Our experts

Cosimo Monda

Cosimo Monda is the Director of the Maastricht European Centre on Privacy and Cybersecurity (ECPC), which has been established in 2016 at the Law Faculty, Maastricht University.

At ECPC his work has a strong European and international outlook in the field of privacy and cybersecurity, steering an interdisciplinary group of researchers, academics and professionals active in areas of fundamental rights, data privacy, transparency and confidentiality, IT, data security, and more. Cosimo Monda has a longstanding experience in designing executive education, certification courses and online learning modules for professionals who are required to deal with new regulations and on-going developments in the privacy and cybersecurity market. Before joining Maastricht University, he was working at the European Institute of Public Administration, as Senior Lecturer and Head of Information, Publications, and Marketing services. He holds a Law Degree obtained at the University of Bologna.

His fields of expertise include Data Protection and Cyber security, EU Information Management; Transparency and access to documents; EU Agencies; EU decision-making procedures and Institutions and EU law. 

Anna Pouliou

Anna Pouliou is an internationally recognized data protection expert with over 15 years of experience in this field. She is a qualified attorney and has held leading roles and led privacy teams in major global corporations but also worked as a partner in the Big4, offering data protection advisory services to private and public sectors alike. In February 2024, she was appointed Chair of the Data Protection Commission at CERN, the data protection supervisory authority of the European Organization for Nuclear Research.

 Anna is also a lecturer and senior fellow in Data Governance, International Privacy Laws, Artificial Intelligence and other related topics at the Universities of Saint-Gallen and Maastricht as well as a regular speaker on technology, IoT, AI, digitalization and data protection with over 100 speaking engagements delivered around the world. She has been teaching at the Data Protection Academy training DPAs globally as well as DPOs in humanitarian action for the United Nations, the Red Cross and other NGOs in Africa and in Asia. Anna is multilingual, speaking a total of seven languages.

Throughout her career, Anna has been actively involved in the advocacy discussions in Brussels and Washington DC since the birth of the GDPR as well as in the international debate on data transfers. Between 2017 and 2022, she was one of the 27 members of the GDPR Multi-Stakeholder Expert Group advising the European Commission on GDPR implementation on behalf of Business Europe. She has also accompanied the European Commission during bilateral discussions on data protection with the US Congress, the governments and privacy regulators of India, Indonesia, Singapore and during multilateral ones at the G20 in Japan. Anna has also acted as National Rapporteur for data protection for the International Federation for European Law (FIDE) in the team of Prof. Vassilis Skouris, former President of the Court of Justice of the European Union. 

Paul Breitbarth

Paul Breitbarth a privacy lawyer from the Netherlands. He currently works as Data Protection Lead for Catawiki, the leading online auction marketplace to buy and sell special objects. In addition, Paul works as Senior Visiting Fellow at Maastricht University’s European Centre on Privacy and Cybersecurity, and serves as Member of the Data Protection Board of the European Patent Office. He is a regular speaker on webinars and at conferences, and co-hosts the Serious Privacy podcast. 

Previously, Paul worked both in the public and private sector in multiple privacy roles, including at TrustArc, Nymity and the Dutch Data Protection Authority. He was an active member of various Article 29 Working Party subgroups, co-authoring opinions on the data protection reform, surveillance, the Privacy Shield and others. In 2015, he organized the International Privacy Conference in Amsterdam. Paul holds a Master of Laws from Maastricht University in the Netherlands.

Paolo Balboni

Paolo Balboni (PhD) is a Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. His main research focuses are cybersecurity, data management/sharing and data protection as a corporate social responsibility, which together can be used to help organisations responsibly further their economic targets and at the same time positively contribute to the development of a fair data-centric society.

Qualified lawyer specialized in ICT, Privacy & Cybersecurity admitted to the Milan Bar and registered to the Amsterdam Bar. He is a Founding Partner of ICT Legal Consulting (ICTLC), an international law firm, and ICT Cyber Consulting, a company specialized in information/data security. Prof. Dr. Balboni is a Recommended Lawyer ranked by The Legal 500 EMEA 2023 in the areas of Data Privacy and Data Protection and Industry Focus: TMT. He is the Chairman of the European Patent Office (EPO) Data Protection Board, Member of the EUMETSAT Data Protection Supervisory Authority, Member of the Europrivacy Board of Experts, Member of the European Commission’s Expert Group on B2B data sharing and cloud computing contracts, and of the Cloud Security Alliance’s AI Safety Expert Group. Prof. Dr. Balboni furthermore advises governments on national matters concerning cybersecurity and privacy and in 2018, he drafted the national Surinamese Privacy and Data Protection Law.

Andreea Lisievici Nevin

Andreea Lisievici Nevin is a Romanian lawyer based in Sweden, with a rich experience advising global organizations on EU data protection and tech law. Her career spans leading law firms as well as  senior in-house roles at Volvo Cars and Boeing, spearheading global privacy compliance initiatives for cutting-edge technologies. She is now Managing Partner of ICTLC Sweden where she continues to help organizations operationalize digital law compliance while mentoring the next generation of privacy professionals through her hub PrivacyCraft.
Recognized as a Fellow of Information Privacy, Andreea holds multiple certifications in the field and is a Visiting Fellow at the Maastricht University.

Yazan Al-Masri

Yazan Al-Masri is a renowned Cybersecurity and Privacy advisor, helping organizations develop an effective Information security and Privacy Programs. Yazan is a regular teacher in Maastricht University's Advanced Master in Privacy, Cybersecurity and Data Management. He holds a Masters Degree in Information Security and Digital Criminology with 25 years of international level experience in Information Security, Data Privacy, Business Continuity & Risk Management, IT Service Management, IT Infrastructure and Project Management. He has a proven track record of implementing complex cross-functional IT Security strategic initiatives, Network Infrastructure as well as IT service Support/delivery strategies to support corporate mandate.

Laura Senatore

Partner at ICT Legal Consulting, she is a lawyer specialised in Data Protection, Artificial Intelligence Law, and emerging technologies. She provides strategic and operational legal advisory to Italian and multinational clients across sectors such as insurance, large-scale retail (GDO), tourism, digital health, e-commerce, and mobile apps, also acting as outsourced DPO. She advises on AI compliance for different companies, including a multinational signatory of the EU AI Pact, for which she helped develop its AI Compliance Framework.

A Certified Data Protection Officer and AI Trust and Privacy Compliance Officer (ECPC – Maastricht University), she is also a Lead Auditor for ISO/IEC 27001:2022, ISO/IEC 27701:2019, ISO/IEC 42001:2023, and Europrivacy®. She is recognised as “Maestro della Protezione Dati & Data Protection Designer®” and listed with the Istituto Italiano per la Privacy e la Valorizzazione dei Dati.

She joined ICT Legal Consulting in 2017, after practicing privacy, civil, and banking law. She graduated with honours from the University of Salerno—her thesis explored the evolving economic value of personal data—and completed an internship at the Italian Data Protection Authority. Member of the Salerno Bar, she is fluent in Italian, English, and French.

Gianclaudio Malgieri

Joyce Groneschild

Joyce Groneschild is the Deputy-Director of the European Centre on Privacy and Cybersecurity (ECPC) at the Faculty of Law. Joyce is a strategic marketing specialist with a strong focus on value co-creation. She has a longstanding experience in running executive education programmes for professionals, managing large projects and developing executive programmes to fit organisations’ needs globally.