Heidi Waem is a data protection and privacy lawyer with almost 15 years’ experience advising clients in the FMCG, technology, media, life sciences, financial and public sector on all aspects of EU regulatory data protection compliance (including cybersecurity) and assisting them in data protection and privacy litigation before the Belgian Data Protection Authority and the regular courts.
Heidi also has a background in the broader field of IP/IT, e-commerce, consumer and contract law, so she does not look at data protection compliance in isolation but on the contrary ensures that it is duly embedded in and aligned with the broader legal framework.
Over the years, Heidi has been seconded to various companies in different sectors and this has given her valuable insight and experience as to the needs of and problems faced by businesses. She is known and appreciated by clients for her pragmatic, hands-on approach.
Heidi regularly publishes articles on data protection and privacy topics on DLA Piper’s Privacy Matters blogs, and frequently speaks on those topics during DLA Piper webinars and events from organizations like Beltug, DPO Circle and the VUB Brussels Privacy Hub.
Heidi is a member of the Beltug Privacy Council and the Belgian Council for Journalism.
- Assisting a postal and e-commerce operator in various proceedings before the Belgian Data Protection Authority (inspection service and litigation chamber) including proceedings in relation to a complaint filed by noyb with regard to alleged infringements of the GDPR rules on data transfers.
- Assisting a public sector company in proceedings before the Belgian Data Protection Authority with regard to an e-mail communication that allegedly infringed the GDPR.
- Assisting a bank in proceedings before the Belgian Data Protection Authority following a complaint of a data subject.
- Assisting a company in a dispute regarding the transfer of a database before the regular courts.
- Assisting a publisher in a libel case before the court of first instance.
- Assisting a global materials and recycling company with regard to a data subject assess request and the provision of pre-litigation advice.
- Advising companies from several sectors (including life sciences, financial and retail) on the impact of Schrems II and performing data transfer impact assessments using DLA Piper’s proprietary Transfer methodology.
- Advising a multinational retail clothing company on various aspects of EU Regulatory data protection compliance, including advice on CCTV, data processing and transfer agreements, data protection implications with regard to COVID-19 and diversity & inclusion-related processing activities.
- Advising an international client on the impact of recent EU Regulatory data protection legislative initiatives on its operations (including the Data Governance Act and the Data Act).
- Advising an automotive company on GDPR compliance in the context of a migration of its core IT system and performing the relevant Data Protection Impact Assessments.
- Advising a multinational oil company on GDPR compliance regarding its new app, including structuring the GDPR set-up to ensure optimal and compliance collection and use of personal data.
- Providing detailed advice to a large automotive company on a broad range of cookies.
- Assisting companies of various sectors in the context of cybersecurity incidents including the provision of time-critical incident response advice, the preparation of notifications to the Data Protection Authority and/or the data subjects and the preparation of relevant templates.
- Data Protection Institute, 2015
- University of Antwerp, LLM, 2009
- University of Antwerp, BA Law, 2007
- Belgian DPA decision on IAB Transparency and Consent Framework
- EU Regulatory Data Protection: A first appraisal of the European Commission’s proposal for a ‘Data Act’
- EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle
- Considerations on embedding the new standard contractual clauses in IT contracts
- European Commission publishes long-awaited draft Regulation on Artificial Intelligence
- "GDPR, CCPA, and other Hot Topics in Data Privacy", San Francisco, November 2019
- "GDPR, CCPA, and other Hot Topics in Data Privacy", Santa Monica, November 2019
- "Heard about Mars v. Oracle? Explore Oracle Audits with Experts and Attorneys", VMworld Europe, Barcelona, November 2019
- "Valuation of the data customer", IDI conference, Cernobbio, June 2019
- "Data protection hurdles when negotiating cloud and IT contracts", Beltug, Brussel, June 2019
- "The GDPR - 1 Year Later," Brussel, May 2019
- "David v. Goliath & GDPR. I Can See Clearly Now, the Rain Has Gone or Not?, IBJ Day of the Practice, Brussel, May 2019
- "IoT Open Table Discussion: Legal and IT risks and challenges", Brussel, April 2019
- "Cybersecurity Incident Management", Brussel, November 2018
- "Running Oracle on VMware? Heard About Mars vs. Oracle?", VMworld Europe, Barcelona, November 2018
Memberships And Affiliations
- Dutch Brussels Bar, NOAB
- Beltug Privacy Council
- Belgian Council of Journalism