Diljá Helgadóttir focuses on all aspects of EU competition law, as well as EU regulatory law.

Prior to joining Van Bael & Bellis, Diljá worked at the Ministry of Foreign Affairs in Iceland as an advisor in free trade negotiations with third countries. Diljá also gained experience at leading law firms in both Reykjavik and Hamburg.


Icelandic, English, Danish, Norwegian


  • King's College London, Postgraduate Diploma in EU Competition Law, Merit, 2021
  • Duke University School of Law, USA, Merit Scholar, LL.M. International Business Law, 2020
  • Reykjavik University, Master of Laws, summa cum laude, 2019
  • Bucerius Law School, Germany, International and Comparative Business Law, 2017
  • Reykjavik University, Bachelor of Laws, magna cum laude, 2017


Diljá has published several peer-reviewed articles and delivered lectures in EU law and the law of obligations, in particular mortgage law.

Peer-reviewed publications:

‘Few words about the liability of a bankruptcy estate towards shareholders and other related parties’ publication’ Úlfljótur, The Legal Journal of University of Iceland, June 2020.

‘The Interaction Between Directive 2015/2366 (EU) on Payment Services (PSD2) and Regulation (EU) 2016/679 on General Data Protection (GDPR) Concerning Third Party Players’ Trinity College Law Review, March 2020.

‘Bankruptcy estate claims for unlawful allocation of funds from a company’ The Legal Journal of RU (Tímarit Lögréttu), October 2019.

‘Breakthrough in the payment service market legislation: Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services.’ Legal Journal of RU (Tímarit Lögréttu), October 2019. Co-author: Dr. Margret Einarsdottir.

‘Extension of time limitations after the end of bankruptcy’ Úlfljótur, The Legal Journal of University of Iceland, June 2019.

‘Validity of guarantees and deficiencies in credit assessment’ Legal Journal of RU (Tímarit Lögréttu), December 2019. Co-author: Stefan Andrew Svensson.

Other publications:

‘The conflict concerning data sharing under PSD2 and obtaining consent to share such data under GDPR’ Oxford Business Law Blog, 2020.

‘Foreign direct investment in the EU and Iceland’s position’ Morgunbladid Newspaper, 2020.

‘Electronic shareholder meetings in the era of COVID-19’ Morgunbladid Newspaper, 2020.

‘Initial Negotiations when Negotiating a Merger and Acquisition Deal’ Vísir, 2019.

‘Nomination committees in the public sector’ The Icelandic Business Journal, 2020.

‘A milestone in the payment services market: PSD2 incorporated into the EEA Agreement.’ The Icelandic Business Journal, 2019.

‘Recovery Rights of the Icelandic Government’s Guarantee Fund’ The Icelandic Business Journal, 2019.


Publications and insights

Sign up for updates
    • 02/07/2021
    • News

    EU Adequacy Decisions for EU-UK Personal Data Flows

    On 28 June 2021, the European Commission adopted two adequacy decisions for the transfer of personal data from the EU and EEA to the United Kingdom following the agreed post-Brexit transition period. The two adequacy decisions allow personal data transfers under: (i) the General Data Protection Regulation (GDPR); and (ii) the Law Enforcement Directive respectively. The decisions came days before the transitional agreement under the EU-UK Cooperation Agreement was set to expire on 30 June 2021 and ensure that personal data can be transferred freely from the EU/EEA to the UK for the next four years. Following its thorough assessment of the UK’s practice on the protection of personal data including rules on the access to data by public authorities, the Commission came to the decision that the UK’s data protection system continues to be based on the same rules that were applicable while the UK was still a Member State of the EU. The Commission’s decision means that the UK’s data protection standards are considered “adequate”, pursuant to Article 45 of the GDPR. Please click on the link below to read our note on the subject.

    Read more
    • 16/06/2021
    • Articles

    Commission Adopts Model Clauses for International Transfers and Processor Agreements

    On 4 June 2021, the European Commission published two Implementing Decisions with model clauses to comply with the General Data Protection Regulation (EU) 2016/679 (the GDPR). The first decision is likely to have a more significant impact than the second for many organisations. The European Commission adopted new standard contractual clauses for the transfer of personal data to third countries outside the EU/EEA (the Transfer SCCs). Compared to the current SCCs, the new Transfer SCCs provide more flexibility in the situations that they cover and the parties that are covered by the clauses. In addition, the new Transfer SCCs provide more legal certainty in view of the recent case law of the Court of Justice of the European Union, including the Schrems II case. Organisations that rely on older versions of the SCCs for their international transfers now have 18 months to replace these with the new Transfer SCCs (or other measures that are permitted under the GDPR). The second decision contains a set of model clauses that can be used between controllers and processors (the Processor Clauses). In particular, Article 28 of the GDPR requires data controllers to put in place a data processing agreement (or other legal act) when outsourcing data processing activities to a data processor, and sets forth the data protection obligations that must be covered by such data processing agreement. The use of the Processor Clauses is optional and organisations can still continue to use their own processor agreements, provided that these comply with Article 28 of the GDPR. Please click on the link below to read our note on both sets of model clauses.

    Read more
    • 01/06/2021
    • Articles

    Belgian DPA Approves First European Code of Conduct

    On 20 May 2021, the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données – the DPA) approved the first transnational code of conduct to be adopted within the European Union since the entry into force of General Data Protection Regulation (EU) 2016/679 (the GDPR). The “EU Data Protection Code of Conduct for Cloud Service Providers” (the EU Cloud CoC) aims to establish good data protection practices for cloud service providers and wishes to contribute to a better protection of personal data processed in the cloud in Europe. One day earlier, on 19 May 2021, the European Data Protection Board issued a favourable opinion, allowing the DPA to approve the first transnational code of conduct. In its approval decision, the DPA underlines the importance of codes of conduct as voluntary accountability tools to tailor data protection rules to the specificities of a sector. By adhering to the code, companies will ensure that data handling is in line with the GDPR. Adherence to the EU Cloud CoC is also achievable for small and medium enterprises that are active in this sector. Please click below to read our note on the Code of Conduct.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *