Tanguy Van Overstraeten
Partner, Head of Digital, Data & Cyber Law
d: +32 (0)2 790 49 00
m: +32 (0)478 401 569
Email Tanguy Van Overstraeten
Download VCard
Areas of expertise
Industries
Languages
French
English
Dutch (passive knowledge)
Japanese (conversational)
Tanguy heads our Digital, Data & Cyber Law practice. He is a prominent legal practitioner, with over three decades’ experience of advising multinationals on a wide range of contentious and non-contentious matters involving data protection/privacy, information technology, cyber security and telecommunications.

His particular areas of expertise include GDPR compliance strategies and broader information governance, IT procurement and outsourcing, digital transformation projects, data breach-related crisis management, telecoms infrastructure deals as well as AI and new technologies. He regularly advises clients on the business implications of EU digital legislation, such as the AI Act, the Data Act, NIS2 and DORA. He also has significant M&A and pharmaceutical regulatory experience.

With a background in broader corporate and commercial law, Tanguy has a strong transactional focus to his practice and regularly works with M&A, projects and other specialist colleagues on large-scale strategic transactions across industry sectors.

Tanguy has been an active member of the international data privacy community for the past two decades. He has been selected by the European Commission to be a member of its Multistakeholder expert group to support the application of the GDPR (his initial mandate has been renewed).

He has been Data Protection Lead of the Digital Economy Committee of the American Chamber of Commerce to the European Union (where he previously served as Board member) and a former member of the International Association of Privacy Professionals (IAPP) European Advisory Board and chair of the KnowledgeNet in Brussels.

In 2025, he was named an IAPP Emeritus Fellow in recognition of his contributions. He is also Vice-President of the Belgium-Japan Association & Chamber of Commerce and was awarded the Japanese Order of the Rising Sun, Gold Rays with Rosette, for his work on Japan-Belgium economic relations.

Tanguy was previously a partner, heading the global Privacy and Data Protection practice and the Brussels TMT practice, at a leading international firm. He also chaired the firm’s Data Protection Executive Board and contributed to its AI Steering Committee.

Contact Tanguy Van Overstraeten
He truly thinks outside the box and consistently strives to find innovative solutions.
Client, Chambers

Representative matters

  1. Banks, insurance companies and asset management players, in relation to their digital transformation, from the RFP to the conclusion of their contracts with IT service providers, in Belgium and abroad.
  2. An energy producer, in relation to its data protection compliance and its dealings with the Belgian data protection authority.
  3. A global automation manufacturer headquartered in Japan in relation to a strategic data protection project (ROPA) and other privacy related projects.
  4. An energy distributor in Belgium, in relation to the selection of an IT service provider and the negotiation and conclusion of an IT service agreement as part of its digital transformation and the need to transition to a new energy data management model.
  5. A Japanese multinational client, in relation to the data protection aspects of its global corporate restructuring.
  6. Several multinationals in various sectors (IT related B2B and retail, airfreight, mobile telecommunications and automotive) in relation to cyber-attacks and other cyber related incidents. This included the regulatory aspects, such as notifications to the relevant authorities, the market, the persons affected by the incidents, and the coordination with consultants (document management, forensic, communication).
  7. Several companies with global reach (in the tech, retail, manufacturing and financial sectors) in relation to their strategy relating to the implementation of the newly approved EU digital package, including the Data Act, the AI Act and NIS2.

Pro bono

Assisting several non-profit associations (including Unicef and the Jesuit Refugee Service Belgium) in relation to their GDPR compliance

Professional

  1. Admitted to Brussels Bar, 1 September 1987

Academic

  1. LL.M, University of Chicago, 1991
  2. Fellow of the Belgian American Educational Foundation (BAEF), 1990
  3. Licencié en droit, ULB, Free University of Brussels, 1987 (summa cum laude)
  1. Member of the Multistakeholder Expert Group to support the application of Regulation (EU) 2016/679 of the European Commission
  2. Vice-Chair and Director of the Belgium-Japan Association and Chamber of Commerce (BJA) and Chair of its Executive Committee
  3. Former Board Member and Data Protection Lead of the Digital Economy Committee of the American Chamber of Commerce to the European Union 
  4. Member of the Editorial Board of the Global Privacy Law Review (Kluwer) and Country correspondent for the Computer and Telecommunications Law Review
  5. Former lecturer at the Solvay Brussels School of Economics and Management
  6. Former member of the Advisory Committee of the data protection programme for the Solvay Business School
  1. Band 1, TMT: Data Protection, Chambers Europe 2024
  2. Band 2, TMT: Information Technology, Chambers Europe 2024
  3. Hall of Fame, Industry focus: IT and telecoms, Legal 500 2025
  4. Hall of Fame, EU regulatory: Privacy and data protection, Legal 500 2025
  5. Emeritus Fellow, The International Association of Privacy Professionals – awarded in 2025
  6. Order of the Rising Sun, Gold Rays with Rosette, awarded by the Government of Japan for contributions to the reinforcement of economic relations between Japan and Belgium
  1. European Privacy News, Global Privacy Law Review, Wolters Kluwer (February 2025): co-author
  2. Belgium Data Transfers, Guidance note, OneTrust DataGuidance, 29 January 2025 
  3. Data Act: unlocking the EU’s Data Economy, Thomson Reuters (Professional) UK Limited (December 2024): co-author
  4. EU AI Act compliance within the EU and beyond, Thomson Reuters (5 September 2024): co-author
  5. Decoding the Landmark EU AI Act, BJA Newsletter (29 May 2024): co-author
  6. US, EU Reach Preliminary Deal on Data Flows, Communications Daily, 28 March 2022: interview
  7. ‘There’s No Plan B’: Belgian GDPR Decision Threatens Internet as We Know It, Lawyers Say, Law.com (18 March 2022): interview

Speaking engagements

  1. The DPO Playbook: Mastering challenges with expert tactics, IAPP Europe, Data Protection Congress 2024, 20 November 2024 (speaker)
  2. AI presentation, AmCham EU, 18 July 2024 (speaker)
  3. Responsabilité des dirigeants en matière de cybersécurité, Canal Z podcast, 28 September 2023 (speaker)
  4. What can Europe and the US do to build closer ties through data?, AmCham panel, Brussels, 1 June 2023 (moderator)
  5. Lutte contre le blanchiment, Abilways conference, Brussels, 22 May 2023 (speaker)
  6. Everything you always wanted to know about data transfer but were afraid to ask, IAPP Global Privacy Summit, Washington, 4 April 2023 (speaker)
  7. EU Strategy for Data’s DGA, DSA, DMA, NIS2, IAPP Europe, Data Protection Congress, 16 November 2022 (speaker)

News & insights

6 min
read
Briefings
Binding Decisions of European Data Protection Board Can Be Challenged Before EU Courts, CJEU Rules
16 February 2026
Download PDF
7 min
read
Newsletters
VBB on Belgian Business Law, Volume 2026, No. 1
16 February 2026
Read more
1 min
read
Events
VBB Head of Digital, data & cyber law Tanguy Van Overstraeten speaks at Drew & Napier seminar on managing legal risk in 2026
22 January 2026
Read more