Eliëtte advises national and international clients, from multinational companies to public organisations in complex privacy matters, GDPR compliance projects and acts as an external DPO. She is also an experienced litigator in cases concerning IT, IP and freedom of expression. Her professional focus lies in working in the legal field of technology and data. She provides strategic, risk-based, practical and to-the-point advice.
Before founding The Data Lawyers in May 2020, Eliëtte worked as an IT and privacy lawyer at the international law firm AKD for over 10 years (2009-2019) and her own independent firm (2019-2020). She became interested in the concept of privacy and its effects on society during her studies at the Social Science Department of the University of Nijmegen and has been passionate about privacy law ever since. Eliëtte also holds a Master of Law degree from the University of Amsterdam and finished the post-academic degree at the Grotius Academy (Information Technology Law). She also obtained the CIPP/E credentials from the IAPP.
Eliëtte has a strong international network in IT and data protection law as well as in other legal fields. She is an active member of the International Association of Privacy Professionals (IAPP), currently acting as one of the members of the European Advisory Board.
Public speaker and writer
Eliëtte is a frequent speaker at conferences and seminars. She also gives guest lectures and courses for both private training institutions and clients. She publishes frequently and is a permanent contributor to the Dutch journals on internet law (Tijdschrift voor Internetrecht) and Computer Law (Computerrecht).
Eliëtte is also a member of various Dutch law associations. She has been admitted as a member of the Association of Privacy Lawyers (Vereniging Privacyrecht Advocaten). It is only open to members specialised - demonstrably and extensively - in the field of privacy law. Her other memberships include the Association for Privacy Law (VPR) and the Netherlands Association for Information Technology and Law (NVvIR).
Eliëtte Vaal will teach a half day course for Berghauser Pont Academy on video surveillance under the GDPR on 28 September (in Dutch).
Eliëtte Vaal is one of the speakers in a session on 15 June during the IAPP Data Protection Intensive: Nederland 2023. The session's will be on data breach law enforcement and on the latest developments regarding rules and policies on sanctions of the Dutch Data Protection Authority and how they interact with the EDPB guidelines. (in Dutch)
The GDPR requires that organizations ensure the autonomous position of their DPO. In practice, however, this is not always the case. This year the autonomy of the DPO will come under closer scrutiny from the European regulatory authorities. Eliëtte Vaal has published a blog on Data & Privacyweb (in Dutch) where she explains.
On 6 December Eliëtte Vaal will moderate an IAPP Knowledgenet Chapter meeting on the role and the position of the DPO. (Dutch only)
Eliëtte Vaal gave a workshop session on workplace privacy and employee monitoring, both at the workplace and remote, during the practical day of the Outvie Data Protection and Privacy Conference on 6 and 7 October in Amsterdam. (Dutch only)
Eliëtte Vaal will give a joint master class on international data transfers during the first annual IAPP Data Protection Intensive Netherlands in The Hague on 8 June. This event will feature parallel sessions in English and Dutch.
Eliëtte Vaal has been invited to speak at Emerce Digital Marketing Live!, an event for digital marketing and online media professionals in the Beurs van Berlage in Amsterdam on 2 June. Eliëtte will host a panel on the post-cookie era of online marketing.
Eliëtte Vaal has been invited to speak during the seminar "Artificial Intelligence in Practice", organized by ITenRecht.nl in joint collaboration with DCSP Magazine, which will be held on 19 April 2022 (Dutch only).
The 10th annual edition of the IAPP Europe Data Protection Conference in Brussels featured a session with Eliëtte Vaal and Vonne Laan of The Data Lawyers, on the One-Stop-Shop Mechanism (OSS) under the GDPR. The application of the OSS in practice has been met with some resistance and its scope seems unclear. This session aimed to bring more conceptual clarity and practical guidance.
Eliëtte Vaal gave a workshop on the role and responsibilities of the Data Protection Officer during the Kennismarkt Data&Privacyweb 2021.