Twitter Logo Youtube Circle Icon LinkedIn Icon

The Legal 500 Hall of Fame Icon The Legal 500 Hall of Fame highlights individuals who have received constant praise by their clients for continued excellence. The Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. In the United Kingdon, the criteria for entry is to have been recognised by The Legal 500 as one of the elite leading lawyers for eight years. These partners are highlighted below and throughout the editorial.
Click here for more details

United Kingdom > London > Risk advisory > Data protection privacy and cybersecurity > Law firm and leading lawyer rankings



Index of tables

  1. Data protection privacy and cybersecurity
  2. Leading individuals
  3. Next generation lawyers

Next generation lawyers

  1. 1

Who Represents Who

Find out which law firms are representing which Data protection privacy and cybersecurity clients in London using The Legal 500's new comprehensive database of law firm/client relationships. Instantly search over 925,000 relationships, including over 83,000 Fortune 500, 46,000 FTSE350 and 13,000 DAX 30 relationships globally. Access is free for in-house lawyers, and by subscription for law firms. For more information, contact


The 'practical and commercially-minded'privacy and data protection group at Bird & Bird LLP is highlighted for its 'speedy responses' and 'value for money'. It was instructed by Domino's Pizza on a substantial GDPR compliance project, acting both on the audit of processes and implementation of solutions. This substantial project included consideration of GPS tracking technologies embedded in vehicles and online advertising techniques. The team is headed up by 'standout' lawyer Ruth Boardman who has led complex and substantial GDPR projects for companies such as the Football Association. With a 'good depth of knowledge' and 'client management skills' Gabriel Voisin has experience acting for clients on compliance issues, as well as on cyber security, cookies and tracking technology threats.

The experienced data protection team at Bristows (Services) Limited¬†frequently handles complex compliance and strategic matters as well as investigations, breaches and contentious issues. The group, led by Mark Watts, is acting for Google's DeepMind in relation to investigations by the ICO of Royal Free's use of the client's technology. The team is also advising the same client on privacy aspects of the deployment of the technology in other NHS hospitals, as well as on GDPR compliance. The group is a popular choice for US-based companies, and advises on GDPR preparation for¬†McKinsey Consulting,¬†Kimberly-Clark and¬†Tennant Corporation on compliance projects. Other key names to note in this area are Christopher Millard¬†‚ÄĒ who is recommended particularly for advice within the technology and communication sectors ‚ÄĒ Robert Bond,¬†who joined the team from Charles Russell Speechlys LLP, and associate Hannah Crowther.

The data protection team at Dentons boasts an impressive client roster, which includes the additions of new clients Kelly Services and trade associations UK Finance and techUK. Practice head Nick Graham is the global chair of the firm's privacy and cybersecurity group and leads advice to John Lewis on data protection strategy, policy and data transfers issues. The department continues to act for First Data Corporation on obtaining local authorisations for its processors binding corporate rules, in addition to on GDPR compliance matters. Other key highlights include the team's work for Virgin which includes data protection governance advice in relation to Virgin Atlantic and Virgin Holidays' privacy, advertising and marketing matters, as well as on cyber risk issues to its telephone, mobile, broadband and TV services. Martin Fanning is a key name to note and has experience advising public sector bodies and financial institutions. Simon Elliottwas recently promoted to the partnership.

Highlighted as 'strong leaders' for data protection advice, the 'stellar' privacy, security and information law group at Fieldfisher¬†boasts 'deep bench strength' and the capabilities to advise on a full-range of issues. It handles complex compliance programs, where it is praised for 'finding practical solutions out of the most obscure data privacy requirements'. The practice has additionally been instructed to handle international data transfers, binding corporate rule applications, disputes and breaches. Clients include Pearson plc,¬†Just Eat, Adidas and the AA are all clients.¬†Hazel Grant¬†heads the team which includes¬†Phil Lee¬†‚ÄĒwho has been described by one client as 'one of Europe‚Äôs best privacy lawyers'. Other key names to note include Antonis Patrikios¬†and director Nuria Pastor.¬†The department has also benefited from the addition of Judy Krieg¬† from¬†Shepherd and Wedderburn¬†who has particular expertise in the financial services sector. Other changes to the team include Leonie Power's promotion to the partnership.

Hogan Lovells International LLP's privacy and cybersecurity team is instructed by large corporate and governmental bodies, and is highlighted particularly for its GDPR expertise and significant experience advising on international data transfer issues. Eduardo Ustaran heads up the practice which is instructed by Groupon and Cigna on compliance and strategy, and Verizon on the adoption of binding safe processor rules. In another work highlight the team acted for Aimia on its Nector loyalty programme, which required liaising with the ICO to agree suitable transparency and consent mechanisms. Sian Rudgard is a key name to note, particularly in relation to binding corporate rules.

Leveraging the firm's wider technology expertise, the data protection practice at Linklaters LLP is highlighted for its multi-jurisdictional advice. The team has been acting on substantial GDPR compliance and strategy, as well as in high-profile ICO investigations. Practice head Richard Cumbley attracts praise for his ability to 'come up with innovative ways to cut through difficult problems'. The team is instructed by large corporates including Disney, J Sainsburys, Thomson Reuters and BUPA, in addition to consultancy firm KPMG. Julian Cunningham-Day is highlighted for his 'strong client skills and practical, supportive advice' in this area. Associate Alaister Johnson is also recommended.

The 'responsive and knowledgeable' data protection and cybersecurity practice at Allen & Overy LLP handles compliance and strategic work, investigations and contentious matters as well as transactional support. The 'strong team' has been instructed by large companies such as GlaxoSmithKline, Endemol Shine Group and Four Seasons Hotels on GDPR preparation. In another work highlight it advised Allianz SE on data protection matters associated with its £1bn joint venture with Liverpool Victoria Friendly Society. It has also represented clients undergoing criminal investigation for data protection offences. The 'extremely knowledgeable and business-orientated Nigel Parker attracts praise for his 'ability to take on highly technical issues'; he jointly heads the practice alongside the 'pragmatic and personable' Jane Finlayson-Brown. Lawson Caisley, Sarah Henchoz, Mark Ridgway are key practitioners for cybersecurity matters.

The eight-partner data protection team at Baker McKenzie is headed up by Harry Small and has the capabilities to handle major multijurisdictional programmes. It is acting for a global media and entertainment company on international data transfer arrangements, strategy relating to cyber breach procedure and direct marketing issues. The group has also been instructed for large corporates following data breaches and cybersecurity threats. Julia Wilson has particular expertise in employment data protection issues. Sue McLean recently joined from Morrison & Foerster LLP.

CMS' data protection practice was significantly bolstered by its merger with legacy firms Olswang and Nabarro. The group was instructed by Microsoft to advise on a number of strategic matters, as well as on the creation of a guidlines aimed at assisting SMEs with GDPR compliance. In another work highlight, head of the digital and data team Elle Todd¬†‚ÄĒ who formerly headed up Olswang's practice ‚ÄĒ led on advice to easyJet on GDPR auditing, data mapping and on the implication of moving to a new database. The department also acts for¬†AIG plc in connection with its data breach insurance product.¬†Emma Burnett¬†continues to head up the group which also includes Sam De Silva, who has experience handling data protection and cybersecurity matters. The team's impressive client roster also includes Costco Wholesale Corporation,¬†Deliveroo and¬†Miniclips.

The 'user-friendly and sophisticated' data protection, privacy and security team at DLA Piper is highlighted for its 'sound, sensible and practical advice', particularly in the insurance,financial services, defence and life sciences sectors. The 'impressive' practice head Ross McKean 'combines specialist privacy, IT and industry knowledge', and led a team advising Tata Steel Europe on  both GDPR preparation planning and implementation of compliance strategy. In another work highlight, the team was instructed by the ICO to develop regulatory guidance on the changes to international data transfers resulting from the GDPR. Client also include Visa, Aviva and the London Stock Exchange.

Eversheds Sutherland (International) LLP boasts a 'very strong and experienced team' focusing on data protection, information and cybersecurity law, which offer 'excellent value for money'. With 'specialist knowledge and practical experience of data protection litigation' the team has the capabilities to handle significant strategic projects and contentious matters. In a significant mandate, the team was instructed by Santander UK on its UK GDPR compliance programme. The group also acted for an international IT services provider following a cyber-attack on its network, including risk advice, analysis of personal data laws and potential liability under contract law, negligence and other torts. Paula Barrett heads up the practice which also includes 'national expert'  Liz Fitzsimons, who attracts praise for her 'calm, practical, and measured advice'. Simon Morrissey has recently joined the team.

The full-service data protection and cyber security practice at Hunton Andrews Kurth LLP advises on compliance and strategic projects, commercial and transactional support, as well as acting for clients following cyber-attacks and data breaches. Aaron Simpson heads up the practice which includes the highly regarded Bridget Treacy and senior consultant Rosemary Jay. The group was instructed by Yahoo! in relation to a high profile cybersecurity attack and resulting global regulatory and legislative investigations. Treacy and Jay continue to be instructed by Google to provide advice on European and US privacy law. Morgan Stanley, Tiffany & Co and Time Out England are also clients.

Pinsent Masons LLP's information law team has been highlighted for its 'excellent service' and 'tailored,pragmatic and timely advice'. The team is instructed on both contentious and strategic matters, with particular experience in the financial services and technology sectors and acts for high-profile clients including TSB Bank, Google, Facebook and  Starship Technologies. The department has been advising  global medical device manufacturer on compliance solutions to enable the transfer of data to the US, following the invalidity of Safe Harbour. With an 'impressive grasp of technical detail' Marc Dautlich heads the global practice and is praised for his 'delivers clear and commercial advice' to both public and private sectors. David Barker is highlighted for contentious matters and heads the group's data protection litigation team and Ian Birdsey leads the cyber practice. Birmingham-based Cerys Wyn Davies is another key name to note.

PwC LLP benefits from being able to leverage its risk professionals, auditors, consultants, strategists and forensic experts alongside its 'high service' legal department. Led by practice head Stewart Room, the team is advising Spotify on its GDPR compliance project and privacy governance structures. The Information Commissioner's Office, Citi Group and the Financial Ombudsman are also all clients. The group includes the 'extremely helpful' James Drury-Smith  (who boasts a 'very good knowledge of the law and its practical application') and has been strengthened with the addition of Fedelma Good from Barclays.

Taylor Wessing LLP's 'very business focused' data privacy team boasts significant technology sector expertise and client care that is described as being 'second to none'. Practice head Vinod Bange led a team acting for Just Eat on its GDPR compliance project, which included complex advice on the implementation of cloud software, technical solutions and mobile marketing. The team is also instructed by Sega, Emirates NBD, and KPMG on GDPR compliance preparation. The team has supported the firm's private equity team advising Inflexion on data protection elements arising from the buyout of Virgin Experience Days. Changes to the team include the arrivals of senior counsel Jane Reeves from Thompson Reuters and associates Tamara Mackay-Temesy from CMS and Anna McGowan from Amec Foster Wheeler.

The 'helpful and efficient' team at Herbert Smith Freehills LLP is 'excellent on all fronts' and attracts praise for its 'appropriate advice and sensible approach'. The practice is jointly led by 'the exceptional' head of data protection and privacy Miriam Everett (who 'is commercial in her approach and provides technically sound advice'); the global head of cyber security Andrew Moir (who 'brings an unique blend of deep legal & technical IT expertise');and the 'responsive and helpful' Nick Pantlin, who heads up the national TMT and data department. The team has been instructed on several substantial GDPR compliance projects for clients such as Hays, British American Tobacco plc and Time Warner. Other key names to note include 'subject matter expert' Marcus Turle.

Technology and digital media specialist¬†Kemp Little LLP¬†has a strong data protection, privacy and cybersecurity practice.¬†Nicola Fulford heads up the data protection and privacy practice, while tech and telecoms lawyer Emma Wright¬†leads on the cybersecurity side. The department acts for clients such as British Telecommunications plc, Trainline and¬†Dentsu Aegis Network and, in addition to assisting with compliance projects, is often instructed to advise on new and evolving technologies using data.¬†Counsel¬†Anita Bapat¬†‚ÄĒ who has expertise across the full range of UK and EU¬†data protection and privacy law¬†‚ÄĒ joined from Hunton Andrews Kurth LLP.

Highlighted as being 'very good for cutting edge privacy advice', Latham & Watkins' information law, data privacy, and cybersecurity team combine 'the highest quality knowledge and industry experience' to 'deliver business appropriate advice'. The 'smart and ultra-commercial' Gail Crawford (who 'both leads in her space and provides practical application') heads up the team, which benefits from the addition of Ian Felstead who joined from CMS and specialises in contentious matters. The department's impressive client roster includes EY, Facebook and Addison Lee.

Ellen Temperton and Nick Walker jointly head Lewis Silkin LLP's data and privacy practice and focus on employment-related matters and disputes, respectively. A team led by Simon Morrissey is acting for Omnicom Group on a significant GDPR compliance programme, including auditing and implementation of solutions. In another work highlight, the department has assisting several PR agencies with data subject access requests from high profile individuals. The group is also instructed by the UK police force to provide ongoing advice on data issues. The Economist, Lush and IG Index are all clients.

The 'very responsive' data protection, privacy and cybersecurity team at Norton Rose Fulbright has been singled out for 'always providing good advice'. The group has been acting for clients on GDPR compliance projects, including for Mitsubishi Electric Corporation which it has been advising specifically on export of personal data to the client's headquarters in Japan, and other non- EU jurisdictions. The practice is also instructed by AIG to handle domestic and multi-jurisdictional data breach issues in connection with the clients cyber insurance product. This has included advising a global financial institution following a ransomware attack and a retailer on the legal implications of a data theft by a former employee. Marcus Evans heads the practice, which includes disputes lawyer Jonathan Ball, head of IP Michael (Mike) Knapper and Ffion Flockhart, who utilises her insurance background to advise large corporates and financial institutions.

The data protection, privacy and cybersecurity practice at Osborne Clarke LLP has experience acting for clients in the technology, financial services, retail and energy sectors. Mark Taylor heads up the practice and has been particularly focusing on GDPR compliance. Taylor is leading a team advising, and drafting guidance for, UK Finance and its members on the application of the regulation to the payments space. The team is also instructed by TripAdvisor to advise on both implementation of GDPR compliant processes and on subject access requests. 'Excellent tactician' Ashley Hurst frequently handles contentious data protection matters and Charlie Wedin represents clients in contentious cyber security issues. Will Robertson is a key name to note for advice relating to IT projects. Tamara Quinn joined the team from Bryan Cave Leighton Paisner LLP.

Paul Hastings LLP technology transactions group is highlighted for 'cost effective provision of expert advice'. The practice has experience advising clients on compliance and regulatory issues, as well data security threats. Changes to the team include the arrival of Sarah Pearce from Cooley (UK) LLP and the departure of Ashley Winton to McDermott Will & Emery UK LLP.

Attracting praise for its 'excellent level of client service', 'the truly experienced' IP, tech and data group at Reed Smith LLP  'combines high-qualified advice with good value for money'. The department is instructed on several complex compliance and regulatory projects. It also has experience handling cross-border data transfers, defending clients in litigation and advising on data related-issues arising from new technologies. The 'extremely knowledgeable' Cynthia O’Donoghue (who offers a 'customer-oriented approach' and the ability to 'find the best solution, from both the legal and technical points of view') heads up the practice which also includes recently promoted partner Philip Thomas, who is highlighted as being 'professional, and a delight to work with'. Senior associate Katalina Bateman is also singled out 'for her expertise in data protection and pragmatic approach'. Kate Brimsted left the practice to join Bryan Cave Leighton Paisner LLP.

The data and privacy practice at RPC is jointly headed up by  Oliver Bray and Keith Mathieson who focus on non-contentious and contentious issues respectively. A 'very experienced and capable litigator', Mathieson is defending Associated Newspapers in several data protection disputes, and acted alongside recently promoted partner Nicola Cain for Media Lawyers Association to draft responses to the government's 'call for views' on derogations to the GDPR. In another significant work highlight, the group is instructed by Facebook to advise of several issues including the impact of the GDPR and ePrivacy Regulation. Jon Bartley joined the group from Penningtons Manches LLP and is considered 'extremely strong in the field', with expertise in digital technology and e-commerce, data protection and cyber security.

The 'very knowledgably, pragmatic and commercial' technology sector group at Travers Smith LLP provides a 'excellent' and 'cost effective' data protection advice. The team has been instructed by the Cheque and Credit Clearing Company to advise on complex data transfer and protection aspects relating to the national implementation of an electronic image based cheque clearing system. Other work highlights include acting for Micro Focus on a substantial GDPR compliance project. Dan Reavill heads up the team which includes Louisa Chambers who is highlighted for her 'positive, proactive and engaging approach'. Shazam, Trainline and Zoopla are all clients.

Arnold & Porter's 'excellent' data protection and information law practice offers 'timely advice and practical help'. The team has been handlingcompliance projects for implementation of GDPR and e-privacy laws, with particular experience acting for clients in the life sciences sector. It has also represented clients in contentious matter and investigations. Richard Dickinson heads up the group which includes key lawyer for issues and advice relating to employee data, Henry Clinton-Davis The practice has been strengthened, particularly in the telecoms, media, and technology sectors, by Rob Bratby's arrival from Olswang.

The practice at Browne Jacobson LLP is instructed on contentious and non-contentious matters to provide compliance and strategic data protection, privacy, cyber-security and freedom of information law advice. The group advised London Electric Vehicle Company on a study for a new electric charging network utilising a personal data sharing arrangement with TfL, UK Power Networks and EA Technology. Practice head Mark Gleeson, and Nottingham-based Helena Wootton jointly led a team which acted for Vision Express (UK) data considerations relating to the purchase of Tesco Opticians.  Another key name to note is public and regulatory lawyer Ros Foster.

Highlighted for its 'knowledgble, pragmatic and informed advice', Bryan Cave Leighton Paisner LLP's data and cyber security team has been described as providing 'a platinum service'. The group is headed by Kate Brimsted who was previously at Reed Smith LLP, following the departure of Ian De Freitas to Farrer & Co. The department has been advising clients on implications of the GDPR, particularly in relation to international data sharing.  The team also handles transactional matters and advised a global company on compliance implications of its divestment from a wider corporate group.

The 'absolutely outstanding' privacy and data protection team at Cooley (UK) LLP acts for both large corporates and SMEs, and attracts praise for its 'great value for money'. It is instructed by several clients including software company Lumeon, TalentSky and US-based defence company Leidos on GDPR compliance programmes, which has included advising on matters of data processing, access and international data transfers. The group is  jointly led by Mark Deem and Ann Bevitt who focus on litigation and non-contentious compliance respectively. Former co-head Sarah Pearce left the team to join Paul Hastings LLP. Clients also include Lloyd's Market Association and the National Farmers Union Mutual Insurance Society.

The information law practice at DAC Beachcroft LLP acts for insurance and health sector clients in a full range of data protection, privacy and cyber security matters. The team was instructed by Lloyd's Market Association and the Association of British Insurers to consider and provide strategic advice on on the UK Data Protection Bill's application to the insurance industry. It also handles contentious work and successfully defended a large insurer client against an ICO Prosecution, for alleged breach of data protection laws. Rhiannon Webster heads the practice which includes head of cyber and data risk Hans Allnutt.

DWF's privacy and information law practice attracts praise for its 'value for money' and 'reliable, professional expertise delivered in a timely manner'. The group is known primarily for handling data breaches and contentious matters. Andrew Harris continues to defend Wm Morrison Supermarkets in claims resulting from the leak of employees information into the public domain by a former employee. John Benjamin heads up the practice and leads a team advising a major insurer on data considerations of its new projects and digital products. The 'very knowledgeable' team have also recently been instructed by new clients Bupa and Aviva. Joining the team from the Information Commissioners Office, Michele Voznick is a notable addition.

The multi-disciplinary data protection team at Harbottle & Lewis LLP is 'a pleasure to work with' and comprises of lawyers specialising in data, reputation management, technology and employment law. It was recently instructed by Virgin Atlantic Airways and Virgin Holidays on a substantial GDPR compliance project. In another work highlight the group advised Map Patient Healthcare of data privacy issues relating to its developing technology which would allow NHS patients to access real-time information about A&E departments. Daniel Tozer (who attracts praise for his 'timely and incredibly commercial advice') and Jo Sanders jointly head the practice which is highlighted as 'excellent value for money'.

Orrick, Herrington & Sutcliffe (Europe) LLP's 'extremely knowledgeable' cybersecurity and data protection practice is known its representation of clients in the technology sector on privacy matters. It has been handling several compliance projects ahead of implementation of the GDPR, including for Zoosk, and is highlighted for both its expertise on the GDPR and privacy matters and thorough understanding of product features and technology'. Practice head  Kolvin Stone is experienced advising on cross-border issues and attracts praise for 'managing his team to maximize the value of services'. Microsoft Corporation, GoPro and Lucozade Ribena Suntory are all clients.

Described as 'genuine experts in niche areas' of data protection law, Pritchetts Law Bristol-based team has been considered 'amazing value for money'. The practice is highlighted for its 'high quality but pragmatic advice', and is instructed on substantial compliant project in preparation for the GDPR by Unison, DFS Furniture and provider of student accommodation UPP Group. Singled out for her 'phenomenal reputation', Stephanie Pritchett is 'hugely experienced, commercial in her thinking' and 'takes a thorough and detailed approach to finding practical solutions'. Pritchett frequently handles a full range of data protection, freedom of information and privacy law for a broad client base. She is ably supported by Ben Wootton who boasts 'extensive commercial experience'.

Ropes & Gray LLP frequently acts for US-based clients on a range of international privacy and data security issues. The group has particular expertise advising investment funds and life sciences sector clients, including on global data flow, compliance and regulatory issues. It is also representing a private equity firm in investigations into a suspected personal data breach, alongside the firm's government enforcement and litigation teams. In another work highlight, the group is instructed by a Fortune 500 company in the health care sector on the extension and implementation of the entity’s binding corporate rules.  Rohan Massey heads up the London team which also includes counsel Clare Sellars and senior associate Robert Lister.

The data privacy, security and information rights group at the media and entertainment specialist firm Sheridans handles a range of data protection issues for global brands, national agencies and trade bodies. The team recently acted for Sport England on its GDPR compliance programme in addition to advising on a project utilising data to increase physical participation in physical exercise. In another work highlight Eitan Jankelewitz, who heads the practice alongside Philip James, is instructed by Internet Advertising Bureau to draft codes of practice for the online advertising industry. James has particular expertise advising on cyber risk and fraud prevention.

Simmons & Simmons data protection and privacy group is headed up by the 'intuitive and astute' Alexander Brown. The department is noted for its expertise in the financial sector and is instructed by HSBC on data protection and digital matters. It is also acting for Telefónica UK on all data protection compliance matters and advised on its project preparing for the GDPR. Beyond advising financial institutions and telecoms clients, the team has particular expertise acting for investment funds, technology and life sciences companies. Recently promoted partner Lawrence Brown is highlighted for his 'methodical approach'.

Stephenson Harwood's data protection and information law team is recommended for 'pragmatic advice and competitive fees'. The group has experience advising on GDPR compliance issues and data transfer agreements and registrations. Clients include those in the financial services, pharma and life sciences sectors. The 'pragmatic and experienced' practice head Jonathan Kirsop  attracts praise for his ability to 'work effectively with both lawyers and colleagues in the business' on a range of matters.

James Castro-Edwards heads up the data protection practice at Wedlake Bell LLP. The practice has experience handling data protection compliance projects spanning several jurisdiction, and has also advised in response to data breaches. Adrian Heath-Saunders is another key name to note.

Womble Bond Dickinson (UK) LLP's team boasts the capabilities to handle contentious and non-contentious matters data protection, privacy and information law advice. The group has particular experience acting for clients in the retail and financial services sector, and advised clients in these industries on GDPR compliance programmes. In another work highlight, it represented an international telecoms provider following fruadsters accesing customer data. The team also acted for London Borough of Lewisham in a high profile information request. Andrew Kimble leads the data protection and privacy practice which includes Jackie Gray and Andrew Parsons, who are recommended for freedom of information law issues and contentious data and privacy matters respectively. Caroline Churchill was recently promoted to the partnership.

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs

Press releases

The latest news direct from law firms. If you would like to submit press releases for your firm, send an email request to

Legal Developments in the UK

Legal Developments and updates from the leading lawyers in each jurisdiction. To contribute, send an email request to

Press Releases in the UK

The latest news direct from law firms. If you would like to submit press releases for your firm, send an email request to