Overview

Thibaut D’hulst focuses on intellectual property law, new technologies, data protection, pharmaceutical law and competition law.

Thibaut regularly advises clients on all aspects of intellectual property law. His experience ranges from advising on strategies to protect trademarks, databases and other intellectual property to litigation, including patent validity and enforcement cases. He also regularly assists clients in new technology projects in relation to compliance with intellectual property, data protection and/or pharmaceutical laws. 

In addition, Thibaut is a certified Data Protection Officer and assists clients in complying with EU and Belgian data protection rules by conducting data protection audits, drafting company policies, information clauses and processor agreements on data protection, filing notifications, assisting clients in procedures before data protection authorities and advising on the international transfer of personal data.

In the field of competition law, Thibaut’s experience includes compliance training, assisting clients during and after dawn raids, advising on data protection aspects of competition procedures and on litigation concerning damages proceedings.

Languages

Dutch, English, French, German

Recommendations

  • Chambers Europe - Data Protection (Associates to watch)

Education

  • Queen Mary, University of London, LL.M. in Intellectual Property Law, 2006

  • University of Leuven, Postgraduate degree in Business Economics, 2005

  • University of Leuven, Master of Laws, 2004

  • University of Namur, Bachelor of Law, 2001


Bar Admission

Brussels

Publications and insights

Sign up for updates
    • 14/01/2020
    • Articles

    Advocate General Confirms Validity of EU Standard Contractual Clauses

    Advocate General Henrik Saugmandsgaard Øe recently delivered his opinion in the Facebook Ireland and Schrems case, (also known as the Schrems II case). The Advocate General states that the validity of the Commission Decision approving standard contractual clauses for the transfer of personal data (SCCs) cannot be called into question. At the same time, the Advocate General indicated that controllers and supervisory authorities have an obligation to suspend transfers on the basis of SCCs if the obligations contained in the clauses cannot be guaranteed under the laws of the data importer. Please click below for a short client memorandum on these guidelines.

    Read more
    • 30/12/2019
    • Articles

    Brexit’s Implications for Data Protection in 8 Questions

    The UK is set to leave the EU on 31 January 2019. As the EU and the UK prepare for Brexit, companies should too. Brexit continues to raise many legal questions and uncertainties, not the least for the protection of personal data which flows between the UK and the rest of Europe. Will organisations in the UK still have to comply with the General Data Protection Regulation (GDPR)? Can they still transfer personal data to the EU? Will they need to appoint a representative in the EU? And what will happen with the one-stop-shop? On the basis of eight frequently asked questions, we provide an overview of issues to consider and steps to take to start preparing now in order to be ready for Brexit. Please find enclosed our memorandum on the topic.

    Read more
    • 03/12/2019
    • Articles

    EDPB Guidelines on Data Protection by Design and by Default

    On 13 November 2019, the European Data Protection Board (EDPB) published draft guidelines (the Guidelines) on the principle of “Data Protection by Design and by Default” set out under Article 25 of the General Data Protection Regulation (GDPR). The Guidelines explain how controllers must ensure that they effectively implement the “data protection principles and data subjects’ rights and freedoms by design and by default” during the design and life cycle of processing activities. The EDPB underlines that Data Protection by Design and Default is a requirement for all controllers, independent of their size. The examples contained in the Guidelines illustrate the broad range of processing activities to which this principle applies: from setting up membership administration to buying customer relationship management (CRM) software; designing online order forms; improving effectiveness of deliveries (through tracking employees); deciding on loan applications as a financial institution; or using artificial intelligence to profile customers. However, the complexity of implementing this principle will vary based on the individual processing operation. In this regard, the principle of Data Protection by Design and Default is coherent with the “risk-based approach” underlying the GDPR. Please click below for a short client memorandum on these guidelines.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *