Image

Nicole Wolters Ruckert

Counsel

Nicole heads A&O Shearman’s Data & Privacy practice in Amsterdam and specializes in data protection and technology.

She advises both local and international companies on a wide array of data (protection) matters ranging from data protection compliance, advising on new data-driven business models and products to assisting client in enforcement processes conducted by the relevant supervisory authorities. The clients of the Amsterdam Data & Privacy practice originate from various sectors: finance, insurance, IT, facilities providers, large travel platforms and automotive companies.

An important part of her practice involves advising on the data protection implications of the GDPR and the e-Privacy Directive (or future e-Privacy Regulation) including assisting client with and advising on cyber incident and personal data breaches, international transfer of (personal) data and data governance questions. The Amsterdam Data & Privacy practice advises on technological developments like Internet of Things, AI and Big Data. In that context the Dutch Data & Privacy team also advises on the EU emerging digital regulations such as the Data Act and the EU AI Act. Nicole has specific experience advising on the data protection aspects of marketing and online advertising (i.e. ad tech). Nicole provides regulator presentations on this topic and is a lecturer for the VPR-A (a specialization course of data protection lawyer).

Nicole is ranked in Chambers and in Legal 500.

Expertise

Industries

Experience

Representative matters

  • A large data broker in a GDPR enforcement.
  • A large cloud and digital infrastructure with a cyber incident and the subsequent investigation by the supervisory authority.
  • The Dutch branch of a French bank with a personal data breach – that was leaked in the press – and that occurred in the context of a whistleblowing notification.
  • A multinational travel platform with pan-European cookie rules compliance (e-Privacy Directive and GDPR) and providing strategic advice on discussion with the regulator.
  • A large insurance company on the processing of ‘criminal data’ and the applicable boundaries.
  • A conglomerate of banks on collective transaction monitoring by the banks in the context of anti-money laundering and anti-terrorism financing.
  • A large non-EEA bike manufacturer on GDPR and e-Privacy compliance.
  • A multinational publishing company on data and AI governance, international data transfer, a global privacy policy, personal data breaches and EU enforcement actions.
  • A large recruitment company on data governance and GDPR compliance.
  • A large Dutch portfolio company on the implementation of Binding Corporate Rules (BCR).
  • A large lighting company on the implementation of the EU Data Act and its implications.

Speaking Engagements

Lecturer VPR-A (specialization course for data protection lawyers)

Leadership Positions And Professional Affiliations

Membership IAPP

Membership VPR

Qualifications

Admissions

Listed in the register of legal practice areas of the Dutch Bar Association for ICT-recht (privacy recht)
Disclaimer
A&O Shearman was formed on May 1, 2024 by the combination of Shearman & Sterling LLP and Allen & Overy LLP and their respective affiliates (the legacy firms). Any matters referred to above may include matters undertaken by one or more of the legacy firms rather than A&O Shearman.