Laura Brodahl
Of Counsel
-
Laura is a frequent contributor to The WSGR Data Advisor
Wilson Sonsini’s Data Advisor is your source for privacy news and insights, brought to you by our global data, privacy, and cybersecurity team. Visit wsgrdataadvisor.com and subscribe to stay connected.
Laura Brodahl is Of Counsel in the EU data regulatory practice of Wilson Sonsini Goodrich & Rosati. Based in Brussels, she specializes in advising clients on digital regulatory issues, including under:
- The General Data Protection Regulation (GDPR) and E-Privacy rules
- The Digital Operational Resilience Act (DORA) and NIS2 Directive
- The Artificial Intelligence Act (AI Act)
- The Digital Service Act (DSA)
- The Data Act (DA)
Laura regularly provides strategic and practical guidance to start-ups and international organizations, specializing in all-around counselling to data driven sectors and interactions with data protection authorities. Some of her projects include:
- Responding to regulatory investigations, market sweeps and requests from, and claims by, individuals or third parties;
- Preparing EU and UK binding corporate rules for regulatory (re-)approval;
- Counseling on lawfully deploying new technologies, including AI driven tech;
- Designing and coordinating the implementation of compliance, data governance, and related assurance programs (such as the design and optimization of privacy controls and related audit frameworks);
- Negotiating data related agreements;
- Presenting to executives, delivering on-site training and workshops on data regulatory matters; and
- Supporting clients in assessing and addressing legislative proposals, such as the Open Finance framework and the EU’s cybersecurity initiatives.
Laura prides herself on having a true passion for her practice. She has considerable experience advising on cutting-edge technologies, including in FinTech, data analytics, machine learning and AI, autonomous vehicles, and biometrics. She was lauded in the Legal 500 as standing out “for her advice on matters relating to innovation technology.” Additionally, the International Association of Privacy Professionals (IAPP) has designated Laura as a Certified Information Privacy Professional (CIPP/E certification).
Laura’s multifaceted experience makes her a valuable resource in navigating the complexities of data regulatory landscape in the EU.
Prior to joining the firm, Laura worked on privacy and data protection matters as an associate at the partner law firm of PwC and as a trainee with Crowell & Moring and time.lex.
In addition to Dutch, Laura is fluent in English and French, and familiar with German.
Experience
Laura Brodahl is Of Counsel in the EU data regulatory practice of Wilson Sonsini Goodrich & Rosati. Based in Brussels, she specializes in advising clients on digital regulatory issues, including under:
- The General Data Protection Regulation (GDPR) and E-Privacy rules
- The Digital Operational Resilience Act (DORA) and NIS2 Directive
- The Artificial Intelligence Act (AI Act)
- The Digital Service Act (DSA)
- The Data Act (DA)
Laura regularly provides strategic and practical guidance to start-ups and international organizations, specializing in all-around counselling to data driven sectors and interactions with data protection authorities. Some of her projects include:
- Responding to regulatory investigations, market sweeps and requests from, and claims by, individuals or third parties;
- Preparing EU and UK binding corporate rules for regulatory (re-)approval;
- Counseling on lawfully deploying new technologies, including AI driven tech;
- Designing and coordinating the implementation of compliance, data governance, and related assurance programs (such as the design and optimization of privacy controls and related audit frameworks);
- Negotiating data related agreements;
- Presenting to executives, delivering on-site training and workshops on data regulatory matters; and
- Supporting clients in assessing and addressing legislative proposals, such as the Open Finance framework and the EU’s cybersecurity initiatives.
Laura prides herself on having a true passion for her practice. She has considerable experience advising on cutting-edge technologies, including in FinTech, data analytics, machine learning and AI, autonomous vehicles, and biometrics. She was lauded in the Legal 500 as standing out “for her advice on matters relating to innovation technology.” Additionally, the International Association of Privacy Professionals (IAPP) has designated Laura as a Certified Information Privacy Professional (CIPP/E certification).
Laura’s multifaceted experience makes her a valuable resource in navigating the complexities of data regulatory landscape in the EU.
Prior to joining the firm, Laura worked on privacy and data protection matters as an associate at the partner law firm of PwC and as a trainee with Crowell & Moring and time.lex.
In addition to Dutch, Laura is fluent in English and French, and familiar with German.
Education
- LL.M., Data Protection—ICT and IP Law, University of Leuven, campus Brussels, 2016Cum Laude
- Master in Law, University of Leuven, 2014
Associations and Memberships
- Member, IAPP and holder of CIPP/E certification
- Member, European Law Students Association Alumni
- Member, Studiecentrum voor automatische gegevensverwerking (SAI)
Honors
- Named to the 2026 “Incident Response Elite” by Cybersecurity Docket
- Named finalist in the “Rising Star: Large Company” category for the PICCASO Awards Europe 2025
- Recommended in the 2021 and 2022 editions of The Legal 500 Europe, Privacy & Data Protection
Admissions
- Brussels Bar
Credentials
Education
- LL.M., Data Protection—ICT and IP Law, University of Leuven, campus Brussels, 2016Cum Laude
- Master in Law, University of Leuven, 2014
Associations and Memberships
- Member, IAPP and holder of CIPP/E certification
- Member, European Law Students Association Alumni
- Member, Studiecentrum voor automatische gegevensverwerking (SAI)
Honors
- Named to the 2026 “Incident Response Elite” by Cybersecurity Docket
- Named finalist in the “Rising Star: Large Company” category for the PICCASO Awards Europe 2025
- Recommended in the 2021 and 2022 editions of The Legal 500 Europe, Privacy & Data Protection
Admissions
- Brussels Bar
Select Publications
- Co-author, “EU Data Act Enters into Force,” Wilson Sonsini Alert, September 15, 2025
-
Co-author, “EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement,” Wilson Sonsini Alert, June 17, 2025
- Co-author, “EU Data Act Imposes New Data Sharing Obligations,” Wilson Sonsini Alert, March 25, 2025
- Co-author with C. Burton and H. Watson, “The GDPR: The Good, the Bad, the Ugly,” TechREG Chronicle – Digital Privacy, November 27, 2024
- “New EU Cybersecurity Obligations for Connected Devices: What You Need to Know,” The WSGR Data Advisor, October 31, 2024
- “Regulators in Europe Signal Increased Scrutiny of Online Platforms,” The WSGR Data Advisor, October 21, 2024
- “Cybersecurity: A Critical Element in Your 2025 Business Forecast,” The WSGR Data Advisor, September 30, 2024
- “Weaponization of Data Subject Access Requests in the EU,” The WSGR Data Advisor, November 28, 2023
- “Global Regulators Highlight Potential Harms of Data Scraping and Best Practices,” The WSGR Data Advisor, September 13, 2023
- “Missteps in Mixing EU Data Protection and Competition Law: A Call for Boundaries,” The WSGR Data Advisor, September 5, 2023
- “European Commission Proposes New Rules on Financial Data Access and Use,” Wilson Sonsini Alert, July 6, 2023
- “Europe Prepares for a New Era in AI Regulation,” Wilson Sonsini Alert, June 15, 2023
- “Belgian Implementation of the GDPR,” Thomson Reuters Practical Law Data Privacy & Cybersecurity, April 24, 2023
- “New Draft Guidance on Binding Corporate Rules for Controllers,” The WSGR Data Advisor, December 19, 2022
- “Interplay between the EU Clinical Trials Regulation and the GDPR,” Privacy Laws & Business, March 2022
- "Belgian DPA Finds That IAB Europe’s Cookie Consent Framework Violates the GDPR," Wilson Sonsini Alert, February 8, 2022
- “Belgian Implementation of the GDPR,” Thomson Reuters Data Privacy Advisor, November 2021
- “EU Commission Publishes Template Data Processing Agreement,” The WSGR Data Advisor, June 18, 2021
- “The e-Privacy Regulation: Where are we heading? Changes to cookie consent and cookie walls are to be watched carefully,” Privacy Laws & Business, June 2021
- “A New Data Transfer Mechanism Is Available for EU Personal Data,” The WSGR Data Advisor, June 4, 2021
- “Locatefamily.com Fined EUR 525,000 for Failure to Appoint an EU Representative,” The WSGR Data Advisor, June 3, 2021
- “Schrems II: biedt de EDPB raad? Toelichting bij de aanbevelingen van de EDPB met betrekking tot internationale gegevensdoorgiftes,” Tijdschrift Privacy & Persoonsgegevens, nr. 2021/1
- “Draft EDPB Guidelines Clarify the Roles of Parties Processing Personal Data and Call for Detailed Data Processing Agreements,” The WSGR Data Advisor, September 24, 2020
- “Belgian implementation of the GDPR,” Practical Law Data Privacy Advisor, August 31, 2020
- “CJEU Advocate General Confirms Validity of EU Data Transfer Tools,” The WSGR Data Advisor, February 5, 2020
- “UK’s Age Appropriate Design Code Pending,” The WSGR Data Advisor, November 1, 2019
- “Belgian Facebook Case Referred to the European Court of Justice,” The WSGR Data Advisor, May 13, 2019
- “WSGR Event Recap: The State of Play in European Data Protection Law,” The WSGR Data Advisor, May 7, 2019
- “Belgian Data Protection Authority Is Up and Running,” The WSGR Data Advisor, April 26, 2019
- "Belgium: GDPR Implementing Act Enters into Force," Privacy Laws & Business, February 2019
- "How Profiling Can Be GDPR Compliant and Lead to Value Creation for Businesses with Privacy as the Ultimate Dealmaker," Journal of Data Protection and Privacy, February 2018
- "Ben ik verplicht om een gegevensbeschermings- effectbeoordeling uit te voeren?" Tijdschrift voor Privacy & Persoonsgegevens, January 2018
- "Algemene verordening gegevensbescherming: vijf nieuwigheden van dichterbij bekeken," Cahier du Juriste, April 2017
- "Gegevensbescherming en AVG in praktijk: impact en aansprakelijkheid bij een M&A transactie," Data Protection & Privacy - Le GDPR dans la pratique, Anthemis, 2017
Select Speaking Engagements
- Speaker and Moderator, “Practical Insights into Crafting Transparent Privacy Notices, DSAR Response, and AI Explanations," PL&B, St. John’s College, Cambridge, July 2024
- Speaker, Future of Privacy Forum (FPF) AI Working Group meeting, June 17, 2024
- Speaker, “Practitioners’ perspectives on the new digital framework,” 17th Computers, Privacy and Data Protection Conference (CPDP), May 23, 2024
- Guest Lecturer, Data Transfers, DPO Certification Course, Maastricht University, The Netherlands, May 2024
- Keynote Speaker, “The EU AI Act and Harnessing AI's Power Responsibly - A Practitioner’s Take,” AtlanTec Conference, Ireland, May 2024
- Speaker, “How to Prepare for a Future With AI,” AtlanTec Conference, Ireland, May 2024
- Guest lecturer on Data Transfers, DPO certification course of Maastricht University, The Netherlands, September 2023
- Guest lecturer on regulatory trends and upcoming legislation, “Data Security Module” of the DPO-HSG course of St. Gallen University, Switzerland, September 2023
- Guest lecturer on Data Transfers, DPO certification course of Maastricht University, The Netherlands, June 2023
- Speaker, “ Best practices for protecting children’s privacy in the digital age: the practitioners’ perspective,” 16th Computers, Privacy and Data Protection Conference (CPDP), May 25, 2023
- Guest lecturer on Data Transfers, DPO certification course of Maastricht University, The Netherlands, March 2023
- Guest lecturer, “Data Transfers Recent Developments,” DPO certification course of Maastricht University, The Netherlands, December 2022
- Speaker, “Data Privacy – Benelux & Nordics,” Exterro Roundtable, October 19, 2022
- Guest lecturer, “Technological innovations in data security,” DPO-HSG course of St. Gallen University Switzerland, September 2022
- Speaker, “Data Privacy & Compliance – Benelux & Nordics,” Exterro Roundtable, June 8, 2022
- Speaker, “Practical Legal Perspectives on International Transfers,” 15th Computers, Privacy and Data Protection Conference (CPDP), May 24, 2022
-
Panelist, “Vendor Management — Beyond the Paperwork,” IAPP Europe Data Protection Congress 2021, November 16, 2021
- Host Privacy Roundtable, “What’s next in Privacy?” Privacy+Security Forum, May 24, 2021
- Speaker, “How to Make a Profit with Data while Complying with the GDPR?” InformaConnect Software as a Medical Device Webcast Series, April 27, 2021
- Speaker, “Gestion des fournisseurs — Tour d’horizon pratique,” IAPP European Data Protection Intensive Online 2021, March 30, 2021
- Guest lecturer, “The Supervisory Authorities knocking at the door What are the “do’s” and “don’ts” in a dawn-raid scenario?” DPO-HSG course of St. Gallen University Switzerland, January 28, 2021
- Speaker, “Navigating the Fast-Moving GDPR Data Transfers Landscape – Session 2: Practical Implications for International Businesses,” Wilson Sonsini Privacy & Data Protection Webcast, January 7, 2021
- Guest lecturer, “The Supervisory Authorities knocking at the door What are the “do’s” and “don’ts” in a dawn-raid scenario?” DPO-HSG course of St. Gallen University Switzerland, March 13, 2020
- Table speaker, Conference opening dinner, PL&B Conference, Cambridge, June 30, 2019
- Speaker, “Think of the Children - Key challenges to processing children's data,” IAPP Asia Privacy Forum 2019, Singapore, July 15, 2019
- Guest lecturer, “What to expect from GDPR,” KBC Start It series, 2018
Insights
Select Publications
- Co-author, “EU Data Act Enters into Force,” Wilson Sonsini Alert, September 15, 2025
-
Co-author, “EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement,” Wilson Sonsini Alert, June 17, 2025
- Co-author, “EU Data Act Imposes New Data Sharing Obligations,” Wilson Sonsini Alert, March 25, 2025
- Co-author with C. Burton and H. Watson, “The GDPR: The Good, the Bad, the Ugly,” TechREG Chronicle – Digital Privacy, November 27, 2024
- “New EU Cybersecurity Obligations for Connected Devices: What You Need to Know,” The WSGR Data Advisor, October 31, 2024
- “Regulators in Europe Signal Increased Scrutiny of Online Platforms,” The WSGR Data Advisor, October 21, 2024
- “Cybersecurity: A Critical Element in Your 2025 Business Forecast,” The WSGR Data Advisor, September 30, 2024
- “Weaponization of Data Subject Access Requests in the EU,” The WSGR Data Advisor, November 28, 2023
- “Global Regulators Highlight Potential Harms of Data Scraping and Best Practices,” The WSGR Data Advisor, September 13, 2023
- “Missteps in Mixing EU Data Protection and Competition Law: A Call for Boundaries,” The WSGR Data Advisor, September 5, 2023
- “European Commission Proposes New Rules on Financial Data Access and Use,” Wilson Sonsini Alert, July 6, 2023
- “Europe Prepares for a New Era in AI Regulation,” Wilson Sonsini Alert, June 15, 2023
- “Belgian Implementation of the GDPR,” Thomson Reuters Practical Law Data Privacy & Cybersecurity, April 24, 2023
- “New Draft Guidance on Binding Corporate Rules for Controllers,” The WSGR Data Advisor, December 19, 2022
- “Interplay between the EU Clinical Trials Regulation and the GDPR,” Privacy Laws & Business, March 2022
- "Belgian DPA Finds That IAB Europe’s Cookie Consent Framework Violates the GDPR," Wilson Sonsini Alert, February 8, 2022
- “Belgian Implementation of the GDPR,” Thomson Reuters Data Privacy Advisor, November 2021
- “EU Commission Publishes Template Data Processing Agreement,” The WSGR Data Advisor, June 18, 2021
- “The e-Privacy Regulation: Where are we heading? Changes to cookie consent and cookie walls are to be watched carefully,” Privacy Laws & Business, June 2021
- “A New Data Transfer Mechanism Is Available for EU Personal Data,” The WSGR Data Advisor, June 4, 2021
- “Locatefamily.com Fined EUR 525,000 for Failure to Appoint an EU Representative,” The WSGR Data Advisor, June 3, 2021
- “Schrems II: biedt de EDPB raad? Toelichting bij de aanbevelingen van de EDPB met betrekking tot internationale gegevensdoorgiftes,” Tijdschrift Privacy & Persoonsgegevens, nr. 2021/1
- “Draft EDPB Guidelines Clarify the Roles of Parties Processing Personal Data and Call for Detailed Data Processing Agreements,” The WSGR Data Advisor, September 24, 2020
- “Belgian implementation of the GDPR,” Practical Law Data Privacy Advisor, August 31, 2020
- “CJEU Advocate General Confirms Validity of EU Data Transfer Tools,” The WSGR Data Advisor, February 5, 2020
- “UK’s Age Appropriate Design Code Pending,” The WSGR Data Advisor, November 1, 2019
- “Belgian Facebook Case Referred to the European Court of Justice,” The WSGR Data Advisor, May 13, 2019
- “WSGR Event Recap: The State of Play in European Data Protection Law,” The WSGR Data Advisor, May 7, 2019
- “Belgian Data Protection Authority Is Up and Running,” The WSGR Data Advisor, April 26, 2019
- "Belgium: GDPR Implementing Act Enters into Force," Privacy Laws & Business, February 2019
- "How Profiling Can Be GDPR Compliant and Lead to Value Creation for Businesses with Privacy as the Ultimate Dealmaker," Journal of Data Protection and Privacy, February 2018
- "Ben ik verplicht om een gegevensbeschermings- effectbeoordeling uit te voeren?" Tijdschrift voor Privacy & Persoonsgegevens, January 2018
- "Algemene verordening gegevensbescherming: vijf nieuwigheden van dichterbij bekeken," Cahier du Juriste, April 2017
- "Gegevensbescherming en AVG in praktijk: impact en aansprakelijkheid bij een M&A transactie," Data Protection & Privacy - Le GDPR dans la pratique, Anthemis, 2017
Select Speaking Engagements
- Speaker and Moderator, “Practical Insights into Crafting Transparent Privacy Notices, DSAR Response, and AI Explanations," PL&B, St. John’s College, Cambridge, July 2024
- Speaker, Future of Privacy Forum (FPF) AI Working Group meeting, June 17, 2024
- Speaker, “Practitioners’ perspectives on the new digital framework,” 17th Computers, Privacy and Data Protection Conference (CPDP), May 23, 2024
- Guest Lecturer, Data Transfers, DPO Certification Course, Maastricht University, The Netherlands, May 2024
- Keynote Speaker, “The EU AI Act and Harnessing AI's Power Responsibly - A Practitioner’s Take,” AtlanTec Conference, Ireland, May 2024
- Speaker, “How to Prepare for a Future With AI,” AtlanTec Conference, Ireland, May 2024
- Guest lecturer on Data Transfers, DPO certification course of Maastricht University, The Netherlands, September 2023
- Guest lecturer on regulatory trends and upcoming legislation, “Data Security Module” of the DPO-HSG course of St. Gallen University, Switzerland, September 2023
- Guest lecturer on Data Transfers, DPO certification course of Maastricht University, The Netherlands, June 2023
- Speaker, “ Best practices for protecting children’s privacy in the digital age: the practitioners’ perspective,” 16th Computers, Privacy and Data Protection Conference (CPDP), May 25, 2023
- Guest lecturer on Data Transfers, DPO certification course of Maastricht University, The Netherlands, March 2023
- Guest lecturer, “Data Transfers Recent Developments,” DPO certification course of Maastricht University, The Netherlands, December 2022
- Speaker, “Data Privacy – Benelux & Nordics,” Exterro Roundtable, October 19, 2022
- Guest lecturer, “Technological innovations in data security,” DPO-HSG course of St. Gallen University Switzerland, September 2022
- Speaker, “Data Privacy & Compliance – Benelux & Nordics,” Exterro Roundtable, June 8, 2022
- Speaker, “Practical Legal Perspectives on International Transfers,” 15th Computers, Privacy and Data Protection Conference (CPDP), May 24, 2022
-
Panelist, “Vendor Management — Beyond the Paperwork,” IAPP Europe Data Protection Congress 2021, November 16, 2021
- Host Privacy Roundtable, “What’s next in Privacy?” Privacy+Security Forum, May 24, 2021
- Speaker, “How to Make a Profit with Data while Complying with the GDPR?” InformaConnect Software as a Medical Device Webcast Series, April 27, 2021
- Speaker, “Gestion des fournisseurs — Tour d’horizon pratique,” IAPP European Data Protection Intensive Online 2021, March 30, 2021
- Guest lecturer, “The Supervisory Authorities knocking at the door What are the “do’s” and “don’ts” in a dawn-raid scenario?” DPO-HSG course of St. Gallen University Switzerland, January 28, 2021
- Speaker, “Navigating the Fast-Moving GDPR Data Transfers Landscape – Session 2: Practical Implications for International Businesses,” Wilson Sonsini Privacy & Data Protection Webcast, January 7, 2021
- Guest lecturer, “The Supervisory Authorities knocking at the door What are the “do’s” and “don’ts” in a dawn-raid scenario?” DPO-HSG course of St. Gallen University Switzerland, March 13, 2020
- Table speaker, Conference opening dinner, PL&B Conference, Cambridge, June 30, 2019
- Speaker, “Think of the Children - Key challenges to processing children's data,” IAPP Asia Privacy Forum 2019, Singapore, July 15, 2019
- Guest lecturer, “What to expect from GDPR,” KBC Start It series, 2018
Focus Areas
Recent Insights
Alerts
European Commission Publishes Proposal for Act to Reduce Reliance on Foreign Cloud and AI
On June 3, 2026, the European Commission (EC) released its first draft of a proposed Cloud and AI Development Act (Proposal or CADA), marking a significant step forward in the EU’s efforts to strengthen its digital infrastructure and reduce strategic dependence on non-EU cloud providers.
Learn More
Recent Events
Affiliated Programs
Incident Response Forum London 2026
On June 4, 2026, Wilson Sonsini Of Counsel Laura Brodahl will join experienced panelists from the FBI and UK NCA OR law enforcement agencies for the discussion, "Working with Law Enforcement: Balancing Cooperation with Potential Risks" at Cybersecurity Docket’s Incident Response Forum London 2026. The panel will discuss issues surrounding working with law enforcement in a shifting regulatory landscape.
Learn More
Speaking Engagements
19th Annual CPDP.ai Conference
On May 19, Wilson Sonsini partner Yann Padova and Of Counsel Laura Brodahl will speak as part of the 19th Annual CPDP.ai Conference. CPDP offers cutting-edge insights into legal, regulatory, academic, and technological developments in privacy and data protection, and gathers academics, lawyers, practitioners, policymakers, industry representatives, and civil society from around the world, providing an arena to exchange ideas and discuss the latest emerging issues and trends.
Learn More
- Privacy Policy
- Terms of Use
- Accessibility
Copyright © 2026 Wilson Sonsini Goodrich & Rosati. All Rights Reserved.