Our Website Uses Cookies 


We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.


For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Nicholas Shepherd is an associate in the firm’s Brussels office, where he is a member of the Data Privacy and Cybersecurity practice group, advising clients on national and international issues related to data protection and information security.

  • Advising multinational companies on compliance with all aspects of the European General Data Protection Regulation (GDPR), the ePrivacy Directive, direct marketing laws, and other privacy and cybersecurity legislation.
  • Advising companies on privacy compliance in the adtech space, including publishers, advertisers, adtech vendors, consent management providers, and other stakeholders; providing tailored advice for product- and service-specific contexts concerning issues such as transparency, consent, lawful processing, data sharing, and other related topics.
  • Advising a global smartphone manufacturer on the GDPR compliance of the phone user experience, including drafting an in-depth report examining issues such as transparency, consent, lawful processing, data subjects’ rights, and other related issues.
  • Advising a global technology company on privacy due diligence for numerous successful M&A transactions, as well as post-acquisition integration activities to align acquired entities’ policies and procedures with the company’s global privacy compliance program.
  • Advising a multinational diagnostic imaging company on the European requirements for anonymization, including conducting an in-depth review of the company’s de-identification practices and drafting a report on the company’s approach to anonymization.
  • Advising companies in the entertainment and gaming sector on compliance with European privacy rules for processing children’s data, including examining the applicability of national codes and standards for children’s privacy.
  • Advising multinational companies on GDPR compliance when collecting sensitive data from employees, including for purposes of diversity & inclusion initiatives, as well as collecting health data in the context of the COVID-19 pandemic.
  • Advising companies in developing and deploying Binding Corporate Rules (BCRs), including multinational corporations in the nutrition, manufacturing and heavy industry sectors.
  • Advising a global energy company on day-to-day compliance with all aspects of the GDPR, ePrivacy rules for websites and mobile apps, and direct marketing rules, as well as (among other things) reviewing and negotiating privacy terms in vendor agreements, revising privacy notices and consent forms, and updating the company’s personal data incident response plan.
  • Advising a global energy company on the development of a data protection handbook to guide the companies’ global privacy compliance program, including jurisdiction-specific advice, template notice and consent forms, template contractual terms, training materials, project diagrams and matrices, and other related deliverables.

Previous Experience

  • In-house Legal & Compliance Manager at a global insurance company (2016-2018)