Koenraad Flamant

Pioneer of the new generation of entrepreneurial lawyers strongly believing in a proactive one-stop service with a passion for Privacy & IT and Real Estate.


This term refers to the new special job title, which has been generated by the European GDPR or General Data Protection Regulation: the Data Protection Officer, or in Dutch: de Functionaris voor de gegevensbescherming, and in French: le Délégué à la protection des données. Given that English is used world-wide, both in the IT industry as well as in the GDPR, we have not translated our brand name. Of course, this does not mean that we will not assist you in your own mother tongue, on the contrary!


So, you have found your way to my website. I can only presume that you have already performed some searches for basic information on the GDPR, and probably more. I will spare you an umpteenth general introduction about the GDPR, the new legal requirements, and the ominous reports about the astronomical penalties.
You must be looking for specialist advice and solutions. I can assist you with both.
The jigsaw depicted in the logo instantly reveals the important and vital facts about Data Protection and Compliance with the GDPR: an overall simultaneous approach at different levels as a partner to the business.

  1. People

Most data breaches are caused by human error. People can be careless about passwords, and will click on anything that moves. It is therefore important to make personnel aware of the importance of their role in IT security and data protection. The main challenge in implementing and ensuring compliance with the GDPR is to act as a partner to the people within the business, to become part of the business team, even more so than the GDPR team. This is the only way the company can have confidence in the GDPR team, and to get everyone on board.

  1. IT

Most companies are already spending hefty sums on security. Some organisations, however, are still lagging behind. In times where cloud applications are increasingly setting the trend, we really must secure its access through authentication and other means.The main challenge when carrying out a GDPR implementation project is to emphasise the importance of the data in general. “Data is the new oil!” Every company, B2C as well as B2B, processes large amounts of data, including personal details. By analysing, monitoring and profiling these data, companies gain a considerable advantage on their competitors, and it enables companies to set themselves apart from the competition. It is not only the personal details that need to be protected. After all, all data are crucial to an organisation.

  1. Legal

Whichever way you may look at it, GDPR implies a major legal investment. However, it simply will not do to ask one or other lawyers’ practice to write up some wording. GDPR requires the input from a lawyer with considerable IT knowledge, and in addition, more than average knowledge of civil and contract law.

Procedures have to be reviewed; access management (which member of staff will be allowed access to a particular set of data?), the data storage period, the complaints and requests of the persons concerned (SAR, Subject Access Request), Data Breach procedures, and naturally also the data protection policy.

Of course, we must not lose sight of the contractual aspect of the GDPR: What exactly are your rights and obligations towards your principals, sub-contractors or clients? How does it affect international companies and the transfer of data outside of the European Union? We support you with our expertise, including the transfers to the more challenging countries (USA, Russia, etc.).

And last but not least, we take care of the most forgotten part of the GDPR obligations: the documentation relating to the implementation and the decisions taken. The company directors are responsible for taking the crucial decisions, as these cannot be taken by the GDPR team. This does indeed require providing regular feedback to the management, and finally, the management which is by then appropriately informed by the DPO team, can take the final decisions on sensitive issues, such as the storage period, how to use the existing data, etc.

  1. DPO

Numerous companies out there have become obliged to call upon the services of a Data Protection Officer:

  • All authorities, and also all public bodies
  • Companies whose core duties consist of processing operations that require regular, systematic, and large-scale observation of the subjects concerned (monitoring and/or profiling).We find examples galore in personnel being tracked by employers (using GPS monitoring on a car or mobile phone, or GPS modules monitoring driving behaviour, etc.), but also in the latest technologies in shopping centres to track customers via Bluetooth, WiFi, etc.
  • Companies whose core duties consist of large-scale processing of special categories of details (race, religion, sexual orientation, political conviction, health, membership of a professional association, and genetic data (biometric data, fingerprints, eye scan, etc.), or of personal details relating to criminal sentences and criminal offences.

The GDPR has quite deliberately remained vague about certain principles. Consequently, at present, it is not quite clear what is and what is not allowed. This is where you need specialist advice that is also pragmatic.

Not every company has the means – if this turns out to be a legal requirement – to recruit a full-time in-house DPO. An adequate risk assessment can sometimes make this type of recruitment completely superfluous. Koenraad FLAMANT is a DPO, who acts for a wide variety of clients for a small monthly fixed fee (a retainer to ensure that the service is available). If an incident should occur (SAR, data breach, DPA inspection, etc.), Koenraad will act as DPO, at an hourly rate agreed in advance. This makes the cost of a (compulsory) DPO affordable.

Companies that do not require a DPO must, however, meet the same obligations as all the other companies. They must equally be able to answer queries from the public, act in the event of a data breach, and they can/will be checked by the DPA (Data Protection Authority, the former Privacy Commission). That expertise is often lacking.

As previously stated, it is obvious that Koenraad has the necessary expertise in ICT Law, Intellectual Property and Media Law. After all, these specialist legal fields are closely intertwined. Koenraad can therefore assist you with:


  • Hardware, software & internet-related contracts and case files
  • Public tenders for computer equipment or software or IT projects
  • Outsourcing (Service Level Agreements – SLA)
  • Cloud computing
  • E-commerce and advertising
  • IT security

Intellectual Property Law – IP

  • Trade mark law
  • Copyright law
  • Drawings and model law
  • Patent law
  • Domain names
  • Database law
  • Data protection legislation

Media Law

  • Freedom of the press, freedom of speech & protection of sources
  • Right of reply
  • Right to privacy
  • Right to be forgotten on the internet
  • E-reputation
  • Identity theft
  • Image and personality rights
  • Liability of publishers, Internet Service Providers or moderators for the content of their (on-line) publications
  • Media regulation