Add a bookmark to get started

Muhammed Demircan

Muhammed Demircan practices in the area of privacy, data protection and technology-focused regulations. His expertise focuses on EU-level regulations, covering existing legal instruments such as the ePrivacy Directive and the GDPR, as well as upcoming legal instruments in the framework of “EU Strategy for Data” such as the Data Act, Data Governance Act, EU AI Act, Digital Markets Act and Digital Services Act. He advises companies on in-depth compliance processes with data protection rules and supports contentious data protection matters in cooperation with Belgian-qualified lawyers. 

His previous built-up experience includes all-around GDPR compliance processes for both SMEs and bigger companies, having a vast range from risk assessments such as DPIAs and LIAs, building Records of Processing Activities, cookie and tracking technologies compliance management, legality assessments for new technologies including cybersecurity tools, to third-party compliance management. He has also previously advised clients on the upcoming EU-level regulations such as the European Health Data Space and the EU AI Act.

Muhammed is the author of various academic articles, including awarded novel pieces on the intersection of different legal instruments such as GDPR and the Digital Markets Act. He is also an external member of the Brussels Privacy Hub in VUB, which is a Brussels-based academic research centre. 

Muhammed is listed as an Individual Expert on EDPB’s Support Pool of Experts, under the category of expertise on “legal expertise in new technologies”.

Before joining DLA Piper, Muhammed had diverse experiences in various locations, all focusing on data protection and privacy, such as working as a senior legal consultant in an international consultancy firm, research and director in an academic research centre and associate positions in law firms.
Professional QualificationsAvocat registered with the Ordre Francais des Avocats du Barreau de Bruxelles
  • College of Europe, Advanced Master’s in European Law (LL.M.), Mention Bien, 2021
  • Galatasaray University, LL.B., Honour Roll, 2019
  • Jagiellonian University, Erasmus Exchange, 2018


  • Acting as an internal legal counsel in secondment for an international services firm with more than 6.000 employees covering every aspect of data protection, privacy and cybersecurity compliance both in internal and external engagements, from risk assessments on complex technological tool deployments to conducting DPIAs/LIAs on various processing activities.
  • Conducting several data protection and privacy audits with different areas of focus such as cookie compliance, a “cookieless” marketing strategy and all-round GDPR compliance for various Belgian firms, such as an insurance firm and a monitored alarms firm.
  • Providing in-house training for a very large social media company on the upcoming “EU Strategy for Data” regulations, focusing on the Digital Markets Act and the GDPR, to an audience of engineers and policy officers.
  • Conducting in-depth legal analysis on compliance of various cybersecurity tools focusing on data loss prevention, incident response and anti-phishing with applicable local and EU level data protection and privacy rules.
  • Assisting an UK-based AI risk management company to navigate and orient activities in light of the EU Artificial Intelligence Act, helping them develop an EU AI Act integrated approach to technical risk management of AI systems.
  • Advising a Belgian medical research company on the data access rules of the upcoming European Health Data Space regulation.
  • Advising a leading Belgian insurance company on international data transfers, with a focus on existing transfer schemes and the newly accepted EU-US Data Privacy Framework.
  • Assisting a global leader social media/technology company on data protection infringement investigations before the Turkish Data Protection Authority.
  • Assisting a multinational German company active in life sciences sector with defining the notions of the data controller and data processor in the context of an expected M&A deal.
  • Drafting general and activity-specific privacy policies and cookie policies after various internal workshops and foresight for multiple companies, active in different sectors and countries.
  • English
  • French
  • Turkish

Publications and media


  • Brussels Privacy Symposium, “Vulnerability, Digital Markets Act and Digital Services Act”, November 2022, Brussels.
  • Guest Lecture at VUB within the scope of the “Legal Professions in the Digital Age” course – “Competition & Privacy and Digital Markets Act”, May 2022, Brussels.
  • 17th IFIP Summer School on Privacy and Identity Management 2022, “Digital Markets Act and GDPR: Making Sense of the Data-Sharing Provisions”, August 2022, Germany.
  • IE Law School Lawtomation Days, “Background Check Companies: Vulnerable Employee vs Digital Footprints, A Pandora’s Box”, September 2022, Madrid, Spain.
  • “Brussels Effect: Towards EU AI Act", Istanbul Maltepe University, Panel Speaker, March 2023, Istanbul.

Prior Experience

Before joining DLA Piper, Muhammed worked first in an international law firm as a trainee associate, focusing on corporate law, competition law and data protection and privacy law(s) in Istanbul. He then joined a leading data protection and privacy research centre in Brussels, where he acted as the managing director of the research centre. He also worked in an international consultancy firm in Brussels, focusing on Data & Privacy compliance.

Additional Qualifications

  • Individual Expert on European Data Protection Board (EDPB) Support List of Experts.

Memberships and Affiliations

  • Istanbul Bar, 2020
  • Associated Member of the French-Speaking Brussels Bar (B-List, International List), 2023
  • Member/Author of Better Justice Association.
  • External Member of the Brussels Privacy Hub.