Heidi Waem
  • Counsel
  • DLA Piper
Belgium
Heidi Waem

Heidi Waem

  • Counsel
  • DLA Piper
Belgium

The biggest highlight of my career was starting as a lawyer after first having studied languages and worked in customer service for 9 years. After the birth of my son in 2003, I decided to go to law school where I graduated in 2009. I started at the Brussels bar that same year, and with the exception of one year at the Antwerp bar, I have been here for more than 11 years now.

Over the years, I have worked in various law firms and have met many great and inspiring people for which I am very grateful. I am currently leading the data protection and privacy practice at DLA Piper Belgium, which is for me also definitely a highlight.

Data differs from other practice areas in that I tend to see the data/data protection practice as a horizontal practice that cuts through all sectors and other practice areas. Data is literally everywhere, and in today’s economy virtually every company is confronted with data protection laws. Whether you are a large steel manufacturing company or a small start-up developing a health app, data is in one way or another a part of your business.

This is what makes this practice also very interesting.

The biggest challenges currently include regulation of data, which in the EU keeps on developing at the speed of light. Increasingly, the scope of data regulation is expanding beyond personal data issues. As a law firm with a global client portfolio in many different sectors, it is important to closely follow up on these regulatory developments and to be able to spot policy trends and identify the potential impact on our clients.

To adapt to this, our data practice is working closely together with other departments of the firm. To keep up with regulatory developments, we are aligning on a regular basis with the government affairs, IPT and contracting practices to ensure that we cover all aspects of these developments and to bring in different perspectives. Moreover, we are continuing to attract the most talented people in these areas and to invest significantly in training and knowledge building, both locally and internationally, to keep our people up to speed.

The trends or rather developments that I am closely following are data transfers, enforcement and everything that is happening in the broader EU regulatory data protection area.

Since Schrems II, it has become quite complex and challenging to transfer personal data outside of the EU. There are continuous developments with recommendations being issued and enforcement gradually starting. There is an inherent tension between the vision of Europe on data transfers and the borderless world of technology and data flows. As almost all companies are transferring personal data outside of the EU one way or another, it is crucial to monitor these developments so that I can help them to navigate this complex topic.

Enforcement is interesting as it is further shaping the concepts and obligations of the GDPR. It is furthermore interesting to see how regulators from various countries are approaching enforcement in diverse ways and to see certain trends arising across the continent.

In an era of interconnectedness, the various areas of laws and regulatory instruments are getting further interconnected. In the same way, data protection and privacy law are getting interconnected with a variety of other laws like the Data Governance Act, the Data Act, the Digital Markets Act, etc.

I believe that the biggest challenge to gender equity rather lies with the legal profession as such than with the area of data protection.

Many data protection officers, privacy managers, etc are women. On the technical side, however, in IT and cybersecurity, I believe there is still significant room for progression when it comes to gender balance.

In my experience, there are many female professionals in the area of data protection and privacy. I do not have the feeling that the area is dominated by men. Both men and women have found their place in the data protection space I believe.

I would advise aspiring data lawyers to persevere and give themselves time to master the topic and get beyond the mere compliance aspect of GDPR. I must admit that, at first, I did not like GDPR and data protection that much. All those compliance rules! However, the further I got in my career, the more I began to like it and now I am totally passionate about it.

Unlock unlimited access to all Global Data Review content