What do you do?
I provide clients with pragmatic and business-minded advice in using and protecting their data that helps their business move forward. I advise on all aspects of data protection and cybersecurity, such as global data protection and cybersecurity strategies, privacy by design and default, international data transfers strategies, global marketing strategies, data retention and cookie compliance. I also advise many clients on cyber incident preparedness and response and assist with regulatory enforcement actions following security incidents or subject rights complaints.
Privacy and cybersecurity is such an exciting practice area that always keeps me coming back for more. The evolution of technology and the data economy is inspiring and challenging. I am passionate about being part of the creation and adoption of responsible, future proof privacy and cybersecurity practices that support innovation and protect humanity.
What’s keeping you busy at the moment?
My main focus at the moment is helping clients with utilising their global use of data. International data transfer strategies are a hot topic due to Brexit and the Schrems II judgment. For instance, together with my colleagues of Hogan Lovells’ EU privacy & cybersecurity team, I advise clients on international data transfer strategies in light of these recent developments and assist many clients with their binding corporate rules application and implementation.
I also am busy with helping clients deal with regulatory enforcement actions, for instance in response to data breaches and data subject complaints submitted with the regulators.
What mentors or other influential figures have helped you get where you are today?
The biggest influence has been my mother, who raised me for the majority of my life as a single mom. My colleague and partner Joke Bodewits has been an amazing mentor, who is always supportive, and pushes and allows me to take risks and get to the next level.
If you could change one data-related law, how and why would you change it?
European ePrivacy legislation and current regulatory guidance. Hopefully, we will see meaningful progress on the adoption of an EU ePrivacy Regulation during 2021. We currently see that European data protection authorities appear to have declared a war on cookies, based on their strict guidance and selective enforcement. Taking a risk-based approach with regard to cookie consent mechanisms will be more risky. It is questionable whether the approach envisioned by EU data protection authorities is the best approach for consumers and their user experience. I hope that more innovative, meaningful and consumer-friendly solutions will be developed and embraced by consumers and regulators.
How has covid-19 affected what you do?
Working from home for over a year has had a major effect on my interaction with colleagues and clients. While I miss personal, face to face interactions and social gatherings, I am glad that video conference meetings have become the norm. From a privacy and data protection law perspective, we have assisted many clients on different covid-19 related issues, such as remote working and return to work policies, covid-19 response privacy policies and practices, temperature and questionnaire screening of employees and contact tracing.
What’s the next big thing – what data opportunities are companies now looking at?
Many companies are seeing the value of their data and are actively developing new innovative and creative ways to utilise their data. Tech developments such as artificial intelligence and facial recognition play a big part in this and will be one of the most crucial and sensitive issues to regulate to ensure that it is ethical and fit for purpose.
What’s keeping companies worried at the moment – what are some key data risks?
Data globalisation and global transfer strategies will remain a key data risk, considering that life as we know it relies on data flowing across geographical borders throughout the world, while international data transfers have never been more scrutinised.
Cyber incidents will also play a major role in the day to day business of many companies around the world. Ransomware has become a very lucrative business model, and the question whether to pay a ransom is unfortunately for many companies no longer a theoretical one. I expect more agonising discussions about whether or not to pay ransomware, and whether the requirement to notify data protection authorities (or individuals) about ransomware incidents has been triggered and, if so, when.
What do you do to relax?
Cooking with my partner and hosting dinner parties for our friends and family, spending time outside in nature, playing tennis and doing Pilates, watching a good Netflix series and my number one favorite activity: cuddling with my 16-month old son.