Dr. Jörg Hladjk

Partner

Brussels + 32.2.645.15.30

Connect:

Share

Jörg Hladjk advises on complex, international cybersecurity and data protection matters with 20 years' experience. He leads the Brussels Cybersecurity, Privacy & Data Protection Practice, top-ranked in The Legal 500 EMEA.

Jörg counsels clients across financial services, automotive, IT, energy, and life sciences. His practice spans global strategies for data, cybersecurity, and AI compliance; approvals for Binding Corporate Rules; certification under the EU-U.S. Data Privacy Framework; data-breach preparedness and incident response; and contentious matters and regulatory investigations. He has a strong track record on data, AI, and cyber issues in cross-border M&A and outsourcings and on strategies for critical infrastructures, cloud deployments, and data centers.

He advises on the full spectrum of EU frameworks, including the General Data Protection Regulation (GDPR), Data Governance Act (DGA), Data Act (DA), Artificial Intelligence Act (AI Act), Digital Services Act (DSA), Digital Operational Resilience Act (DORA), Network and Information Security Directive 2 (NIS 2), and Cyber Resilience Act (CRA).

Representative work includes advising an electronic trading platform on all aspects of a cyberattack; a U.S.-based software company on its EU offering of AI and cybersecurity tools; a global automotive supplier on its GDPR implementation program; an energy company on critical infrastructure, including data centers; and a medical device company on mobile app technology.

Jörg chairs the advisory board of Trust in Digital Life (TDL). He has authored more than 50 legal articles and coauthored leading EU commentaries, including GDPR (Ehmann/Selmayr, 1st/2nd/3rd eds.). He served on the IAPP Publications Advisory Board from 2018 to 2020 and, since July 2021, has been co-issue leader for cybersecurity on the Digital Economy Committee at the American Chamber of Commerce to the EU.

Experience

  • Euroclear acquires Banco InversisJones Day advised Euroclear SA/NV in its acquisition of Banco Inversis, a leading provider of global investment technology solutions and outsourced financial services.
  • GfK sells European Consumer Panel (GfK CP) business to YouGovJones Day advised GfK SE in the €315 million sale of its European Consumer Panel business (GfK CP) to YouGov PLC, a leading international online research data and analytics technology group headquartered in the United Kingdom and listed on the London Stock Exchange (LSE: YOU).
  • Labcorp completes spin-off of FortreaJones Day represented Labcorp (NYSE: LH), a leading global life sciences company, in the spin-off of Fortrea, the newly formed independent Contract Research Organization providing Phase I-IV clinical trial management, market access and technology solutions to pharmaceutical and biotechnology organizations around the world.
  • iSTAR Medical enters into strategic alliance with AbbVieJones Day advised iSTAR Medical SA in its strategic alliance with AbbVie (NYSE: ABBV).
  • Consortium BelGaN Group BV acquires ON Semiconductor Belgium BVJones Day advised the consortium BelGaN Group BV with the acquisition of ON Semiconductor Belgium BV, a subsidiary of Semiconductor Components Industries, LLC, which designs and manufactures semiconductors components.
  • Orange and Masmovil combine in €18.6 billion mergerJones Day advised Orange, S.A. ("Orange"), one of the world's leading telecommunications operators, on the combination of their telecom business in Spain with Masmovil, one of the leading telecommunications operators in Spain, for an enterprise value of €18.6 billion (€7.8 billion for Orange Spain and €10.9 billion for Masmovil).
  • Fragbite acquires Lucky Kat B.V.Jones Day advised Fragbite Group AB, a global esports and gaming company, in the acquisition of Lucky Kat B.V.
  • STERIS acquires Cantel Medical for $3.6 billionJones Day advised STERIS plc in its acquisition of Cantel Medical Corp, a global provider of infection prevention products and services primarily to endoscopy and dental customers, for $3.6 billion.
  • Sumitovant Biopharma acquires remaining stake in Urovant SciencesJones Day advised Sumitovant Biopharma in its acquisition of all of the outstanding shares of Urovant Sciences Ltd. not already owned by Sumitovant at a price of $16.25 per share in cash.
  • International chemicals producer conducts internal auditJones Day is advising an international chemicals producer in conducting a multi-national internal antitrust audit.
  • Sumitomo Dainippon Pharma acquires late stage biopharma companies and forms alliance with Roivant Sciences Ltd. worth $3 billionJones Day advised Sumitomo Dainippon Pharma Co., Ltd. ("Sumitomo") in an acquisition of late stage biopharma companies and formation of alliance with Roivant Sciences Ltd.
  • ICON acquires Symphony Clinical ResearchJones Day advised ICON plc as health care, clinical trial regulatory, and data privacy diligence counsel in its acquisition of Symphony Clinical Research, a leading provider of at-home patient and site support services.
  • Fortune 500 manufacturing company investigates cyberattacks targeting payment card data on eCommerce siteJones Day directed the investigation into cyberattacks targeting payment card data on an eCommerce site of a Fortune 500 company's recently-acquired subsidiary.
  • Arsenal Capital Partners acquires HistoGeneX and Caprion BiosciencesJones Day advised Arsenal Capital Partners on major investments in HistoGeneX and Caprion Biosciences and the subsequent combination of the two businesses.
  • Evidera acquires MedimixJones Day advised Evidera, a business unit of Pharmaceutical Product Development, LLC, in its acquisition of Medimix International, a global technology company providing real-world evidence (RWE) insights and information to the pharmaceutical, diagnostic, and medical device industries.
  • Garmin® acquires Tacx, the leading manufacturer of indoor bike trainersJones Day advised Garmin Ltd. in its acquisition of the Tacx group, a Dutch family business that designs and manufactures high end indoor bike trainers, tools and accessories, as well as indoor training software and applications.
  • SAP acquires Qualtrics for $8 billionJones Day advised SAP in its $8 billion acquisition of Qualtrics International Inc., the global pioneer in the experience management software category.
  • Procter & Gamble acquires consumer health business of Merck KGaAJones Day advised The Procter & Gamble Company (“P&G”) in its €3.375 billion ($4.2 billion) acquisition of the worldwide consumer health business of Merck KGaA.
  • Advantage Solutions acquires Jun GroupJones Day advised Advantage Solutions on its acquisition of Jun Group, an industry-leading mobile video advertising company.
  • Financial services company conducts internal investigation into potential FCPA violationsJones Day assisted a financial services company in conducting an internal investigation into potential FCPA violations.
  • Global information technology company implements EU General Data Protection Regulation (GDPR)Jones Day is advising a global information technology company regarding its implementation of the EU General Data Protection Regulation (GDPR).
  • Global supplier of automotive systems implements pan-EU data protection compliance programJones Day is advised a global supplier of automotive systems on the strategy and implementation of a pan-EU data protection compliance program.
  • U.S. software company launches cybersecurity toolsJones Day is advising a U.S-based software company on its offering of cybersecurity tools for the EU and on related compliance questions.
  • Randstad acquires Monster for $429 millionJones Day advised Randstad Holding nv (AMS: RAND), a leading human resources services provider, in the acquisition of Monster Worldwide, Inc. (NYSE: MWW).
    • View All

    January 23 - December 11, 2025 Firm Hosted

    2025 Public Company Speaker Series

    December 2025 Newsletters

    EU Geopolitical Risk Update - Key Policy & Regulatory Developments No. 123

    NOVEMBER 2025 Commentary

    New ECB Guide on Outsourcing Cloud Services to Cloud Service Providers

    OCTOBER 2025 Alert

    Italy Leads the Way in Shaping National AI Legislation Within the EU

    October 2025 Alert

    Strengthening Critical Infrastructure: Germany's New KRITIS Umbrella Law and NIS-2 Implementation

    October 2025 White Paper

    Rising Global Regulation for Artificial Intelligence

    September 2025 Newsletters

    EU Geopolitical Risk Update - Key Policy & Regulatory Developments No. 122

    SEPTEMBER 2025 Commentary

    CJEU Clarifies Scope of Personal Data in EDPS v SRB Decision

    September 2025 Commentary

    EU General Court Upholds EU-U.S. Data Privacy Framework

    AUGUST 2025 Commentary

    EU AI Act: European Commission Publishes General-Purpose AI Code of Practice
    View All

    Additional Publications

    • February 2019
      The German Facebook Case – Towards an Increasing Symbiosis Between Competition and Data Protection Laws?, Competition Policy International
    • February 2019
      The German Facebook Case – Towards an Increasing Symbiosis Between Competition and Data Protection Laws?, coauthor, CPI Antitrust Chronicle

    January 23 - December 11, 2025 Firm Hosted

    2025 Public Company Speaker Series

    September 8, 2022 Webinars

    Trade Secrets: How to Protect Your Business From Theft and Cyberattacks

    Additional Speaking Engagements

    • November 19, 2025
      Moderator, panel - Cybersecurity and the AI Act — Practical Challenges and Opportunities, IAPP Europe Data Protection Congress 2025
    • February 26, 2025
      Speaker, Jones Day - Cybersecurity and Privacy Update: A Roundtable Discussion of Key Developments and Hot Topics (AI Regulation & Enforcement - EU AI Act and Continued EU Digital Agenda Implementation)
    • November 6, 2024
      Speaker, IDACON 2024 - 24th Data Protection Congress - Uniform application and enforcement of the GDPR – The role of the European Data Protection Board (EDPB)
    • June 20, 2024
      Speaker, Jones Day - Cybersecurity and Privacy Update: A Roundtable Discussion of Key Developments and Hot Topics (EU Digital Strategy Overview and EU AI Act)
    • October 4, 2023
      Speaker, Jones Day - Cybersecurity and Privacy Update: A Roundtable Discussion of Key Developments and Hot Topics (Rise of Data Subject Access Requests (DSARs)
    • June 21, 2023
      Speaker, Jones Day - Cybersecurity and Privacy Update: A Roundtable Discussion of Key Developments and Hot Topics (Personal Data Transfers – Update on new EU-U.S. Transatlantic Data Privacy Framework)
    • April 25, 2023
      Panelist, Jones Day Sixth Annual Latin American Privacy and Cybersecurity Symposium - Session 5: Key Developments in Cybersecurity, AI, and Data Protection: Europe vs. Latin America (English)
    • October 14, 2022
      Speaker, Jones Day - Compliance difficulties of data security and personal information protection 数据安全和个人信息保护合规难点
    • October 12, 2022
      Speaker, Jones Day - Cybersecurity and Privacy Developments for Life Sciences companies
    • September 28, 2022
      Moderator, panel, What If Privacy Shield 2.0 Never Happens? Practical Advice On Lawful International Data Transfers at PrivSec Amsterdam (Part of the Digital Trust Europe Series)
    • June 22, 2022
      Speaker, Jones Day - Cybersecurity and Privacy Update: A Roundtable Discussion of Key Developments and Hot Topics (GDPR enforcement trends)
    • December 15, 2021
      Speaker, Jones Day - Life Sciences Cyber Session: Cybersecurity and Privacy risks in life sciences transactions
    • September 22, 2021
      Moderator, Session 5. The GDPR vs. Brazil's General Data Protection Law, Jones Day's Fifth Annual Latin America Data Protection, Privacy & Cybersecurity Symposium
    • June 24, 2021
      Speaker, Cybersecurity Incidents – EU Legal Framework and Data Breach Response, BJA Webinar on Cybersecurity – how to prepare your company for a Cyber Crisis
    • March 26, 2021
      Speaker, Obligation to document data breaches and Post-breach management measures: contract management and liability issues, Online Seminar "Responding to personal data breaches in the Post-GDPR", Academy of European Law (ERA)
    • January 13, 2021
      Jones Day - Cybersecurity and Privacy Update: A Roundtable Discussion of Key Developments and Hot Topics (Update on Schrems II Developments)
    • October 8, 2020
      Session 2: Practical GDPR – Challenges in real life/lessons learned, Legal Council
    • November 11, 2019
      How to close the deal: Data protection risks and solutions for M&A transactions, Roundtable Topic Discussion, IAPP Europe Data Protection Congress 2019
    • October 23, 2019
      Big Data and GDPR, IDACON Data Protection Congress
    • June 18, 2019
      GDPR - a catalyst for digital transformation? European Association for Identity and Security (EEMA) Annual Conference 2019
    • June 6, 2019
      The GDPR One Year On: A Look at the Lessons From Implementation and the Next Steps for Compliance and Enforcement
    • May 23, 2019
      Eighth Annual European Labor & Employment Conference
    • April 30, 2019
      Panelist, Cybersecurity and Data Governance: Threat Landscape, Legal Regime, and Policy Challenges, Seminar: Cybersecurity, Data Protection, and the Rule of Law - Evolving Policy and Legal Risks in a Global Digital Economy, Jones Day and Peking University Law School
    • April 10, 2019
      Data Localization and Privacy Regulations - Cybersecurity Risk Management Council
    • January 2019
      Implications of the US Cloud Act and Other Developments Regarding Data Protection in Context of the USA, GDD Winter Workshop
    • November 29, 2018
      International Data Breach Notification: How to Get it Right, Roundtable Topic Discussion, IAPP Europe Data Protection Congress 2018
    • October 25-26, 2018
      Data Protection and Open Banking: Experiences and Expectations
    • October 5, 2018
      Marketing under GDPR: Challenges, experiences and solutions, IAPP Brussels KnowledgeNet Chapter
    • October 1, 2018
      Wearables in the context of data protection regulations (Risks & Challenges), FIFA Football Technology & Data Summit 2018
    • February 28, 2018
      Antitrust and Data Portability Rights, EMEA Conferences: GDPR and Antitrust
    • January 2018
      The European Union's General Data Protection Regulation (GDPR), Jones Day MCLE University
    • January 2018
      The ePrivacy Regulation, Jones Day MCLE University
    • January 2018
      The European Union's General Data Protection Regulation (GDPR), Jones Day MCLE University
    • October 23, 2017
      How to Prepare for the GDPR for Japanese Companies
    • October 17, 2017
      The EU-U.S. Privacy Shield in context of the developments in the USA, Annual IDACON Conference
    • September 14, 2017
      Introduction to the GDPR - Top 10 Implementation Issues for Companies
    • July 12, 2017
      The Upcoming ePrivacy Regulation: Status and Assessment of the Commission’s Proposal, IAPP Knowledge Net
    • April 25, 2017
      GDPR Workshop: Best Practices for Implementing the EU General Data Protection Regulation, Jones Day Seminar
    • April 24, 2017
      GDPR Workshop: Best Practices for Implementing the EU General Data Protection Regulation, Jones Day Seminar
    • April 5, 2017
      Le RGPD en détail – Analyse des directives des autorités de protection des données et des efforts de mise en œuvre au niveau national
    • April 2, 2017
      The EU Cybersecurity Directive—What Do the New Rules Mean for Business?, 10th Annual GDD Seminar Data Protection International
    • March 15, 2017
      Webinar Series: EU General Data Protection Regulation (three-part series)
    • November 28, 2016
      Advanced Training for Data Protection Officers on "International Data Transfer: EU Standard Contractual Clauses and Privacy Shield", German Federal Association of Data Protection Officers (Berufsverband der Datenschutzbeauftragten Deutschlands (BvD) e.V.)
    • October 14, 2016
      What to Do in Case of a Cyber-Incident or Data Breach: How to Prepare for, and Avoid, a Crisis, Jones Day Seminar
    • October 14, 2016
      Crisis Management: Prepare for the Unexpected
    • September 13, 2016
      Binding Corporate Rules under the EU General Data Protection Regulation (GDPR), IAPP Knowledge Net
    • August 2, 2016
      A Briefing on the EU-U.S. Privacy Shield
    • July 11, 2016
      Overview and business impact of the EU GDPR – How can companies prepare for compliance?, Japanese Chamber of Commerce, Data Protection Seminar
    • June 16, 2016
      Trust in the Digital World - The EU General Data Protection Regulation - How can companies prepare for compliance?
    • October 14 and 15, 2015
      Advanced Training for Data Protection Officers on "International Data Transfer", German Federal Association of Data Protection Officers (Referentin der Fortbildungsveranstaltung des Berufsverbands der Datenschutzbeauftragten Deutschlands (BvD) e.V. zu "Internationaler Datentransfer")
    • April 23, 2015
      Status und Vergleich der grenzüberschreitenden Datenschutzkonzepte: APEC Cross Border Privacy Rules und EU Binding Corporate Rules, 8. GDD-Fachtagung Datenschutz International 2015
    • December 3, 2014
      Can the EU legal framework promote trust? Challenges towards trusting the network and the Cloud, NetWorld2020 GA 2014: The future of telecommunication networks
    • November 18, 2014
      Internet of Things, Data Protection and Security: What are the Legal Challenges, and How Do We Overcome Them?, IAPP Europe Data Protection Congress 2014
    • November 12, 2014
      Enforcement action risks for organizations of multinational reach. Understanding regulation and global enforcement trends and the impact for General Counsel and Data Protection Officers, The Future of Data Protection Conference
    • May 12, 2014
      The EU Cybersecurity strategy – overview and business impact, European Data Protection Days (EDPD)
    • April 28, 2014
      APEC Privacy Framework – Geschäftsaktivitäten im asiatisch-pazifischen Wirtschaftsraum, 7. GDD-Fachtagung Datenschutz International 2014
    • April 28, 2014
      APEC Privacy Framework – Geschäftsaktivitäten im asiatisch-pazifischen Wirtschaftsraum, 7. GDD-Fachtagung Datenschutz International 2014
    • April 28, 2014
      Technologien für mobiles, kontaktloses Bezahlen (NFC), 15. Jahresfachkonferenz, Datenschutz und Datensicherheit (DuD 2013)
    • June 3, 2013
      Successfully Navigating Hazardous Waters: The 3rd Joint ABA/DAV Conference on Transatlantic Deals and Disputes, Data Privacy for M&A Lawyers

    Before sending, please note:

    Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.