Data Governance Act and the Data Act).
- Advising an automotive company on GDPR compliance in the context of a migration of its core IT system and performing the relevant Data Protection Impact Assessments.
- Advising a multinational oil company on GDPR compliance regarding its new app, including structuring the GDPR set-up to ensure optimal and compliance collection and use of personal data.
- Providing detailed advice to a large automotive company on a broad range of cookies.
- Assisting companies of various sectors in the context of cybersecurity incidents including the provision of time-critical incident response advice, the preparation of notifications to the Data Protection Authority and/or the data subjects and the preparation of relevant templates.
- Data Protection Institute, 2015
- University of Antwerp, LLM, 2009
- University of Antwerp, BA Law, 2007
Institute for Translation and Interpreters Antwerp, MA Translation, 1999
- Belgian DPA decision on IAB Transparency and Consent Framework
- EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’
- EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle
- Considerations on embedding the new standard contractual clauses in IT contracts
- European Commission publishes long-awaited draft Regulation on Artificial Intelligence
- • Stay Tuned International for DPOs, Data Protection Institute, October 2022
• Digital Markets Act – Genesis and scope, Brussels Privacy Hub (VUB), June 2022
• A public database for judicial decisions in Belgium, Brussels Bar Incubator, May 2022
• EU Regulatory Data Protection - A legal and policy appraisal of an emerging legislative framework, DLA Piper webinar, May 2022
• State of play regarding international data transfers, Beltug N-Sight, February 2022
• DLA Piper GDPR Fines and Data Breach Survey 2022, DLA Piper webinar, January 2022
• DPO Circle Annual Conference ‘Global Privacy Regulations (China, Japan, US)’, December 2021
• Data protection litigation in Belgium – Practical insights and a look at the horizon, DLA Piper webinar, October 2021
• EDPB, SCCs and Brexit – The Future of Global Data Transfers, DLA Piper webinar, July 2021
• New European Standard Contractual Clauses (SCCs) – A Technical Briefing, DLA Piper webinar, June 2021
• ‘Gebruik persoonsgegevens bij HR-beleid ! Big Data @ Work en controle werknemers, Lexalert webinar, March 2021
• DLA Piper GDPR fines and data breach survey launch 2021, DLA Piper webinar, January 2021
Memberships And Affiliations
- Dutch Brussels Bar, NOAB
- Beltug Privacy Council
- Belgian Council of Journalism