Head of the Data Protection Lab: Nils Broeckx

Apart from work and family, I have another passion: food. Give me a chef that dares to surprise me by using ingredients that are forgotten or little-known in our dining culture. This is the kind of chef I want to be for GDPR and DP. To surprise people with a great GDPR experience is my professional purpose.
Why did you choose Data Protection as your field of expertise?
Apart from work and family, I have another passion: food. When a new restaurant opens, I will be one of the first to try it. Give me a chef that dares to surprise me by using ingredients that are forgotten or little-known in our dining culture.
This is the kind of chef I want to be for GDPR and DP. In general, DP has strong lovers and haters. I am a passionate lover of it. It’s my quest to be a game-changer in this domain. To surprise people with a great GDPR experience is my professional purpose, just like my favorite chefs do with food.
What challenges do you see in the market today?
Our world has been split in two: a physical realm and a digital realm. We live more and more in the digital space for both work (Teams meetings) and our private life (WhatsApp). Digital technologies are, however, very complex. That’s why most users need help understanding the risks like hacking and tracking. This has led to a wave of specific legislation that attempts to minimize those risks. The most famous one is, of course, the 2018 GDPR wave.
Many people don’t understand the data protection legislation or find it complex and boring. That’s a problem. Ignoring it doesn’t make it go away. On the contrary, hefty administrative fines and severe reputational damage are only a few possible consequences.
GDPR legislation has existed for a couple of years now. One of the main trends we see today is that companies want to implement the legislation, though in a pragmatic, realistic and solid way. But it takes a lot of time, effort and knowledge of the ins and outs of the company to achieve this goal.
What are the solutions the Data Protection Lab offers?
I no longer wanted to sit on the sidelines and cheer my clients on. I wanted to join the game with them and play for their team. If you can’t stand the heat, you’d better stay out of the kitchen. And as I said, I love to be in the kitchen. (laughs)
At Ask Q, we call this the ‘DP Counsel on demand’. We jump in as an extension of a legal department, data protection office or company altogether. That means we don’t just tell you what to do through training or ad hoc advice, but actually take ownership of handling data breaches, getting DPAs signed, updating your privacy policy as your company’s activities change, and so on.
We always look for the leanest and most user-friendly way to address a specific data protection challenge. That’s why we started developing specific user-friendly (sometimes even fun) products beyond traditional data protection services.
What separates the Data Protection Lab from other legal service providers?
Mastering complex legislation is one thing; translating it into a pragmatic and acceptable solution is sometimes a whole different ball game. You don’t learn to cook just by reading cookbooks. We combine skill with competence, which makes Ask Q stand out.
There are, of course, some skilled GDPR freelance professionals, but they lack the team we have. It is exactly across the lab team that we constantly share know-how, templates and tools. And, of course, there are a lot of lawyers who focus on data protection and who all are highly competent. Although their in-depth knowledge is truly impressive, they often don’t manage to integrate that knowledge into applicable solutions for the business.
That is where we come in. We act and think like in-house counsels. That means we can place GDPR in perspective and avoid overkill. And if we’re faced with a question that requires other legal expertise or a couple more hands to get the job done in time, then we can turn to the rest of the Ask Q team.
What type of clients do you work for?
Both legal and non-legal. The company’s legal counsel(s) or DPO are typically our main contact. But often, we get to work with many different people, especially if the client has appointed us as their DPO. So, if we need input on IT security for a data protection impact assessment, we talk to the IT department. We align with the sales team if we need to negotiate a DPA with one of their B2B customers. And if they need any strategic advice, then we know how to inform the manager of the options in a clear risk-benefit summary.
We typically end up in companies that deal with a lot of sensitive data. That’s why we often work for life sciences organizations. But we are open to every business in all sectors. We work for companies like LynxCare, Multipharma, and furniture retailer WEBA. As I said, we always look at what the business needs. Sometimes, you just need a little push in the right direction.
Who’s the Data Protection Lab Team?
I used to be a senior lawyer, but now have the opportunity to build my own team within Ask Q. What is so powerful about the Ask Q culture is the strong sense of entrepreneurship and creativity. You could consider the Data Protection Lab a micro start-up within the bigger Ask Q start-up. When it comes to hiring, attitude and passion beat legal background. I wanted to find allies with the desire to really understand data protection law and translate it into realistic solutions, even if that means inventing something new. I’m proud to say that our team does exactly that.
I hear you thinking: “Is it a bunch of GDPR nerds, then?” No, not at all. Friends and family assure me I am a normal human being and very easy to talk to (laughs). It’s because we also do more in life than just work. For example, did you know that besides food, I have a passion for story-based gaming?
What does the future look like?
I am very enthusiastic about the future. Since the start of Ask Q, we have grown fast and done many interesting projects with the Data Protection Lab. It inspired us to develop better solutions that combine services and products. And eventually, we want to grow beyond legal and focus on IT management and security as well.
But to be honest, I’m simultaneously maintaining a healthy dose of vigilance. We’re aiming for the stars and setting out to change the data protection game. That is no minor goal. And on top of that, we’re seeing a lot of new data protection laws popping up (Data Governance Act, European Health Data Space Regulation, AI Regulation, etc.). I will ensure we stay focused and embed quality into everything we do.