Senior Associate | Attorney at law
IT, Privacy & Cybersecurity
Jeroen van Helden acts as lead counsel in matters concerning IT transactions and IT disputes. He also advises clients in the event of cyber attacks and cyber incidents. Jeroen has specific expertise in software licensing, data protection, IT contracts and compliance issues, and enjoys sharing his IT law knowledge and enthusiasm for his field through professional journals, seminars and courses.
Jeroen works a great deal for IT companies ranging from cloud service providers, app builders and managed service providers, to cybersecurity experts. On the buyer side, he frequently works for government authorities, international organisations and companies in the education, healthcare and transport sectors. He is just as enthusiastic about engaging with a CEO on a strategic matter as he is about working with in-house counsel on a complex case. He takes a result-oriented, meticulous and discreet approach to his work.
Jeroen studied Law at the University of Amsterdam and the University of Michigan, graduating cum laude. In 2022, he successfully completed the Grotius specialist programme in Information Technology Law (also cum laude) and in 2023 the specialist programme in Cybercrime & Cybersecurity at Leiden Law Academy.
During his studies, Jeroen worked as a coach in European legal history, gained experience at a law firm in The Hague, and learnt website programming. After earning his Master’s degree, he worked for the government for several years as an IT lawyer, before joining the De Clercq technology team in 2018.
Jeroen’s daily practice involves providing advice and litigating in the field of IT law on matters such as transactions for cloud services (SaaS, PaaS, IaaS), the implementation of ERP systems, or complex international privacy issues. He has extensive experience in resolving IT-related disputes, whether by mediation or arbitration, or before the public courts. He is also frequently called upon to assist in the event of major cyber attacks or other cyber incidents, including ransomware attacks, DDoS attacks, CEO fraud, or theft of trade secrets.
Lead counsel for an international organisation in relation to multi-million euro transactions for the use of Google Cloud and AWS (IaaS, PaaS).
Providing advice to a major Dutch e-learning provider regarding a transaction for using a learning management platform (PaaS, SaaS).
Lead counsel for a Dutch software developer with respect to transactions with various research institutions and technology companies in countries such as the U.S., Australia and Switzerland.
Providing advice to a managed service provider in the wake of a major ransomware attack.
Representing a Dutch IT company in a court case relating to a failed agile software development project, which resulted in the plaintiff’s claim of over a million euros being dismissed.
Providing advice to a Dutch company involved in a dispute with an American technology company about matters including unilateral modification of the licence metrics of a low-code platform.
Representing a Dutch/Spanish retailer in international mediation proceedings concerning a failed ERP implementation, resulting in damages from both the software supplier and the implementation partner.
Providing advice to a Dutch SaaS provider on the status of a SaaS solution developed for use in hospitals, under the Medical Devices Regulation (MDR).
Providing advice to an international organisation regarding defence against a multi-million euro claim filed by a U.S. software vendor relating to additional use of on-premises software in connection with a data centre migration.
Representing a Dutch government organisation in a historical arbitration case concerning a failed IT project. It resulted in the recovery of tens of millions of euros from the IT supplier for the benefit of the Dutch taxpayer.
IT, Privacy & Cybersecurity
2 September 2025
Not all public contracts are subject to procurement obligations. For example, an exception applies to contracts in the field of defence and security. But what if a contracting authority invokes that exception, while a market party has doubts about its applicability?
IT, Privacy & Cybersecurity
1 September 2025
The Health and Youth Care Inspectorate (IGJ) recently published its findings on the state of digital healthcare at eight very large elderly care providers. The conclusion? While many providers have established the necessary preconditions, they do not yet demonstrably comply with information security standards such as NEN 7510. This poses a risk both to clients and to the organization itself.
IT, Privacy & Cybersecurity
18 August 2025
Jeroen van Helden authored an annotation in the journal Computerrecht regarding a recently published ruling by the District Court of Northern Netherlands. Noord-Nederland.