The Legal 500

Twitter Logo Youtube Circle Icon LinkedIn Icon


Work 020 7212 1616
Fax 020 7212 1570
Alicante, Almaty, Baku, Bangkok, Barcelona, Beijing and 76 more

Stewart Room

Work 07711588978

Work Department

Cyber security and data protection.


Global head of cyber security and data protection, PwC Legal; UK national practice lead for data protection, PwC; co-lead of PwC Global Data Privacy Centre of Excellence. Important cases include: Information Commissioner v Brighton & Sussex University Hospitals NHS Trust (2012); Information Commissioner v NHS Surrey (2013); Central London Community Healthcare NHS Trust v Information Commissioner (2013); Information Commissioner v Marks & Spencer plc (2008); Information Commissioner v Global Investigations (2007). Specialist areas: representing data controllers in regulatory enforcement proceedings brought by Information Commissioner for breaches of data protection law; advising on the handling of cyber security and data privacy breaches; advising businesses on change management methodologies and approaches for data protection and cyber security; all aspects of regulatory compliance including transborder data flows. Core industry focus includes: technology, media and telecommunications; retail and consumer; hospitality and leisure; healthcare, life sciences and pharmaceuticals. Clients have included: Accenture, Barclays Bank, BBC, BNP Paribas, British Gas, BskyB, Credit Suisse, Dell, EMC, HP, LinkedIn, Marks & Spencer, McAfee, NBC Universal, News UK, Orange, Oracle, Pearson, Post Office, Reckitt Benckiser, RSA, Sony, Symantec, Thomson Reuters, Vodafone, Unilever. Recent client wins include: Associated British Foods, BBC Worldwide, Shire Pharmaceuticals, Post Office, Imprivata.


Qualified as a barrister 1991; qualified as a solicitor 2002. 169 Temple Chambers 1991-97; 8 Stone Buildings 1997-2000; Law Solutions Ltd 2000-01; Rowe Cohen Solicitors 2001-07; Field Fisher Waterhouse LLP 2007-14; PwC Legal LLP 2014. Current directorships: director and co-founder, The Cyber Security Challenge UK. Publications of note: books, as author: Butterworth’s Data Security Law and Practice (2009); Email: Law, Practice and Compliance (2008); Data Protection and Compliance in Context (2006). Books, as co-author: IAPP European Data Protection Law (2012); Outsourcing Law and Practice (2008). Journals, as editor: Cyber Security Law and Practice (2015).


University of Birmingham (1987-90 LLB); Inns of Court School of Law (1990-91 BVC); University of London (2002-04 LLM).


Guitarist, running.

London: Risk advisory

Data protection privacy and cybersecurity

Within: Data protection privacy and cybersecurity

PwC LLP benefits from being able to leverage its risk professionals, auditors, consultants, strategists and forensic experts alongside its 'high service' legal department. Led by practice head Stewart Room, the team is advising Spotify on its GDPR compliance project and privacy governance structures. The Information Commissioner's Office, Citi Group and the Financial Ombudsman are also all clients. The group includes the 'extremely helpful' James Drury-Smith  (who boasts a 'very good knowledge of the law and its practical application') and has been strengthened with the addition of Fedelma Good from Barclays.

[back to top]

IHL Briefings

If your firm wishes to publish IHL Briefings or articles, please contact Antony Dine on +44 (0) 207 396 9315 or


Heat, friction and violent collision – GCs face challenge and opportunity on data security

May 2016. By Stewart Room

PwC Legal’s Stewart Room warns that emerging regimes on data protection and cyber security will present new challenges for GCs. If you’re observing the developing legal environment for cyber security and data protection and just happen to have an interest in star-gazing, you might have an image of a planetary nebula in your mind’s eye, the universal womb and nursery for new planets and stars. [Continue Reading]

Back to index

Legal Developments by:

Legal Developments in London

Legal Developments and updates from the leading lawyers in each jurisdiction. To contribute, send an email request to