Monika Kuschewsky

Monika Kuschewsky


Monika Kuschewsky is a German Rechtsanwältin and qualified as a Certified Information Privacy Professional/Europe (CIPP/E) and Betrieblicher Datenschutzbeauftragter (German company data protection officer) (GDDcert.). Monika is the general editor of Data Protection & Privacy – International Series, a multijurisdictional reference guide published by Thomson Reuters for companies, legal professionals and data protection officers, covering 46 major jurisdictions worldwide, which is now in its third edition.

Monika has practiced in Brussels since 2000. Prior to joining our Data Privacy & Cybersecurity practice, she was a senior lawyer in a US-headquartered law firm and prior to that, a partner in an independent Brussels-headquartered law firm, where she developed and headed the European data protection practice.

Monika has broad experience in a wide range of data protection matters, with a particular focus on international data transfers (Binding Corporate Rules (BCRs), EU standard contractual clauses, Privacy Shield), outsourcing, HR data protection and direct marketing. Monika has successfully managed numerous data protection projects, including multijurisdictional audits and compliance programs, at a pan-European level and beyond, and has carried out data protection impact assessments. She helps companies prepare for the General Data Protection Regulation and other legislative developments in the data protection field at the EU level and in Germany. She represents clients before data protection authorities and provides training on data protection, helping clients navigate the complex rules in relation to data processing and requests for disclosure of personal data in the context of internal and external investigations and non-EU litigation. She also advises on the data protection implications of the use of new technologies and practices, such as big data, mobile apps, the Internet of Things (IoT), Bring Your Own Device (BYOD), cloud computing, geolocation services, cookies and other tracking technologies and social media. Monika also handles health data related matters.

Monika advises multinationals, as well as large- and medium-sized companies and trade associations in a wide range of sectors, including media and technology, energy and transport, healthcare, pharmaceuticals and finance.


  • Advising several clients and trade associations on the implications of the General Data Protection Regulation, the Privacy Shield and other data protection developments.
  • Advised several life sciences and medical devices companies with respect to website privacy policy, mobile apps, patient information and consent and processing of patient and healthcare professionals’ personal data.
  • Advised medical devices companies on data protection issues related to mobile health applications and outsourcing of data processing.
  • Participated in the drafting team, under the auspices of the European Commission, which developed the Code of Conduct on privacy for m-Health apps.
  • Advising a trade association in the transport sector and several clients on the implications of the General Data Protection Regulation, the Privacy Shield and other data protection developments for the members of the association. Assisted in the development of data protection principles.
  • Carried out a data protection compliance audit in preparation for BCRs, developed the relevant BCR documents and representing a US-headquartered multinational in BCR approval proceedings before a German data protection authority.
  • Assisted a US multinational in the preparation of BCR documentation and advised on the implications of the annulment of the EU-US Safe Harbor adequacy decision.
  • Conducted a comprehensive data protection audit in preparation for the BCR application of a global supplier in the oil and gas industry and assisted in the implementation of the BCR.
  • Conducted a data protection compliance audit and gap analysis for a US multinational in the finance sector in light of the EU Data Protection Directive and the General Data Protection Regulation and assisting in the development of various compliance tools.
  • Assisted a US-headquartered client in a data protection compliance investigation by a German data protection authority and prepared a response.
  • Provided advice on data breach notification obligations in Germany to a US-headquartered client in the media sector and assisted in the preparation of the notifications.
  • Carried out a data protection impact assessment of a new HR system and provided strategic advice to the headquarters of a US multinational regarding the involvement of the German affiliate‘s data protection officer and works council.
  • Advised a US-based IT company on the legal framework in Germany regarding law enforcement requests for information.
  • Advised a US-headquartered company in the aviation sector on German law enforcement authorities‘ request for information.
  • Provided legal advice to an Asian and a US multinational regarding the German rules that are relevant for the use of cloud computing in various industry sectors.
  • Provided strategic advice on the location of data centers in the EU.
  • Advised an Asian multinational on the data protection issues related to the envisaged transfer of customer personal data as part of the divestiture of parts of its business and developed notice and consent forms.
  • Advised several companies on the legal requirements for marketing activities in Germany.
  • Managed and supervised several multijurisdictional audits at a pan-European level, including of HR and customer data processing as well as the use of cookies, of Fortune 500 and other international companies with establishments in several European countries. Other multijurisdictional projects have included the preparation and roll-out of compliance solutions for international data transfers, internal and third country governmental investigations, whistleblowing schemes and data breaches.
  • Participated in the audit of the data processing practices of a non-European multinational conglomerate IT and electronics company and the development of a global compliance strategy. Involved in the development of its global privacy policy, HR and due diligence guidelines. Advised on the deployment of Big Data.
  • Developed and successfully implemented a number of pan-European data protection compliance programs, which include, among others, the drafting of various policies, procedures and information notices as well as filing registrations and notifications in EU Member States. Monika has prepared contractual clauses, including with respect to international data transfers and the use of processors and assisted in contract negotiations.
  • Reviewed and amended vendor contracts for a number of clients and assisted in the negotiation of the relevant data protection terms.
  • Advised several clients on the possible set up of an internal data protection organization and the rules and requirements applicable to data protection officers in Germany.
  • Developed a data protection compliance strategy regarding the sharing of personal data and international data transfers of an organization and its members in the transport sector. Prepared data transfer, controller-to-controller and processor agreements and worked on a security policy.
  • Advising a global biopharma company on the legal aspects and implementation of a Customer Relationship Management system in several European jurisdictions.
  • Reviewed various IT and email policies of a global life sciences company and amended them in light of several IT projects, including email and server consolidation and mobile device management. Advised and developed a BYOD policy and related documents. Prepared processor and international data transfer agreements.
  • Drafted and amended controller-to-controller agreements, including for a life sciences company in relation to its distributors.
  • Advised a leading global IT company and others on miscellaneous questions of German data protection law, including in relation to direct marketing, call center activities, asset deals and the deployment of new technologies.
  • Advised a global IT company and a multinational in the banking sector on Germany’s new IT Security Law.
  • Advised clients in the financial and health sectors on the data protection implications of internal and external investigations and e-discovery requests for information, developed notices and consent forms and other compliance tools.


  • International Association of Privacy Professionals, 2009
  • GDD, 2007
  • Kammergericht Berlin, Second State Examination, 1999
  • University of Bristol, LL.M., 1997
  • Freie Universit├Ąt Berlin, First State Examination, 1996


  • Belgium (EU List)
  • Germany

Memberships and Affiliations

  • International Association of Privacy Professionals (IAPP), Member
  • IAPP Brussels KnowledgeNet, Co-Chair
  • Privacy & Data Protection Journal, Member of the Editorial Board
  • Research contributor to Nymity
  • Gesellschaft für Datenschutz und Datensicherheit e.V. (GDD) (German Association for Data Protection and Data Security), MemberDigital Economy Committee of the American Chamber of Commerce to the European Union, Member
  • Deutscher Juristinnenbund e.V. (German Women Lawyers Association), Member
  • Studienvereinigung Kartellrecht e.V. (Association of German, Austrian and Swiss lawyers with a special interest in antitrust law), Member


  • German
  • English
  • French

{{}} {{insights.source}} {{insights.type}}