Senior Associate | Attorney at law
IT, Privacy & Cybersecurity
Jeroen van Helden acts as lead counsel in matters concerning IT transactions and IT disputes. He also advises clients in the event of cyber attacks and cyber incidents. Jeroen has specific expertise in software licensing, data protection, IT contracts and compliance issues, and enjoys sharing his IT law knowledge and enthusiasm for his field through professional journals, seminars and courses.
Jeroen works a great deal for IT companies ranging from cloud service providers, app builders and managed service providers, to cybersecurity experts. On the buyer side, he frequently works for government authorities, international organisations and companies in the education, healthcare and transport sectors. He is just as enthusiastic about engaging with a CEO on a strategic matter as he is about working with in-house counsel on a complex case. He takes a result-oriented, meticulous and discreet approach to his work.
Jeroen studied Law at the University of Amsterdam and the University of Michigan, graduating cum laude. In 2022, he successfully completed the Grotius specialist programme in Information Technology Law (also cum laude) and in 2023 the specialist programme in Cybercrime & Cybersecurity at Leiden Law Academy.
During his studies, Jeroen worked as a coach in European legal history, gained experience at a law firm in The Hague, and learnt website programming. After earning his Master’s degree, he worked for the government for several years as an IT lawyer, before joining the De Clercq technology team in 2018.
Jeroen’s daily practice involves providing advice and litigating in the field of IT law on matters such as transactions for cloud services (SaaS, PaaS, IaaS), the implementation of ERP systems, or complex international privacy issues. He has extensive experience in resolving IT-related disputes, whether by mediation or arbitration, or before the public courts. He is also frequently called upon to assist in the event of major cyber attacks or other cyber incidents, including ransomware attacks, DDoS attacks, CEO fraud, or theft of trade secrets.
Lead counsel for an international organisation in relation to multi-million euro transactions for the use of Google Cloud and AWS (IaaS, PaaS).
Providing advice to a major Dutch e-learning provider regarding a transaction for using a learning management platform (PaaS, SaaS).
Lead counsel for a Dutch software developer with respect to transactions with various research institutions and technology companies in countries such as the U.S., Australia and Switzerland.
Providing advice to a managed service provider in the wake of a major ransomware attack.
Representing a Dutch IT company in a court case relating to a failed agile software development project, which resulted in the plaintiff’s claim of over a million euros being dismissed.
Providing advice to a Dutch company involved in a dispute with an American technology company about matters including unilateral modification of the licence metrics of a low-code platform.
Representing a Dutch/Spanish retailer in international mediation proceedings concerning a failed ERP implementation, resulting in damages from both the software supplier and the implementation partner.
Providing advice to a Dutch SaaS provider on the status of a SaaS solution developed for use in hospitals, under the Medical Devices Regulation (MDR).
Providing advice to an international organisation regarding defence against a multi-million euro claim filed by a U.S. software vendor relating to additional use of on-premises software in connection with a data centre migration.
Representing a Dutch government organisation in a historical arbitration case concerning a failed IT project. It resulted in the recovery of tens of millions of euros from the IT supplier for the benefit of the Dutch taxpayer.
IT, Privacy & Cybersecurity
30 June 2025
In December 2023, 'Bumble for Friends'—a feature of the dating app Bumble—used AI to generate 'AI icebreakers.' These are messages that users can use to 'break the ice' with their matches. To generate these AI icebreakers, AI technology (powered by OpenAI’s ChatGPT) is employed. In doing so, Bumble uses users’ personal profile information as input and shares (sensitive) personal data with OpenAI.
IT, Privacy & Cybersecurity
5 June 2025
In recent years, we’ve seen that new laws and regulations are placing increasingly specific requirements on ICT service providers. Consider, for example, the GDPR (which outlines tasks and responsibilities for the “processor”), the Cybersecurity Act (which mandates supply chain security and directly applies to “business-to-business ICT service providers”), and the AI Regulation (which imposes specific obligations and responsibilities on the “provider”). It’s no surprise, then, that this trend is also reflected in more and more guidelines and codes of conduct, including the Notarial Information Security Code of Conduct (hereinafter: “KNB Code of Conduct”). Given that the Royal Dutch Notarial Association (KNB) had 3.497 members at the beginning of 2025, there’s a good chance that, as an ICT service provider, you count at least one affiliated notary among your clients. This blog outlines what the Code of Conduct means for you as an ICT service provider.
IT, Privacy & Cybersecurity
27 May 2025
When the municipality of Amersfoort intended to award a contract for a management system to the winning bidder, a losing bidder initiated preliminary relief proceedings. The bidder questioned the expertise and independence of the review committee. In his ruling, the preliminary relief judge provides a clear overview of the legal framework applicable to such a situation.