Photograph of Maarten Stassen View LinkedIn page Download V-card

Maarten Stassen

Phone: +
7, Rue Joseph Stevens
Brussels B - 1000

Maarten Stassen is a partner in the Brussels office of Crowell & Moring, where he is a member of the firm's Privacy & Cybersecurity Group. His practice focuses on privacy and data protection, including the General Data Protection Regulation (GDPR) and cross-border data transfers solutions, as well as on the legal and operational aspects of the digital ecosystem, including Internet of Things (IoT), MedTech, and upcoming technologies such as Distributed Ledger Technology (e.g. Blockchain).

Maarten was named a “Next Generation Partner” in EU Regulatory: Privacy and Data Protection by Legal500. He was described as “very experienced in privacy” and a “name to note” in the Belgian IT & Telecoms industry.

Before joining Crowell & Moring, Maarten was a director in Deloitte’s Cyber practice, as well as the Faculty Leader of the European Privacy Academy. He has been focusing on privacy and data protection law for many years, first as a lawyer in both Spain and Belgium, and later as European Privacy Officer of an international health insurance company.

Characterized by his entrepreneurial spirit and drive to provide client-specific, business-focused, practical and pragmatic advice, Maarten has extensive experience advising a wide range of private organizations and public sector entities on national and international privacy and data-protection-related matters. Clients include household names in the automotive, MedTech, transportation, financial services, life sciences, and retail sectors.

Maarten has both a Belgian and a Spanish law degree. His international experience helps to provide a different point of view for his clients. Maarten is fluent in Dutch, English, French, Spanish, and Catalan.

Maarten is Vice-Chair of the American Bar Association (ABA) Privacy and Computer Crime Committee (Science & Technology Law Section) and Co-Chair of the Brussels KnowledgeNet of the International Association of Privacy Professionals (IAPP), as well as a former member of its European Advisory Board. He teaches at the Data Protection Institute and is a frequently asked speaker at privacy and data protection events.

Being a practitioner in matters of blockchain, Maarten is part of the Beltug Blockchain Task Force which meets, discusses, and makes suggestions and recommendations to Beltug regarding issues, activities, and lobbying efforts that can be undertaken in the area of blockchain. Topics can extend beyond the national borders of Belgium.

Representative Matters

  • Advised several national and international companies on how to prepare in a practical, pragmatic, and legally compliant manner for the General Data Protection Regulation (GDPR). Clients include European and Asian car manufacturers, a major international player in the beverage industry, as well as several leaders in the MedTech and retail industry. 
  • Advised several international companies, including leaders in the travel and leisure industry, on international data transfer mechanisms such as Binding Corporate Rules and standard contractual clauses, which included the review, drafting, and submission of the corresponding legal documents. 
  • Lead a team that carried out Binding Corporate Rules on-site audits on a worldwide scale and advised on the different legal and operational aspects of such a program. 
  • Advised a U.S.-based international leader in the food industry on the implementation of a global privacy program. 
  • Advised a global fashion company on the implementation of a global privacy program.
  • Advised several international players in the financial services industry on compliance with privacy and data protection matters.
  • Advised several start-ups on building their business case in a privacy and data protection-compliant manner. 
  • Advised on the privacy and data protection-related aspects of upcoming technologies such as Blockchain. 
  • With his experience in the new European data protection framework, lead several GDPR readiness assessment projects at companies of different sizes and industries, allowing organizations to take informed and risk-based decisions and guiding them through the change process towards practical and pragmatic compliance with the new GDPR requirements.
  • Apart from teaching frequently on the subject and chairing and facilitating half-day IAPP workshops on Data Protection Impact Assessments (DPIAs), Maarten has the practical experience of carrying out DPIAs for several clients. The focus of the assessments is to limit the likelihood of any data breach or privacy-intrusive operation and to implement the “Privacy by Design” concept in a business-focused, effective, and legally compliant manner. 
  • As the Faculty Leader, speaker, and facilitator at the European Privacy Academy, Maarten has been teaching for several years on various privacy-related topics, including Privacy by Design, Privacy Impact Assessments, breach notification, privacy vs. security, HR-related topics, etc. 
  • As European Privacy Officer of a major international health insurance company, Maarten was in charge of implementing its global privacy program in the European divisions.


  • Universitat Pompeu Fabra, Barcelona, Spain
  • Catholic University of Leuven, J.D., cum laude


Admitted to practice: in Belgium and before the European Court

Other Affiliations

  • American Bar Association (ABA), Privacy and Computer Crime Committee (Science & Technology Law Section), Vice-Chair
  • Member Beltug Blockchain Task Force
  • European Advisory Board, International Association of Privacy Professionals (IAPP), 2014 – 2016
  • IAPP KnowledgeNet Brussels, Co-Chair
  • IAPP - Certified Information Privacy Professional/Europe (CIPP/E)
  • IAPP - Certified Information Privacy Manager (CIPM)

View More

"Privacy Shield Invalidated: EU Data Transfers to the U.S. under Siege (again…)," (July 16, 2020). Contacts: Jeffrey L. Poston, Maarten Stassen, Jeane A. Thomas, CIPP/E, Frederik Van Remoortel, Jarno Vanto, Laurence Winston, Lee Matheson, CIPP/US/E/A, CIPM, PCIP, Robert Holleyman
Client Alert / Newsletter
Legal 500 EMEA Recommends Crowell & Moring in 11 Practice Areas and Recognizes 13 Lawyers (Apr.27.2020)
Firm News / Announcement
"Discussie over zogenaamde corona-apps: méér Big Brother a.u.b.," VRT (April 22, 2020). Author: Maarten Stassen
Don't Count On European Regulators To Relax Rules During Coronavirus Crisis Compliance Week (April 16, 2020)
Media Mentions
"Autonomous vehicles: Driving regulatory and liability challenges," Automotive World (April 7, 2020). Authors: Rebecca Baden Chaney, Evan Y. Chuck, and Maarten Stassen.
"Europe organisations working from home during coronavirus must ensure appropriate security measures," OneTrust DataGuidance (April 2, 2020). Co-Author: Maarten Stassen.
"Morrisons Supermarket Not Liable for Employee’s Data Breach," International Dispute Resolution Alert (April 1, 2020). Contacts: Nicola Phillips, Maarten Stassen, Robert Weekes, Laurence Winston, John Laird
Client Alert / Newsletter
App Offers $1M Bounty For Proof Of Alleged Hacking Smear Campaign Compliance Week (March 31, 2020)
Media Mentions
Vous travaillez à domicile? Les cybercriminels adorent ça! La Libre Belgique (March 25, 2020)
Media Mentions
Vous travaillez à domicile? Les cybercriminels adorent ça! La Dernière Heure (March 25, 2020)
Media Mentions

For all Highlights, News & Knowledge, please click here to view desktop bio.

Crowell & Moring LLP is an international law firm with more than 500 lawyers representing clients in litigation and arbitration, regulatory, and transactional matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation, as well as its ongoing commitment to pro bono service and diversity. The firm has offices in Washington, DC, New York, Los Angeles, San Francisco, Orange County, London, and Brussels.

View Desktop Site | Mobile Sitemap

Contact | Subscribe | Terms of Use | Privacy Statement | Alumni

© Crowell & Moring LLP 2020
Attorney advertising - prior results do not guarantee a similar outcome.