Who's Who Legal
Who's Who Legal
New to Who's Who Legal?
New to Who's Who Legal?
Menu
User Menu
New to Who's Who Legal?
Thought Leaders

Thought Leaders

Steven De Schrijver

Steven De Schrijver

AstreaLouizalaan 235 Avenue LouiseBrusselsBelgium1050

Thought Leader

Thought Leaders Global Elite - Data - Data Security
WWL Ranking: Global Elite Thought Leader
WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver impresses peers with his “extensive experience and vast knowledge” of mergers and acquisitions in the technology field. One source notes, “He is an absolute pleasure to work with.”

Questions & Answers

Steven De Schrijver is a partner with the Belgian law firm Astrea. He has 28 years of expertise in a wide range of IT and technology law matters. Steven has been involved in many outsourcing, digital transformation, video platform and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones. He is also considered to be one of Belgium’s top tech M&A lawyers.

What inspired you to specialise in data law? 

My passion is with new technologies. My practice goes broader than data privacy and data security. I also advise technology companies on M&A transactions and complex commercial contracts. As result of the rise of AI and big data, data have become increasingly important for technology companies and data privacy and data security lies at the basis of almost every piece of advice I provide to my clients.

What has covid-19 changed for your practice and your clients’ programmes? 

As covid-19 continues to alter the way we live our lives, organisations and individuals must protect their sensitive data in order to protect themselves. While some changes are likely to be temporary, others are will have long-lasting effects. The pandemic has forced employees to work remotely, resulted in school closures impacting almost 70 per cent of the world’s student population, and given rise to a number of new online scams. These drastic, rapid changes highlight the need for organisations and individuals to reconsider their privacy and security practices and policies and to review the type of data they store, transmit, or otherwise possess themselves or with their third-party partners. 

At the beginning of the covid-19 crisis we received a lot of questions from clients about how to be secure in working from home. Later on, the queries shifted to how to safely return to the office and reopen businesses. We received questions about what sort of health data can be shared by employees and customers and the safety and privacy issues that come from that. We also needed to closely monitor for clients the constantly changing regulatory environment. We expect there to be an increase in breach notifications because the level of remote working will remain high as long as the pandemic continues. 

How is your practice evolving with cyberattacks and data breaches increasing year by year?  

The GDPR (and the NIS Directive) have put some extra pressure on data privacy lawyers. According to Article 33 of the GDPR, data security breaches must be reported within a tight time frame of 72 hours after first being discovered. When a client contacts you with a data breach, it is all hands-on deck to investigate the extent of any damage and put in place mitigation steps.

To what extent has covid-19 impacted the nature and pace of data enforcement from regulatory authorities? 

It is too early to assess such impact in full. Most DPAs state that they have only paused a small part of their work during the lock-down and plan to uphold their enforcement actions and hold organisations accountable when GDPR standards are not met, regardless of the covid-19 crisis. Of course, as they did before, they will take economic elements into account in the calculation of their sanctions. If the organisation demonstrates that the covid-19 crisis has affected its ability to comply with the demands regarding compliance actions and associated deadlines, this will be analysed and taken into account, if appropriate. However, as data collection and use have increased during the pandemic, as we can see by the number of new apps and services that are designed to help address covid-19-related problems, we actually need the DPAs to be more scrutinous than normal because of the things being proposed. This does not only mean imposing fines but also revising legislation and policies.

In your opinion, what does the future of AI in the legal industry look like? 

It is likely that in the short run some routine legal work such as sifting through documents for information and preparing standard documents, will be taken over by AI, in the first place in-house and later on also in law firms. At some point AI will become ubiquitous and become an indispensable assistant to practically every lawyer. However, this should free up lawyers to do the two things there always seems to be too little time for: thinking and advising.

However, AI in combination with big data does not only raise data privacy and data security concerns for clients but also for lawyers. Law firms also need to make a cultural shift. Innovation is rapid. As law firms consider how artificial intelligence and machine learning can enhance efficiency, they should consider how they can embed data protection by design and default in their systems. This is not only about compliance: it makes good business sense.   

How are continuing calls for increased data privacy affecting your practice at the moment? 

The challenge in this time of other challenges for data privacy professionals will be to be able to continue persuading client management of the cost effectiveness of major spend on ensuring continuing GDPR compliance when there seems to be still relatively little enforcement by national DPAs. Until more and larger fines are levied, the cost/benefit analysis remains difficult.

What is the best piece of advice you’ve ever received? 

As a data lawyer the best piece of advice I have received is that your clients can never be fully data protection compliant. Data lawyers are not accountants checking boxes, but risk management professionals that need to provide their clients with sensible, logical, industry-standard legal solutions for data privacy and data security and help them to make the appropriate choices and investments in order to minimise exposure.

As a lawyer, in general, my favourite pieces of advice were to follow my passion for technology, not to network but to make friends, not be afraid to ask your friends for help and to always show your gratitude when friends help you.

Thought Leaders Global Elite - Data - Telecoms & Media 2021
WWL Ranking: Global Elite Thought Leader
Thought Leaders - Data - Data Privacy & Protection 2020

Q&A

WWL Ranking: Thought Leader

WWL says

Steven De Schrijver is a leading authority on privacy and protection matters, distinguished by peers as a “very skilled and responsive colleague”.

Questions & Answers

Steven De Schrijver is a partner with the Belgian law firm Astrea. He has 28 years of expertise in a wide range of IT and technology law matters. Steven has been involved in many outsourcing, digital transformation, video platform and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones. He is also considered to be one of Belgium’s top tech M&A lawyers.

How has the market changed since you first started practising?

Over the years, data security has become more important as cyberthreats have also increased. When I started practising, the use of the internet became more widespread and more people began putting their personal information online. Because of this, organised crime entities saw this as a potential source of revenue, and started to steal data from people and governments via the web. While governments and companies put up firewalls and antivirus programs to minimise the risks, hackers created stronger and stronger computer viruses and worms. Over Snowden (2013), Yahoo! (2013-2014), WannaCry (2017), Marriott (2018) and Facebook/Cambridge Analytica (2019), the hacking became more and more complicated. Whereas in the beginning we, as lawyers, were just advising on applicable laws and advertising clients to take the necessary security measures, clients are now better aware of the risks – but it has become more difficult to stay on top of information security in an ever-increasing global world, and you need a whole team of IT and forensic experts when you want to assist your client in case of a cyberattack or data breach.

What qualities make for a successful data security specialist?

As a data security specialist, you need to have an interest in technology, good knowledge of the applicable laws, and the ability to navigate uncertainty and a changing legal landscape. Sometimes you need to be a creative legal mind who can think “outside the box”, and you need to have good communication skills with both external counterparts (regulators) and internal stakeholders. You need to be assertive towards your clients, but also understand their commercial and business issues so that you can help them to set priorities. 

What are some of the challenges posed by representing and advising large technology companies today? 

In times where technology changes rapidly, and new solutions such as artificial intelligence (AI), machine learning and big data are about to further revolutionise the world, lawyers can only be good advisers to their clients if they fully understand the technology they are advising on. A successful technology lawyer should therefore, for example, follow a course on the functioning of AI or its different types. Only then can a technology lawyer provide creative solutions to the legal questions of modern technology, including those on data security. Indeed, some creativity will be needed in many cases, as the law is known to be lagging behind current events and it will not always be able to provide sound solutions.

What currently poses the greatest threat to the data security of individuals and corporations, and how can this threat be addressed? 

Despite many campaigns, the number of people and companies that fall victim to phishing and other online crimes remains high. Governments must continue to invest in sufficient means to combat online criminals. In addition, businesses must ensure that they follow the GDPR’s rule that obliges them to implement appropriate technical and organisational measures to securely process the data of their customers. After all, leaked client data can be an important source of income for online criminals, who sell it on the dark web.

Belgian companies themselves are increasingly becoming the target of cybercrime. In 2019, the number of reported cases with insurance brokers was 194 per cent higher than in 2016. In many cases ransomware is being used, which shuts down the entire IT system of a company until the ransom is paid, which in extreme cases can amount to more than €1 million. It is therefore crucial for businesses to design and respect internal policies and action plans which include procedures on how to deal with various online threats, especially suspicious emails and other phishing methods which are becoming increasingly sophisticated. 

How has Astrea adapted to address the challenges caused by the rise in online fraud?

As with most law firms, Astrea has protected itself by having backups in place of all data on third-party servers, which are well protected; by implementing a firm-wide password policy; by installing antivirus software; and by educating its staff to not click on suspicious links.

Which technology do you see changing the market and creating the most work for your firm in the next five years? 

The rise of AI will certainly confront lawyers with many challenges, as many legal domains have not yet come up with sound solutions to legal questions that it will create. AI can be used to improve data security. Thanks to AI’s ability to automate businesses’ threat prevention, detection and response (eg, algorithms may detect the patterns of a ransomware or malware attack before it enters into a system), it has a significant role to play within a robust cybersecurity strategy. However, just as organisations are using AI for cybersecurity purposes, hackers are using the same technology to test their own malware, with the aim of bypassing even the most advanced strategies. Another thrilling technology is quantum computing, which may provide for advanced encryption methods to secure data, but may also be used again by cybercriminals could to breach securely stored data. Hence, this shows how important it is and will be for businesses to make sure that they are secure against all new technologies, such as quantum computing, which means that they need to constantly re-evaluate and update their data security systems.

What impact could the covid-19 pandemic have on cybersecurity? 

As the president of the European Commission already warned at the end of March, there has been a significant increase of cybercrime as a direct result of the covid-19 pandemic. As millions of people have now moved their activities to the virtual world, whether it is for remote working or online classes, cybercriminals have now gained even more targets than before. It is expected that all sorts of cybercrime (eg, phishing emails, ransomware, malware, etc) will appear more often in the coming months. VPN services in particular may be confronted with increased attacks as they provide a lifeline for the functioning of many businesses. It seems that, more than ever, businesses must consider the importance of solid cybersecurity of their systems to ensure that they continue to function despite the circumstances and remain resilient to online threats, businesses should also keep focusing on (online) training of staff.

Further, it should be noted that some countries have chosen to introduce apps that monitor the location of carriers of the covid-19 virus, and warn others when they get close to such a carrier. But in the Netherlands, for instance, where several apps are being tested, the data of users, including their names and addresses, have been exposed by data leaks. Even in times of crisis, the data security and privacy of individuals must be safeguarded, and such insufficiently tested digital solutions should not be used too hastily.

What has been your greatest achievement to date?

In general I am a person who prefers to be forward-looking, rather than backward-looking. Of course, I am very proud that over the past 28 years I have been able to assist so many foreign and Belgian companies on data-related matters, and been able to cooperate with so many large and boutique law firms on many significant cross-border cases and transactions. However, I think my greatest achievement is that as a young lawyer, I picked a domain that fascinated me, and through hard work, many publications, conference appearances and networking – and of course, great clients – I have become a recognised practitioner who is seen by his peers and clients as a thought leader in this domain.

Thought Leaders - Data - Data Security 2020
WWL Ranking: Thought Leader
Thought Leaders - Data - Information Technology 2020
WWL Ranking: Thought Leader
Thought Leaders - Data - Telecoms & Media 2020
WWL Ranking: Thought Leader

Global Leader

WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver is recognised for his “outstanding work on the privacy and protection of personal information” and comes highly sought-after by an array of high-profile clients. 

Biography

Steven De Schrijver is a partner in the Brussels office of the Belgian law firm Astrea. He has 28 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies, most of the time with a cross-border element. Steven has been involved in many outsourcing, software and cloud application development, digital transformation, cybersecurity and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones.

Steven is also considered one of the most prominent Belgian tech M&A lawyers, and has used his in-depth knowledge of the tech sector and expertise in technology law matters (privacy, open source) to assist his clients with the acquisition and sale of numerous Belgian software and technology companies.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a former board member of ITechLaw and a former president of the International Federation of Computer Law Associations. In 2012, 2014, 2017, 2018 and 2019, he was granted the Global Information Technology/Data Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a juris doctor (1992) and an LLM in business law (1995) from the University of Antwerp and an LLM (1993) from the University of Virginia School of Law. Steven obtained his CIPP/E in 2018.

Data - Data Security 2021

Professional Biography

WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver is a "pragmatic and extremely responsive lawyer" with unrivalled expertise spanning the full range of IT security matters.

Biography

Steven De Schrijver is a partner in the Brussels office of the Belgian law firm Astrea. He has 28 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies, most of the time with a cross-border element. Steven has been involved in many outsourcing, software and cloud application development, digital transformation, cybersecurity and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones.

Steven is also considered one of the most prominent Belgian tech M&A lawyers, and has used his in-depth knowledge of the tech sector and expertise in technology law matters (privacy, open source) to assist his clients with the acquisition and sale of numerous Belgian software and technology companies.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a former board member of ITechLaw and a former president of the International Federation of Computer Law Associations. In 2012, 2014, 2017, 2018 and 2019, he was granted the Global Information Technology/Data Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a juris doctor (1992) and an LLM in business law (1995) from the University of Antwerp and an LLM (1993) from the University of Virginia School of Law. Steven obtained his CIPP/E in 2018.

WWL Ranking: Global Elite Thought Leader

WWL says

The “outstanding” Steven De Schrijver is a “true market leader” who is “highly recommended” for his “exceptional work on information technology law, protection of personal information and privacy, outsourcing and media law”.

Biography

Steven De Schrijver is a partner in the Brussels office of the Belgian law firm Astrea. He has 28 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies, most of the time with a cross-border element. Steven has been involved in many outsourcing, software and cloud application development, digital transformation, cybersecurity and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones.

Steven is also considered one of the most prominent Belgian tech M&A lawyers, and has used his in-depth knowledge of the tech sector and expertise in technology law matters (privacy, open source) to assist his clients with the acquisition and sale of numerous Belgian software and technology companies.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a former board member of ITechLaw and a former president of the International Federation of Computer Law Associations. In 2012, 2014, 2017, 2018 and 2019, he was granted the Global Information Technology/Data Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a juris doctor (1992) and an LLM in business law (1995) from the University of Antwerp and an LLM (1993) from the University of Virginia School of Law. Steven obtained his CIPP/E in 2018.

Data - Telecoms & Media 2021

Professional Biography

WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver at Astrea impresses sources who note he “understands the enterprise problems very well and remains eager to learn new things for the benefit of his customers”.

Biography

Steven De Schrijver is a partner in the Brussels office of the Belgian law firm Astrea. He has 28 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies, most of the time with a cross-border element. Steven has been involved in many outsourcing, software and cloud application development, digital transformation, cybersecurity and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones.

Steven is also considered one of the most prominent Belgian tech M&A lawyers, and has used his in-depth knowledge of the tech sector and expertise in technology law matters (privacy, open source) to assist his clients with the acquisition and sale of numerous Belgian software and technology companies.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a former board member of ITechLaw and a former president of the International Federation of Computer Law Associations. In 2012, 2014, 2017, 2018 and 2019, he was granted the Global Information Technology/Data Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a juris doctor (1992) and an LLM in business law (1995) from the University of Antwerp and an LLM (1993) from the University of Virginia School of Law. Steven obtained his CIPP/E in 2018.

Features by Steven De Schrijver



Xaas: the legal implications of the inevitable evolution towards an integrated, service-based business model

Xaas: the legal implications of the inevitable evolution towards an integrated, service-based business model


The Future Is Now: Legal Consequences of Electronic Personality for Autonomous Robots

The Future Is Now: Legal Consequences of Electronic Personality for Autonomous Robots

Awards won by Steven De Schrijver

To view this content please login, or register if you are new to Who's Who Legal
Law Business Research
Law Business Research Ltd
Meridian House, 34-35 Farringdon Street
London EC4A 4HL, UK
© Law Business Research Ltd 1998-2020. All rights reserved.
Company No.: 03281866