Matúš Huba is a data privacy advisor in the Data Privacy, Cybersecurity & Digital Assets Practice based in the Brussels office.

    Matúš advises on a broad range of data privacy and cybersecurity matters, with a particular focus on data breach management and notification obligations, contractual and transparency data protection obligations and international data transfer mechanisms under the GDPR, including SCCs and BCRs. He regularly advises on EU-wide and member state-specific e-privacy issues, including direct marketing, implementation and enforcement of rules on cookies and other tracking technologies. Matúš has supported the inception and implementation of numerous data protection and privacy compliance programmes.

    Matúš previously supported the EMEA Communications Practice in providing advice on notification, licensing and other regulatory matters concerning the use of new technology solutions in projects with EU-wide application, as well as the Labour & Employment Practice in the Prague office.

    Award Mouse thought multimedia interface book medal screen monitor
    • Assisted an EU-US research foundation with its data protection and privacy obligations, and development of compliance documentation and processes vis-à-vis the participating patients and researchers, as well as donors, including advice on data protection impact assessments, consent implementation and transparency obligations, as well as DPO registration obligations.
    • Assisted a medical equipment manufacturer and distributor with a GDPR compliance programme, including contractual coverage of data transfers, public-facing notices and international transfer issues, as well as assessment of IoT applications’ setup and privacy by design concerns. Advised on EU-wide assessment, mitigation and notification obligations related to a phishing-related personal data breach.
    • Advised a clinical services provider and health products distributor on compliance with obligations related to the GDPR and the ePrivacy Directive with regard to its online presence and offering, in particular the transparency obligations.
    • Assisted a personal genomics and biotechnology services provider with determining the scope of GDPR application on its internal employee personal data compliance obligations and their implementation.
    • Advised a global provider of optical systems solutions and manufacturer of optical materials on comprehensive GDPR compliance assessment and resulting programme adoption and roll-out, including preparation of multiple internal and public-facing documents and revision of existing contractual arrangements.
    • Assisted a cloud-based platform provider of software services to pharmaceutical companies with GDPR compliance regarding data onboarding and exchange on the platform and further use by the client, including transparency obligations compliance.
    • Assisted a global food production and distribution company on custom COVID-19 track and trace application development and implementation with regard to the GDPR and varied member state compliance requirements.
    • Advised an international e-commerce platform on ad-tech and digital advertising issues, and custom audience segments creation, including ePrivacy Directive implementation and enforcement and data protection impact analysis and transparency obligations under the GDPR.
    • Assisted an international aircraft manufacturer with its EU response to a multijurisdictional data breach, including assessment of GDPR rules application to the breach and notification obligations to EU supervisory authorities and data subjects and related documentation.
    • Advised an international machinery manufacturer on international data transfer compliance efforts under the GDPR, including use, maintenance and expansion of BCRs, SCCs and data transfer agreements with external vendors. Assisted in the creation of a comprehensive Data Protection Impact Assessment process and documentation.
    • Assisted a packaging company on continued EEA data protection and privacy compliance efforts, including building a comprehensive GDPR and ePrivacy Directive compliance plan and implementation, including employee notification and training, data collection and use processes setup, intra-group and external data transfers compliance and adaptation to regulatory guidelines and applicable case law, COVID-19 response compliance, and including part-time in-house support with the legal department.
    • Assisted a global manufacturer of industrial components with its response to a cross-border ransomware security incident response and related data breach assessment, mitigation and notification obligations with regard to multiple EU and UK supervisory authorities.
    • Advised an EU-based car manufacturing company regarding the determination of status of certain data collected from automated and connected vehicles as personal data under the GDPR and issues related to third-party access to vehicle data, including necessary data transfer arrangements implementation in the context of cooperative intelligent transport systems (C-ITS).
    • Advised media measurement and analytics companies on compliance with EU and UK ad-tech rules and positioning of the client vis-à-vis publishers, DSPs, SSPs and other business partners, including development and implementation of a consent mechanism, as well as compliance with EU and UK contractual and transparency obligations.
    • Assisted an international consulting and technology services company with day-to-day GDPR and ePrivacy Directive compliance efforts, including development and revision of internal processes on client data onboarding and processing and advice on contractual arrangements, including with governmental representatives and agencies.


    • Charles University/Institute of Law and Jurisprudence, LLB eq., Law, 2018
    • University of Antwerp, Postgraduate Diploma, cum laude, International and European Legal Studies Programme, 2013

    Memberships and Affiliations

    • Member, International Association of Privacy Professionals
    • Member, International Institute of Communications
    {{blog.title}} {{blog.source}}


    • Co-author, “Data Breach Enforcement in the UK and in the EU: Cross-Border Issues”, Security & Privacy // Bytes, 11 March 2020.
    • Co-author, “Absent Guidelines, Many Questions on Facilitating DSARs”, Security & Privacy // Bytes, 3 February 2020.
    • Co-author, “EDPB Tries to Sort Out the DPIA Disaccord”, Security & Privacy // Bytes, 9 October 2018.
    • Co-author, “Pseudonymisation – The Key to Ease Requirements of the GDPR on Controllers and Processors”, Právní rádce 12-2016, 9 December 2016.

    Speaking Engagements

    • Speaker, “3 Years After GDPR – Reflections, Lessons & Moving Forward”, The Cyber Security Summit 2021, 28 January 2021.
    • Lecturer, “Essentials of Data Protection in the European Parliament, European Parliament”, EIPA, 2019 – 2020.
    Award Mouse thought multimedia interface book medal screen monitor