Thibaut D’hulst focuses on intellectual property law, new technologies, data protection, pharmaceutical law and competition law.

Thibaut regularly advises clients on all aspects of intellectual property law. His experience ranges from advising on strategies to protect trademarks, databases and other intellectual property to litigation, including patent validity and enforcement cases. He also regularly assists clients in new technology projects in relation to compliance with intellectual property, data protection and/or pharmaceutical laws. 

In addition, Thibaut is a certified Data Protection Officer and assists clients in complying with EU and Belgian data protection rules by conducting data protection audits, drafting company policies, information clauses and processor agreements on data protection, filing notifications, assisting clients in procedures before data protection authorities and advising on the international transfer of personal data.

In the field of competition law, Thibaut’s experience includes compliance training, assisting clients during and after dawn raids, advising on data protection aspects of competition procedures and on litigation concerning damages proceedings.


Dutch, English, French, German


  • Chambers Europe - Data Protection (Associates to watch)


  • Queen Mary, University of London, LL.M. in Intellectual Property Law, 2006
  • University of Leuven, Postgraduate degree in Business Economics, 2005
  • University of Leuven, Master of Laws, 2004
  • University of Namur, Bachelor of Law, 2001

Bar Admission


Publications and insights

Sign up for updates
    • 02/07/2021
    • News

    EU Adequacy Decisions for EU-UK Personal Data Flows

    On 28 June 2021, the European Commission adopted two adequacy decisions for the transfer of personal data from the EU and EEA to the United Kingdom following the agreed post-Brexit transition period. The two adequacy decisions allow personal data transfers under: (i) the General Data Protection Regulation (GDPR); and (ii) the Law Enforcement Directive respectively. The decisions came days before the transitional agreement under the EU-UK Cooperation Agreement was set to expire on 30 June 2021 and ensure that personal data can be transferred freely from the EU/EEA to the UK for the next four years. Following its thorough assessment of the UK’s practice on the protection of personal data including rules on the access to data by public authorities, the Commission came to the decision that the UK’s data protection system continues to be based on the same rules that were applicable while the UK was still a Member State of the EU. The Commission’s decision means that the UK’s data protection standards are considered “adequate”, pursuant to Article 45 of the GDPR. Please click on the link below to read our note on the subject.

    Read more
    • 23/06/2021
    • News

    CJEU Clarifies When Supervisory Authorities Can Derogate from One-Stop-Shop

    In a judgment rendered on 15 June 2021, the Court of Justice of the European Union (CJEU) provides important clarifications on the functioning of the “one-stop-shop” mechanism under the GDPR and the possibility for national supervisory authorities to bring court proceedings outside this mechanism. In its judgment, the CJEU explains when national supervisory authorities which are not the lead authority can initiate such proceedings against controllers in their own territory. Please click on the link below to read our note on the subject.

    Read more
    • 16/06/2021
    • Articles

    Commission Adopts Model Clauses for International Transfers and Processor Agreements

    On 4 June 2021, the European Commission published two Implementing Decisions with model clauses to comply with the General Data Protection Regulation (EU) 2016/679 (the GDPR). The first decision is likely to have a more significant impact than the second for many organisations. The European Commission adopted new standard contractual clauses for the transfer of personal data to third countries outside the EU/EEA (the Transfer SCCs). Compared to the current SCCs, the new Transfer SCCs provide more flexibility in the situations that they cover and the parties that are covered by the clauses. In addition, the new Transfer SCCs provide more legal certainty in view of the recent case law of the Court of Justice of the European Union, including the Schrems II case. Organisations that rely on older versions of the SCCs for their international transfers now have 18 months to replace these with the new Transfer SCCs (or other measures that are permitted under the GDPR). The second decision contains a set of model clauses that can be used between controllers and processors (the Processor Clauses). In particular, Article 28 of the GDPR requires data controllers to put in place a data processing agreement (or other legal act) when outsourcing data processing activities to a data processor, and sets forth the data protection obligations that must be covered by such data processing agreement. The use of the Processor Clauses is optional and organisations can still continue to use their own processor agreements, provided that these comply with Article 28 of the GDPR. Please click on the link below to read our note on both sets of model clauses.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *