Natascha Gerlach’s practice focuses on electronic discovery and European data protection law.

Natascha is managing the European eDiscovery Group from our Brussels office. Her team specializes in advising on the collection and systematic investigation and production of data throughout the life cycle of investigations, for litigation and arbitration purposes, or in the M&A space.

Natascha also advises clients on dawn raid proceedings and focuses on all aspects of data protection and privacy issues.

Natascha is a frequent speaker at international conferences on cross border data transfers topics and has published extensively on a number of data protection topics.

Natascha joined the firm in 2008 in our Washington, D.C., office and became a senior attorney in 2015.

Notable Experiences

  • European Company Lawyers Association in an amicus curiae brief filed before the U.S. Supreme Court in support of the respondent in the United States of America vs. Microsoft Corporation case, raising GDPR-related arguments

  • GDPR readiness and ongoing compliance advice to various clients with EU and Non-EU operations 

  • Advising clients across multiple industries regarding data protection compliance in internal investigations, litigation based discovery, and in responding to government requests for information and subpoenas

  • Assessment and drafting of bespoke IT and privacy policies including cookie compliance, online offerings, and international data transfer agreements

  • Advice on data breaches, controller-processor relationships, data use in marketing, and data consumer issues

  • Advising on transactional matters, in particular with respect to the data protection aspects of cross-border acquisitions

  • Pro bono advice regarding GDPR compliance to non-governmental organizations

See More

Selected Activities

  • Member, Advisory Board, Georgetown Law Advanced eDiscovery Institute 
  • Member, Steering Committee, ABA Cross-Border Conference, Munich 2017

  • Chair, The Sedona Conference WG 6
  • Co-chair, Cleary Gottlieb European Data Privacy Group
  • Regularly publishes and speaks on panels on data protection, including at the CPDP in Brussels, LegalTech, The Sedona Conference International Program, Georgetown Law Advanced eDiscovery Insitute and the ABA National Institute on E-Discovery
  • Member, Sedona Conference WG 6 on International Electronic Information Management, Discovery and Disclosure
  • Co-chair, Sedona WG 6 EU Developments Business Committee
  • Chair, Sedona WG 6 Steering Committee


UK Supreme Court Rules in Favour of Google in Data Protection Class Action Claim,” Cleary Gottlieb Alert Memo, November 16, 2021.

The ‘New‘ Dominion of Privacy Law: Virginia Becomes Second State to Pass Comprehensive Consumer Data Privacy Act,” Cleary Gottlieb Alert Memo, July 6, 2021.

Schrems II: The CJEU Declares EU-U.S. Privacy Shield Invalid, Upholds the SCCs And Calls On 27 Supervisory Authorities to Ensure Their Compliance,” Cleary Cybersecurity and Privacy Watch, July 17, 2020. 

The Dilemma of the Part-Time DPO – Lessons Learned from the Proximus Decision of the Belgian Data Protection Authority,” Cleary Cybersecurity and Privacy Watch, May 7, 2020.

U.S. CLOUD Act’s Potential Impact on the GDPR,” Cleary Gottlieb Alert Memo (republished by the Columbia Law School Blue Sky Blog), September 3, 2019.

CJEU Judgment in the Fashion ID Case: The Role as Controller Under EU Data Protection Law of the Website Operator that Features a Facebook ‘Like’ Button,” Cleary Cybersecurity and Privacy Watch, August 2, 2019.

Winter Is Here: The GDPR Shows Its Teeth in a String of Major Fines,” ABA Cross-Border Institute, July 2019.

Europe and Japan Towards the Future – the First Post GDPR Adequacy Decision of the European Commission,” The Sedona Conference, June 2019.

“Legal Holds and the GDPR: Practical Advice” (co-author with Taylor Hoffmann), Bloomberg Law, February 22, 2019.

“Managing Cross-Border Data Privacy Compliance,” R&C Journal, Jan-Mar 2018

“Privacy in M&A Transactions: Navigating the Traps,” Cleary M&A and Corporate Governance Watch, October 24, 2016

“Is there life after [Safe Harbor’s] death?” Sedona WG6 EU Developments News Flash, October 1, 2015

Reports of my death have been greatly exaggerated’: The European Advocate General’s opinion on data transfers under Safe Harbor,” Sedona WG6 EU Developments News Flash, October 1, 2015

“Russia’s Proposed Data Localization Law: Digital Sovereignty Is the New Black,” Sedona WG6 EU Developments News Flash, July 22, 2015

“Into the Unknown—The proposed EU General Data Protection Regulation and its Potential Effect on Transborder Data Flows,” Bloomberg BNA, 2015

“Storm Clouds Gathering for Cross-Border Discovery and Data Privacy: Cloud Computing meets the U.S.A. Patriot Act,” The Sedona Conference Journal® - Volume 13, September 2012

“Regulating The Internet—A Futile Effort? The Case of Privacy in a Comparative German-Canadian Study,” Queen’s University, Kingston, Ontario, Canada, 1999

“Die Ehe im Presserecht,” Medienrecht im Wandel—Festschrift für Manfred Engelschall, Nomos, 1996


November 9, 2021
Pass the Scones: Navigating the UK Data Protection Jam

July 21-23, 2021
2021 ABA Cross-Border Virtual Institute: The Intersection of Global Discovery, Privacy, and Data Security

March 30, 2021
Open Secrets: Threats to Confidentiality and Other Discovery Developments

November 12, 2020
2020 Global Advanced eDiscovery Institute

August 7, 2020
2020 ABA Cross-Border Virtual Institute: The Intersection of Global Discovery, Privacy, and Data Security

February 10, 2020
The Sedona Conference Working Group 6 Annual Meeting 2020

November 21, 2019
Georgetown Law 2019 Advanced eDiscovery Institute

November 6, 2019
U.S.-UK-EU Cross-Border Data Transfers After Brexit

July 25-26, 2019
2019 ABA Cross-Border Institute: The Intersection of Global Discovery, Privacy, and Data Security

June 18-19, 2019
11th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws

May 15, 2019
The Tension Between Data Protection Compliance and Investigatory Demands

May 8, 2019
GDPR One Year Later – The Discovery Diaries

January 14, 2019
The Sedona Conference Working Group 6

November 15, 2018
Georgetown Law 15th Annual eDiscovery Institute

October 1, 2018
The Sedona Conference Webinar on Achieving Compliance with the GDPR in U.S. Legal Proceedings

July 26, 2018
Second Annual ABA Cross-Border Discovery Institute: The Interplay between E.U. Data Protection and U.S. Discovery

June 18-19, 2018
The 10th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws

May 18, 2018
Faculty at the ABA 12th Annual National Institute on E-Discovery, Chicago

November 16-17, 2016
A New E.U. Framework: Internal Investigations, Discovery, and Data Protection Rules

November 16-17, 2016
Faculty at Georgetown Law Advanced eDiscovery Institute

November 11, 2016
Faculty at Georgetown Law Advanced eDiscovery Institute

June 7, 2016
Co-Chair of the 8th Annual Sedona Conference International Programme on Cross-Border Discovery and Data Protection Laws in Berlin

May 20, 2016
Faculty at the ABA Tenth Annual National Institute on E-Discovery, Chicago

November 12, 2015
The Sedona Conference Webinar: The Future of Safe Harbor: Where do cross-border eDiscovery and data transfers go from here?

May 20, 2015
The Sedona Conference Webinar: The Proposed European Union General Data Protection Regulation

May 15, 2015
Faculty at the ABA Ninth Annual National Institute on E-Discovery, New York

July 23, 2014
Faculty of the 6th Annual Sedona Conference London

July 17, 2014
ALM Virtual Corporate Counsel Forum webinar: The Snowden Effect – How the landscape of cross-border discovery may be impacted by recent events

February 1, 2012
LegalTech 2012 New York

January, 26, 2012
CPDP Conference: European Data Protection: Coming of Age