ao link
Who's Who Legal
Who's Who Legal
Menu
Thought Leaders

Thought Leaders

Thought Leader

Thought Leaders Global Elite - Data - Data Security
WWL Ranking: Global Elite Thought Leader
WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver impresses peers with his “extensive experience and vast knowledge” of mergers and acquisitions in the technology field. One source notes, “He is an absolute pleasure to work with.”

Questions & Answers

Steven De Schrijver is a partner with the Belgian law firm Astrea. He has 28 years of expertise in a wide range of IT and technology law matters. Steven has been involved in many outsourcing, digital transformation, video platform and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones. He is also considered to be one of Belgium’s top tech M&A lawyers.

What inspired you to specialise in data law? 

My passion is with new technologies. My practice goes broader than data privacy and data security. I also advise technology companies on M&A transactions and complex commercial contracts. As result of the rise of AI and big data, data have become increasingly important for technology companies and data privacy and data security lies at the basis of almost every piece of advice I provide to my clients.

What has covid-19 changed for your practice and your clients’ programmes? 

As covid-19 continues to alter the way we live our lives, organisations and individuals must protect their sensitive data in order to protect themselves. While some changes are likely to be temporary, others are will have long-lasting effects. The pandemic has forced employees to work remotely, resulted in school closures impacting almost 70 per cent of the world’s student population, and given rise to a number of new online scams. These drastic, rapid changes highlight the need for organisations and individuals to reconsider their privacy and security practices and policies and to review the type of data they store, transmit, or otherwise possess themselves or with their third-party partners. 

At the beginning of the covid-19 crisis we received a lot of questions from clients about how to be secure in working from home. Later on, the queries shifted to how to safely return to the office and reopen businesses. We received questions about what sort of health data can be shared by employees and customers and the safety and privacy issues that come from that. We also needed to closely monitor for clients the constantly changing regulatory environment. We expect there to be an increase in breach notifications because the level of remote working will remain high as long as the pandemic continues. 

How is your practice evolving with cyberattacks and data breaches increasing year by year?  

The GDPR (and the NIS Directive) have put some extra pressure on data privacy lawyers. According to Article 33 of the GDPR, data security breaches must be reported within a tight time frame of 72 hours after first being discovered. When a client contacts you with a data breach, it is all hands-on deck to investigate the extent of any damage and put in place mitigation steps.

To what extent has covid-19 impacted the nature and pace of data enforcement from regulatory authorities? 

It is too early to assess such impact in full. Most DPAs state that they have only paused a small part of their work during the lock-down and plan to uphold their enforcement actions and hold organisations accountable when GDPR standards are not met, regardless of the covid-19 crisis. Of course, as they did before, they will take economic elements into account in the calculation of their sanctions. If the organisation demonstrates that the covid-19 crisis has affected its ability to comply with the demands regarding compliance actions and associated deadlines, this will be analysed and taken into account, if appropriate. However, as data collection and use have increased during the pandemic, as we can see by the number of new apps and services that are designed to help address covid-19-related problems, we actually need the DPAs to be more scrutinous than normal because of the things being proposed. This does not only mean imposing fines but also revising legislation and policies.

In your opinion, what does the future of AI in the legal industry look like? 

It is likely that in the short run some routine legal work such as sifting through documents for information and preparing standard documents, will be taken over by AI, in the first place in-house and later on also in law firms. At some point AI will become ubiquitous and become an indispensable assistant to practically every lawyer. However, this should free up lawyers to do the two things there always seems to be too little time for: thinking and advising.

However, AI in combination with big data does not only raise data privacy and data security concerns for clients but also for lawyers. Law firms also need to make a cultural shift. Innovation is rapid. As law firms consider how artificial intelligence and machine learning can enhance efficiency, they should consider how they can embed data protection by design and default in their systems. This is not only about compliance: it makes good business sense.   

How are continuing calls for increased data privacy affecting your practice at the moment? 

The challenge in this time of other challenges for data privacy professionals will be to be able to continue persuading client management of the cost effectiveness of major spend on ensuring continuing GDPR compliance when there seems to be still relatively little enforcement by national DPAs. Until more and larger fines are levied, the cost/benefit analysis remains difficult.

What is the best piece of advice you’ve ever received? 

As a data lawyer the best piece of advice I have received is that your clients can never be fully data protection compliant. Data lawyers are not accountants checking boxes, but risk management professionals that need to provide their clients with sensible, logical, industry-standard legal solutions for data privacy and data security and help them to make the appropriate choices and investments in order to minimise exposure.

As a lawyer, in general, my favourite pieces of advice were to follow my passion for technology, not to network but to make friends, not be afraid to ask your friends for help and to always show your gratitude when friends help you.

Thought Leaders Global Elite - Data - Telecoms & Media 2021
WWL Ranking: Global Elite Thought Leader

WWL says

The “outstanding” Steven De Schrijver is a “true market leader” who is “highly recommended” for his “exceptional work on information technology law, protection of personal information and privacy, outsourcing and media law”.

Questions & Answers

Steven De Schrijver is a partner with the Belgian law firm Astrea. He has almost 30 years of expertise in a wide range of IT and technology law matters. Steven has been involved in many outsourcing, digital transformation, video platform and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones. He is also considered to be one of Belgium’s top tech M&A lawyers.

What do you enjoy most about working in data?

Data is the great commodity of our age. Data security and data privacy law are evolving areas of law which are constantly changing. The developing nature of technology and data solutions imply that a data lawyer must continuously look for creative solutions to thorny problems. A data lawyer must also assist his clients to make risk assessments and make important financial and business decisions.

One year on from the outbreak of covid-19, what specific data challenges have emerged in practice over that time and how did the firm tackle them? 

It is, of course, that in almost all cases we have had to deal with the intended processing of sensitive health data by clients, which is only allowed in a limited number of circumstances. The first real challenge arose when we had to advise clients across many different sectors on the implementation of governmental measures to restrict the spread of covid-19 taken during the first wave of the pandemic in 2020. Employers, for instance, had to understand which data of their employees they were allowed to process to prevent infections at work (eg, permitted methods of temperature measurement). As of July 2020, restaurants, bars, cafés and hotels had to implement contact tracing solutions by registering the data of clients who visited their facilities. This led to many questions from clients, such as: (i) what kind of data needs to be registered? (ii) do all members of a group need to leave their data? and (iii) in what form would the registration take place, avoiding unauthorised access (and thus data breaches) to the data? This registration requirement was later expanded to many other sectors as well. Solutions based on the government’s guidelines had to implemented with clients. As we are moving to a different stage of the coronavirus pandemic, I expect many questions to arise around vaccination. For instance, employers will be keen to confirm whether their employees have been vaccinated. Certain businesses, especially in the sectors of travel and entertainment, may require proofs of vaccinations. For now, the processing of such data would in principle be considered unlawful. 
What makes Astrea stand out from its competitors in the market?

I would say our experience, our commitment to remain on top of all new developments in this evolving area of law and our business-oriented and pragmatic approach. 

How do you think the EU’s Data Governance Act will impact the region?

The Data Governance Act promises to introduce some interesting solutions to increase the sources of data in times where data is essential to drive innovation, such as the possibility for the public sector to share data for other purposes than originally intended. This may boost the improvement of data-driven solutions for transport, healthcare and many other sectors. After all, few organisations hold as much interesting data as the government. Another noble idea is data altruism, which may provide a new source of data for scientific research from ‘data volunteers’. The possible new rules on data sharing service providers may improve the security of such solutions, but any protectionism in the rules which may be detrimental to innovation must be avoided (eg, the eventually removed requirement that these service providers would need to be EU-based). 

Apart from the solutions that the Act would bring, one can wonder whether the EU’s legislative framework for data is not becoming too complex with the GDPR, the Data Governance Act, separate data provisions in the upcoming AI Regulation, the Open Data Directive, the Database Directive, a future Data Act, etc. It is of course understandable that the European Commission, step-by-step, wishes to regulate many different matters concerning the use of data within the European Union. However, in the future the European Commission may consider merging the various legislative initiatives into one clear act in order to avoid complexity and provide organisations with a harmonised legal framework with which they need to need to comply. Perhaps in a European Data Code?

What do you think the lasting impact of covid-19 will be for clients and for data lawyers? 

Few events in recent history have given the digital world such a large boost as covid-19. Businesses that thought that they could stay away from the world of e-commerce or cloud-based teleworking have been forced to take the bold step to finally accept such technologies. Data lawyers must and will have to, more than ever, assist clients in entering into secure cloud service agreements or in focusing on the creation of a strong legal data protection framework within their organisations (including appropriate and detailed internal policies). Unfortunately, another boost has been given to online crime. Data lawyers will therefore have more work in providing advice on the implementation of measures to secure an organisation’s digital environment, as well as to deal with cyber­attacks or ransomware which will increasingly target clients.

What key challenges might younger data lawyers face in their practice and how can they overcome these?

I think that with the almost weekly new developments in this constantly evolving area, data lawyers have to work hard to remain on top and inform and advise their clients properly. The risk is that as a data lawyer you simply become a pure technical lawyer. As a data security specialist, you need to have an interest in technology, good knowledge of the applicable laws and the ability to navigate uncertainty and a changing legal landscape, but sometimes you need to be a creative legal mind who can think “outside the box”. And, if necessary, you need to be assertive towards your clients to make them realise the importance of data privacy and data security but also understand their commercial and business issues so that you can help them to set priorities.

What data-related opportunities do you see emerging in the next few years?

It is clear that the real world has shifted to the digital world more than ever during the last few months. Precisely that shift will create many opportunities in data-heavy sectors in the coming years. Many online businesses have attracted new customers who had no choice but to purchase online and are now likely to stay, increasing the importance of data processing for online marketing. Many organisations have also moved their operations to cloud environments due to teleworking which will continuously increase the need for adequate security measures to protect data. The proposed AI Regulation in the EU may become a legal revolution, which amongst others will most likely set quality criteria for data used in AI systems. Certain processing of personal data by AI systems will also be prohibited (such as social scoring). Such legislation would set a certain course for many in the data industry. 

What advice would you give to someone starting out in data law?

If you want to launch a career in privacy law, you should follow the relevant courses. You may want to obtain an IAPP certification as a certified information privacy professional (CIPP). You should look for privacy law opportunities at your workplace, as there should be plenty. You may look for fellowships and/or attend conferences. You also should try to network with reputed privacy lawyers and immerse yourself in the community. Further, you should try to publish some articles. Finally, you should familiarise yourself with the new technologies and, if you are tech-savvy enough, learn to code which will definitely give you an edge as a data lawyer. But, above all, do not forget to train your creative skills and try to think “outside the box”.

Global Leader

WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver is recognised for his “outstanding work on the privacy and protection of personal information” and comes highly sought-after by an array of high-profile clients. 

Biography

Steven De Schrijver is a partner in the Brussels office of the Belgian law firm Astrea. He has 28 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies, most of the time with a cross-border element. Steven has been involved in many outsourcing, software and cloud application development, digital transformation, cybersecurity and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones.

Steven is also considered one of the most prominent Belgian tech M&A lawyers, and has used his in-depth knowledge of the tech sector and expertise in technology law matters (privacy, open source) to assist his clients with the acquisition and sale of numerous Belgian software and technology companies.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a former board member of ITechLaw and a former president of the International Federation of Computer Law Associations. In 2012, 2014, 2017, 2018 and 2019, he was granted the Global Information Technology/Data Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a juris doctor (1992) and an LLM in business law (1995) from the University of Antwerp and an LLM (1993) from the University of Virginia School of Law. Steven obtained his CIPP/E in 2018.

Data - Data Security 2021

Professional Biography

WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver is a "pragmatic and extremely responsive lawyer" with unrivalled expertise spanning the full range of IT security matters.

Biography

Steven De Schrijver is a partner in the Brussels office of the Belgian law firm Astrea. He has 28 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies, most of the time with a cross-border element. Steven has been involved in many outsourcing, software and cloud application development, digital transformation, cybersecurity and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones.

Steven is also considered one of the most prominent Belgian tech M&A lawyers, and has used his in-depth knowledge of the tech sector and expertise in technology law matters (privacy, open source) to assist his clients with the acquisition and sale of numerous Belgian software and technology companies.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a former board member of ITechLaw and a former president of the International Federation of Computer Law Associations. In 2012, 2014, 2017, 2018 and 2019, he was granted the Global Information Technology/Data Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a juris doctor (1992) and an LLM in business law (1995) from the University of Antwerp and an LLM (1993) from the University of Virginia School of Law. Steven obtained his CIPP/E in 2018.

WWL Ranking: Global Elite Thought Leader

WWL says

The “outstanding” Steven De Schrijver is a “true market leader” who is “highly recommended” for his “exceptional work on information technology law, protection of personal information and privacy, outsourcing and media law”.

Biography

Steven De Schrijver is a partner in the Brussels office of the Belgian law firm Astrea. He has 28 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies, most of the time with a cross-border element. Steven has been involved in many outsourcing, software and cloud application development, digital transformation, cybersecurity and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones.

Steven is also considered one of the most prominent Belgian tech M&A lawyers, and has used his in-depth knowledge of the tech sector and expertise in technology law matters (privacy, open source) to assist his clients with the acquisition and sale of numerous Belgian software and technology companies.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a former board member of ITechLaw and a former president of the International Federation of Computer Law Associations. In 2012, 2014, 2017, 2018 and 2019, he was granted the Global Information Technology/Data Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a juris doctor (1992) and an LLM in business law (1995) from the University of Antwerp and an LLM (1993) from the University of Virginia School of Law. Steven obtained his CIPP/E in 2018.

Data - Telecoms & Media 2021

Professional Biography

WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver at Astrea impresses sources who note he “understands the enterprise problems very well and remains eager to learn new things for the benefit of his customers”.

Biography

Steven De Schrijver is a partner in the Brussels office of the Belgian law firm Astrea. He has 28 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies, most of the time with a cross-border element. Steven has been involved in many outsourcing, software and cloud application development, digital transformation, cybersecurity and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones.

Steven is also considered one of the most prominent Belgian tech M&A lawyers, and has used his in-depth knowledge of the tech sector and expertise in technology law matters (privacy, open source) to assist his clients with the acquisition and sale of numerous Belgian software and technology companies.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a former board member of ITechLaw and a former president of the International Federation of Computer Law Associations. In 2012, 2014, 2017, 2018 and 2019, he was granted the Global Information Technology/Data Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a juris doctor (1992) and an LLM in business law (1995) from the University of Antwerp and an LLM (1993) from the University of Virginia School of Law. Steven obtained his CIPP/E in 2018.

Features by Steven De Schrijver



Xaas: the legal implications of the inevitable evolution towards an integrated, service-based business model

Xaas: the legal implications of the inevitable evolution towards an integrated, service-based business model


The Future Is Now: Legal Consequences of Electronic Personality for Autonomous Robots

The Future Is Now: Legal Consequences of Electronic Personality for Autonomous Robots

Awards won by Steven De Schrijver


Who's Who Legal Awards 2019


> Data -
Lawyer of the year

Law Business Research
Law Business Research Ltd
Meridian House, 34-35 Farringdon Street
London EC4A 4HL, UK
© Law Business Research Ltd 1998-2021. All rights reserved.
Company No.: 03281866