Nils Deschrijver
Data Protection Consultant | GDPR | DPIA | Privacy by Design & Default | Data Breaches • Legal Engineer
Jurist and ethical hacker from 🇧🇪 (NL/ENG). DPO-certified and digital architecture expert. Former lawyer and security consultant. Now freelancing, but also open to in-house roles.
Tulpenlaan 15, 2180 Antwerpen, België
BTW: BE 0839.88.36.06
Projects
Zelf-loodgieter.be: coded an e-commerce platform with integrated data analytics
Coded in Python using Flask-RESTX, SQLAlchemy, SendGrid, Mollie, and the Google Analytics Measurement Protocol. Deployed on a bare-metal VPS after configuring the system and setting up a database following star schema best practices.
Privacy by Design and by Default were central to this fully GDPR-compliant project. Web application and server security, as well as the drafting of legal compliance documentation, were handled in-house.
In collaboration with a Belgian building materials wholesaler and an Antwerp-based trade school.
Confidential: Coordinated Vulnerability Disclosures
Regularly identify security vulnerabilities in the wild, and then report them to the CCB/CERT and the responsible parties, under whistleblower protection legislation ('Klokkenluiderswet'), helping controllers patch their systems and properly secure personal data.
One such vulnerability, which exposed database records from dozens of companies, earned me a place in the Belgian Centre for Cybersecurity (CCB) Hall of Fame for cybersecurity researchers::
EP Votes: coded a mobile app to track plenary voting results
A light-weight but powerful office tool that searched for, read through and analysed scores of plenary voting results of the European Parliament. Coded in Python and Bash using regex, for usage in the EU bubble during COVID. The tool was able to source the voting results before they were officially published, using hacking enumeration techniques.
Education
Academy of European Law (ERA) | Certificates
2016 - 2016
Ghent University | Master of Laws
2009 - 2011
Ghent University | Bachelor of Laws
2006 - 2009
Work Experience
Self-employed | Legal Engineer
November 2024 - PresentAs a DPO-certified jurist, coder, and ethical hacker whose contributions were recently recognised by the Belgian Centre for Cybersecurity (CCB), I uniquely combine deep technical know-how with legal acumen, complemented by a strong foundation in data analytics and business intelligence.
While my core focus is GDPR, I have a strong grasp of the broader ecosystem of data privacy, IT law, and information security, with a thorough understanding of NIS2, familiarity with ISO 27001 and 27002, and professional experience with business continuity planning and drafting risk assessments.
I specialise in providing legal guidance on technical issues and in creating custom tech tools to support my legal practice, hence: 'legal engineering'.
You can turn to me for:
- HR-related questions on retention periods for resumes or handling sensitive data of candidates,
- Legal advice in the early stages of coding a tech solution as per the Privacy by Design and Default principles,
- Analysing your business and drafting a Register of Processing Activities as the basis for your policy documents, and internal and external communications,
- Drafting all compliance paperwork and business policies or processes, also to ensure these documents remain up to date,
- Developing custom tech tools, adapted to your internal working methods, to reduce friction by (semi-)automating these workflows,
- Advice on whether you need to comply with NIS2 and what obligations this entails,
- Advice on and implementation of the international ISO27001 or Belgian CyFun certification frameworks,
- .. and for much, much more.
My approach provides clients with a distinctive blend of compliance assurance, technical resilience, and advanced risk mitigation, all based on company insights.
Johnson & Johnson | Security Consultant
February 2022 - Augustus 2024Drafting security risk assessments on which the senior management relied to determine their (cyber)security posture in war zones or during crises. Bridged the gap between the legal, cybersecurity, and political affairs teams as the dedicated point-of-contact for the US headquarters.
In the lead for drafting and implementing JnJ's first global digital strategy, encompassing the creation of Python scripts and Power BI dashboards to collect, process, and visualise internal and external datasets, compliant with GDPR requirements.
Belgian Armed Forces | Security Consultant
September 2019 - September 2021Drafting security risk assessments in tandem with ADIV, the Belgian military intelligence service. Held a BE, EU, and NATO SECRET security clearance.
Completed specialised training at NATO School and the Belgian Intelligence and Security School in open-source intelligence (OSINT) collection and analysis, encompassing methodologies relevant to digital forensics, think: digital reconnaissance and fingerprinting.
European Parliament | Legal Advisor
November 2014 - May 2019Contributed to legislation within the Civil Liberties, Justice and Home Affairs Committee (LIBE), amending legislative texts and negotiating security-related files with the Commission, Parliament, and Council of Ministers during the period of GDPR legislative development, when data protection considerations were cemented in Europe's DNA.
Worked on a flagship project with emphasis on information exchange between European police and intelligence services.
Self-employed | Lawyer
September 2011 - November 2014Advised businesses on IT law compliance, including drafting End-User License Agreements (EULAs) and Software-as-a-Service (SaaS) agreements. Managed data breaches and cyber extortion by black hat hackers, including issuing takedown notices. Provided legal counsel on data-related matters, pre-dating GDPR, and other business topics, and represented businesses in court.
Head back to the top
© Nils Deschrijver 2025. Design: HTML5 UP. Theme: ezcv.
Privacy- en cookieverklaring.