Home / People / Tom De Cordier
Portrait ofTom De Cordier

Tom De Cordier

Partner

CMS DeBacker
Chaussée de La Hulpe 178
1170 Brussels
Belgium
Languages Dutch, French, English

Tom is a seasoned technology lawyer with a strong focus on data privacy law, technology, media and communications law, technology-related IP and life sciences. Clients praise him for his commercial acumen and his pragmatic and down-to-earth style. 

His practice covers a wide range of advisory, transactional and litigation work in international and domestic matters relating to data privacy, TMC and life sciences. Tom has experience in:

  • Data protection - Tom regularly assists clients in domestic and multi-jurisdictional privacy compliance projects. He advises clients on all aspects of data protection compliance, including data protection policies and procedures, the use of data in the provision of consumer and business products, big data, responding to data subject access requests, cross-border data transfers, cloud computing, data security breaches, transfers of data to regulators, data privacy in life sciences, the use of data in customer relationship management systems and processes, employee monitoring and website compliance issues, BYOD, whistleblowing hotlines, fintech, data privacy litigation, etc.
  • IT transactions including IT sourcing projects; cloud projects; digital transformation projects; etc.
  • IT advisory work (eg. advising on legal aspects of digital disruption, e-archiving, electronic signatures, etc.)
  • Legal aspects of e-commerce (eg. advising on how to ensure that websites comply with e-commerce laws and regulations; drafting or reviewing website policies, online privacy policies; etc.)
  • Network & information security (eg. advising clients on cyber security requirements and risks; etc.)
  • Telecom & media regulatory matters including pre-contentious and contentious regulatory work (eg. assisting telecoms clients in their dealings with the regulatory authorities; representing clients in court proceedings regarding telecoms regulatory disputes; etc.)
  • IP transactional work (eg. drafting and negotiating cross-border patent & know-how license agreements; drafting and negotiating complex R&D agreements; drafting and negotiating IP assignment agreements; drafting and negotiating IP reps & warranties; etc.)

Tom is perfectly trilingual.

Tom is ranked tier 1 in Legal 500’s latest shortlist of leading practitioners in EU data protection. Chambers Europe ranks Tom as “Up and coming” in the category Technology, Media & Telecommunications in Belgium. Corporate International Magazine recently recommended Tom as “rising star of the year in Belgium” for telecommunications law.

Tom frequently speaks at conferences and seminars on technology-related and privacy-related topics. He is also frequently asked by the international press to share his views on recent trends and developments in this area. Recent examples include: 

  • Financial Times (13 September 2020): Data privacy expert, Tom De Cordier comments in Financial Times on the concerns of EU companies seeking guidance on data transfers to the US after the recent ECJ ruling on the Privacy Shield. Read more here
  • SC Media (17 August 2020): Data protection expert, Tom De Cordier, discusses the challenge businesses face after the recent invalidation of the Privacy Shield. Read more here 
  • Euractive Digital Brief (25 June 2020): Tom has been quoted in the Euractive Digital Brief:'To GDPR or not?', about the review of the application of the GDPR across the EU. Read more here 
  • Computer Weekly (24 June 2020): data privacy expert, Tom De Cordier, comments on the effectiveness of the GDPR and on the role of technology in economic revival. Read more here
  • Bloomberg (2 June 2020): "Tech That Saves EU Firms From Covid-19 Could Kill Them in Court". Read more here
more less

"Tom De Cordier is a very impressive partner who has very deep knowledge in the areas of data protection and telecommunication in the EU and Belgium."

Feedback from a client - Legal 500, 2023

"Tom de Cordier and Deven Dobbelaere provide practical and down-to-earth advice and try to think broader than the privacy practice."

Feedback from a client - Legal 500, 2023

"Virginie Frémat, Julie De Pauw, and Tom De Cordier all have good work skills, get the work done (with no excuses), and are flexible in their way of working."

Feedback from a client - Legal 500, 2023

"broad experience, knowledge of the market, politeness and resourcefulness"

Feedback from a client - Chambers Europe, 2022

Feedback about Tom De Cordier: "I appreciate the down to earth approach, the willingness to underpin advice with context, and most of all willingness to listen, really listen to the points being raised, perhaps in defence of a different viewpoint."

Feedback from a client - Legal 500, 2022

Publications

  • DE CORDIER (T.), DUBUISSON (T.), DOBBELAERE (D.) and DE PAUW (V.), « With EU Cyber Resilience Act, EU gets tough on IoT supply chain cybersecurity », 13/12/23, available here
  • DE CORDIER (T.), HEREMANS (T.) and VAN LIEDEKERKE (D.), « International Digital Regulation Hub: Expert advice on navigating the Digital Regulation Tsunami », 07/12/2023, available here
  • DE CORDIER (T.), DUBUISSON (T.), “Règlement sur les données (Data Act) : Un pas décisif vers une société fondée sur les données”, Revue Expertises des systèmes d'information – Droit, technologies et prospectives, n° 494, October 2023, available here
  • DE CORDIER (T.), “La dimension juridique des cyberattaques : ce qu’il faut savoir en tant que juriste”, Jubel, 12/07/2023, available here
  • DE CORDIER (T.), DUBUISSON (T.), “Adequacy decision on EU-US Data Privacy Framework adopted”, 10/07/2023, available here
  • DE CORDIER (T.), DUBUISSON (T.), “The GDPR turns 5 | Europe-wide analysis reveals data protection fines totaling EUR 2.7 billion in over 1,500 cases”, 23/05/2023, available here
  • DE CORDIER (T.), DUBUISSON (T.), “The Belgian Whistleblowing Act enters into force. What do you need to know regarding data protection?”, 15/02/2023, available here
  • DE CORDIER (T.), DUBUISSON (T.), “Happy Data Protection Day! What’s on the horizon for 2023?”, 27/01/2023, available here
  • DE CORDIER (T.), DUBUISSON (T.), « Les cybercriminels vont-ils profiter du succès de ChatGPT pour tromper votre entreprise? », l’Echo, 23/01/2023, available here
  • DE CORDIER (T.), DUBUISSON (T.), « Quelle stratégie adopter face aux attaques par rançongiciel? », l’Echo, 11/01/2023, available here
  • DE CORDIER (T.), DUBUISSON (T.), “EU Cybersecurity Month: mobile devices can pose a risk to your business”, 20/10/2022, available here
  • DE CORDIER (T.), DUBUISSON (T.), “Another cookie enforcement case: Belgian privacy watchdog reconfirms cookie consent rules”, 31/01/2022, available here
  • DE CORDIER (T.), DUBUISSON (T.), “Éradiquer le fléau des ransomware en interdisant le paiement des rançons?”, l’Echo, 23/11/2021, available here
  • DE CORDIER (T.), DUBUISSON (T.), “EU Cybersecurity Month: Hybrid working makes phishing attacks harder to spot”, 13/10/2021, available here
  • DE CORDIER (T.), DUBUISSON (T.), “Summer legal recap of data protection law”, 3/09/2021, available upon registration here
  • DE CORDIER (T.), DUBUISSON (T.), “EU finally adopts new data transfer clauses”, 09/06/2021, available upon registration here
  • T. DE CORDIER, « Losgeld betalen verbieden is geen gouden oplossing in de strijd tegen ransomware-aanvallen”, Datanews, 02/12/2021.
  • T. DE CORDIER, « Eradiquer le fléau des ransomware en interdisant le paiement des rançons ? », L’Echo, 23/11/2021.
  • T. DE CORDIER, T. DUBUISSON &  J. VAN DAELE &, « EU Advocate-General opinion hints Europe’s top court is unlikely to disrupt international data flows in pending decision », 17/07/2020. 
  • T. DE CORDIER & T. DUBUISSON, «Deadline approaching for notifying CCTV cameras to Belgian police», 14/05/2020.
  • T. DE CORDIER & T. DUBUISSON, « EU Cybersecurity Month: When a simple phishing click can severely harm your company », 11/10/2019.
  • T. DE CORDIER & T. DUBUISSON, « Time to update your cookie consent and policy! CJEU says pre-ticked checkboxes are not valid », 02/10/2019.
  • T. DE CORDIER & T. DUBUISSON, « Using social plug-ins on your website? You and the social network will be jointly liable for the data processing »,  31/07/2019.
  • T. DE CORDIER & T. DUBUISSON, « First Belgian GDPR sanction: DPA fines mayor EUR 2,000 », 31/05/2019.
  • T. DE CORDIER & T. DUBUISSON, « EU Advocate General gives Internet cookie opinion that could impact data privacy regs »,  02/04/2019.
  • T. DE CORDIER, A-M. GORIS &  T. DUBUISSON, « Belgium's privacy watchdog publishes guidance on the notions of controller and processor », 17/01/2019.

 

more less

Lectures list

  • 26/05/2020: Webinar “Smart Contracts: From Clauses to Code”, with D. Dobbelaere & F. Dubois.
  • 11/06/2020: Webinar CMS “Digitalisation of the in-House legal team…and what it means for you”, with J. Challoner.
  • 09/09/2020: Webinar  “Law and Beyond - Digital Transformation: seizing the opportunity whilst avoiding the pitfalls” with S. Viaene & P. Coffyn.
  • 27/10/2020: Webinar “Joint CMS-Marsh webinar : “The Changing Face of Cyber Claims “, with A-S. Coppens.
  • 25/11/2020, Webinar “Data, Data, Data“.
more less

Education

  • 2000 - Bar admission (Brussels, Belgium)
  • 2000 - University of London - United Kingdom (LL.M. in Computers & Communications)
  • 1999 - University of Ghent, UGent - Belgium (Master of Laws)
more less
11/09/2023
Summer Snapshot: Tech and Data Highlights You Might Have Missed
Have you taken a break from your usual spot in front of the computer screen over the past few weeks? No worries, this article provides a succinct overview of the significant advancements in the world of technology and data that have transpired over t
10/07/2023
Adequacy Decision on EU-US Data Privacy Framework adopted
The European Commission has announced today 10 July 2023 the adoption of its "adequacy decision" on the EU - US Data Privacy Framework (“DPF") to allow EU-US data flows to businesses that will have...

Feed

12/03/2024
DGA: European data strategy for data intermediation services takes shape
Data intermediation services play a key role in the implementation of the European strategy for data. The DGA subjects these to regulation.In addition to the Data Act, the Data Governance Act (DGA), which...
11/03/2024
Looking ahead to the EU AI Act
Introduction The European Union is preparing for the imminent adoption of the world’s most significant legislation on Artificial Intelligence, solidifying its position as a pioneer among global legislators. This initiative aims to establish and reinforce the EU’s role as a premier hub for AI while ensuring that AI development remains focused on human-centered and trustworthy principles. To expedite the achievement of these goals, on 8 December 2023, after three days of debate, the European Parliament and the Council of the European Union finally reached a provisional agreement on the “Proposal for a Regulation laying down harmonised rules on artificial intelligence” (the so-called AI Act), which aims to ensure that AI systems placed on the European market are safe and respect the fundamental rights and values of the EU. Subsequent to this provisional agreement, technical refinement of the AI Act continued to finalise the regulation’s details and text. The final vote of the European Parliament on the AI Act will take place at 13 March 2024. Since the European Parliament's Committees on the Internal Market and Consumer Protection (IMCO) and on Civil Liberties, Justice and Home Affairs (LIBE) have endorsed overwhelmingly the proposed text, the approval of the European Parliament can be expected. After a long and complex journey that began in 2021 with the European Commission’s proposal of a draft AI Act, this new regulation is expected to be passed into law in spring 2024, once it has been approved by the European Parliament and the Council of the European Union . The AI Act aims to ensure that the marketing and use of AI systems and their outputs in the EU are consistent with fundamental rights under EU law, such as privacy, democracy, the rule of law and environmental sustainability. Adopting a dual approach, it outright prohibits AI systems deemed to pose unacceptable risks while imposing regulatory obligations on other AI systems and their outputs. The new regulation, which also aims to strike a fair balance between innovation and the protection of individuals, not only makes Europe a world leader in the regulation of this new technology, but also endeavours to create a legal framework that users of AI technologies will be able to comply with in order to make the most of this significant development opportunity. In this article we provide a first overview of the key points contained in the text of the AI Act1This article (including the relevant citations below) is based on the latest draft available on the Council’s website. The AI Act remains subject to possible further refinement, but not as regards content, and the text referred to for this article should be considered as the closest to the one that will be voted on by the EU Parliament. footnote that companies should be aware of in order to prepare for the implementing regulation.
08/01/2024
Adapting to the new EU Data Act: implications for medical devices and other...
In recent years, the European Commission developed a European data strategy, which aims to create a single European market in which data can circulate freely. As the European Commission has emphasized...
13/12/2023
With EU Cyber Resilience Act, EU gets tough on IoT supply chain cybersecurity
On 30 November 2023, the EU took a decisive step towards bolstering cybersecurity in the Internet of Things (IoT) supply chain by reaching a political agreement over the Cyber Resilience Act (CRA). ...
20/11/2023
Data protection and cybersecurity laws in Belgium
Data protection 1. Local data protection laws and scope General Data Protection Regulation n° 2016/679 (GDPR);Law of 30 July 2018 on the protection of natural persons with regard to the processing...
Comparable
26/10/2023
CMS Belgium advised Howden Belgium on the acquisition of WDR Insurance...
CMS Belgium played a crucial role in advising Howden Belgium's acquisition of WDR Insurance Group, specialist in property, casualty, and employee benefits, catering to a diverse clientele that includes...
11/09/2023
Webinar - The EU Data Act: What You Need to Know
On 27 June 2023, the EU reached an agreement on the new EU Data Act, a comprehensive new data legislation that will introduce far-reaching rules on access to and use of data in the EU. The EU Data Act aims to boost the EU's data economy by unlocking industrial data, optimizing its accessibility and use, and fostering a competitive and reliable European cloud market.
11/09/2023
Summer Snapshot: Tech and Data Highlights You Might Have Missed
Have you taken a break from your usual spot in front of the computer screen over the past few weeks? No worries, this article provides a succinct overview of the significant advancements in the world...
11/07/2023
EU reaches agreement on Data Act – Comprehensive EU data law is on the...
On 27 June 2023, the European Parliament and Council resolved the remaining open points and reached a political agreement on the EU Data Act, paving the way for a new law that will introduce comprehensive...
10/07/2023
Adequacy Decision on EU-US Data Privacy Framework adopted
The European Commission has announced today 10 July 2023 the adoption of its "adequacy decision" on the EU - US Data Privacy Framework (“DPF") to allow EU-US data flows to businesses that will have...
16/05/2023
CMS Belgium assisted a.s.r. in the set-up of a joint venture with Belfius'...
CMS Belgium assisted a.s.r., the third largest insurer in the Netherlands, in setting up a joint venture together with Belfius' insurance subsidiary. The joint venture involves the launch of the technology...
28/03/2023
European Parliament and Council ready to start negotiations on EU Data...
In February 2022 the European Commission presented its proposal for the EU Data Act, which – if adopted - will introduce a far-reaching legal regime on access to and use of non-personal data in the...