Data protection, privacy and cybersecurity in London

Bird & Bird LLP

The 'top-notch' team at Bird & Bird LLP is often retained by household names, including BT and Domino's Pizza, on large cross-border data protection mandates. The group is active across a wide range of sectors, including tech, media, pharmaceutical, healthcare and telecom. The practice's leadership is split between Ruth Boardman, who is highly regarded as 'an outstanding leader and well recognised and respected in the privacy field', and James Mullock, whose expertise spans GDPR compliance projects and data breach incidents. Gabriel Voisin has 'profound knowledge of data protection issues and always provides practical business-friendly advice' and is another key name alongside legal director Elizabeth Upton, who is well versed in GDPR compliance and international data transfers.

Practice head(s):

Ruth Boardman; James Mullock

Other key lawyers:

Gabriel Voisin; Elizabeth Upton; Alex Dixie; Alex Jameson; Katerina Tassi; Emma Drake


‘The B&B Privacy practice is top notch. Ruth Boardman is an outstanding leader and is very well recognised and respected in the privacy field. Ruth and the privacy team leadership have assembled very strong privacy team with experts located throughout the world and experience that ranges across a variety of industries. I will keep going back to B&B for their strategic thinking, connections in the privacy space and practical advice (for a very reasonable rate).’ 

‘I have worked with Elizabeth Upton for years and I will continue to seek out her practical guidance that works for a fast-paced and scaling tech company.’ 

‘Ruth Boardman is the most widely recognised and highly respected practitioner in the privacy legal world. She is a walking encyclopaedia on privacy matters, and she is always available to her clients. Her advice is sound and practical. She takes a risk-based approach and has the ability to simplify complex legal issues.’ 

‘Ruth Boardman, Alex Jameson and Katerina Tassi are all exceptional professionals. Their advice is thorough and practical, and they take great care to know the company to ensure that their guidance is tailored to the specific business needs. They’re also a pleasure to work with. They’re kind, responsive and empathetic. I would recommend Ruth’s team to any company.’ 

‘We have worked with Alex Dixie now for several years. He brings outstanding knowledge of the digital/AdTech industry and is able to take complex issues and break them down simply for a business audience whilst applying a commercial mindset to thinking through challenges.’ 

‘Great and responsive team with really unique and rare insight into the AdTech market from data privacy perspective.’

‘Gabriel Voisin has profound knowledge of data protection issues and always provides practical, business-friendly advice.’

‘Emma Drake is a great privacy lawyer with deep knowledge and her suggestions always contribute highly to the projects. Her understanding of the AdTech and marketing industry is also exceptional in comparison to the other privacy leaders in UK.’ 

Key clients


Domino’s Pizza

Open X

Oxford University Press

The British Horseracing Authority


Work highlights

  • Acted for OpenX on a very high-profile investigation led by the Norwegian data protection authority between a dating app provider (Grindr) and its associated ad-tech players (including our client OpenX).
  • Advised Domino’s Pizza on GDPR and data protection in addition to conducting an audit of their operations, identifying gaps and implementing remediation actions.

Bristows LLP

The ‘technically excellent and very engaging’ team at Bristows LLP provides pragmatic and commercially-focused advice’ to a range of well-known names, including Facebook, Google and WarnerMedia, on data protection matters, including litigation, data breaches and global compliance projects. Mark Watts overseas the team and is recommended for contentious data matters, recently acting for British Airways on a data protection fine filled by the ICO. Multi-jurisdictional information governance and compliance projects is the area of expertise of Christopher Millard while Marc Dautlich has extensive experience in advising on cyber and data breach incidents and the sharing of medical data. At the senior associate level, Jamie Drucker and Hannah Crowther are names to note.

Practice head(s):

Mark Watts

Other key lawyers:

Christopher Millard; Marc Dautlich; Jamie Drucker


‘Mark Watts is a real superstar. His deep technical expertise pared with a very commercial and pragmatic approach and calm and reassuring delivery are a great combination.’

‘I use Bristows for its expertise in the pharmaceutical and healthcare sectors and for its unrivalled knowledge of topics, responsiveness and timeliness of its pragmatic and client-focused advice. Its lawyers take the time to get to know and understand the client’s business so they can tailor their advice to the client’s particular circumstances. They think long term and not simply about the immediate challenges. 

‘Bristows’ willingness to engage and work with us to understand our organsation’s aims and objectives makes it a fantastic partner to work with. Its pragmatic and commercially-focused advice provides confidence that we can make the best commercial decisions.’

‘Hannah Crowther is a real rising star.’ 

‘Mark Watts is one, if not the, best solicitors in the industry. Working in the space of privacy for 20 years, it’s refreshing to get insights from Mark on complex data processing arrangements and guidance on domestic challenges that are culturally driven rather than DPA or objective focused.’ 

‘The team is the complete package – they are technically excellent, but also very engaging and really make the effort to get to know the business and tailor advice accordingly.’ 

‘We have been working with Marc Dautlich for a number of years and simply cannot fault his approach to complex legal issues or the quality of his advice.’

‘We have been extremely impressed by Jamie Drucker responsiveness and the clarity with which he has advised the business on some complex matters.’ 

Key clients

British Airways







WarnerMedia (Warner Bros, HBO, CNN)


The Association of the British Pharmaceutical Industry



Paysafe Group

Cisco Systems

General Electric


Offering ‘pragmatic and commercial advice in a timely manner’, Dentons acts for a long list of high-profile companies on all aspects of privacy, data protection and cybersecurity matters. The practice also benefits from the firm’s large global network, which makes it uniquely positioned to handle multi-jurisdictional compliance projects and regulatory investigations. Leading the team is Nick Graham, who has extensive expertise in data subject access requests, breach incidents and data sharing projects. Simon Elliott, who is described as extremely dedicated to achieving the best outcomes for his clients’, is recommended for contentious data protection matters, including investigations and cybersecurity incident responses. Other key name is Antonis Patrikios, who is noted for his ‘specialism in leading multi-jurisdictional projects in the UK, EU, US and Asian’.

Practice head(s):

Nick Graham

Other key lawyers:

Simon Elliott; Antonis Patrikios; Esther Rusling (Senior Associate)


‘The Dentons privacy team contains many expert practitioners that are able to provide pragmatic and commercial advice in a timely manner.’ 

‘Antonis Patrikios is our client lead, and he is always willing to do what is necessary in the name of client delivery. He ensures that we get the right level of experience on the team and is able to coordinate service delivery from multiple jurisdictions.’ 

‘Simon Elliot and Esther Rusling are excellent. They understand the complexities of our business and consistently provide timely practical advice.’ 

‘The team were extremely focussed on delivering an excellent standard of work for our company. I found all members very collaborative and focussed on finding solutions which were appropriate for our business.’ 

‘Simon Elliott is extremely dedicated to achieving the best outcomes for his clients, taking a pragmatic and considered approach. His technical knowledge, personable manner and attention to the commercial details of our business provided us with the valued support we needed on a critical global data privacy programme rollout.’ 

‘Simon Elliott is a very easy to work with individual, and always provides sensible advice in an accessible way.’ 

‘Antonis Patrikios always makes himself available and even makes time to arrange catch up calls to discuss burning issues in the data protection and privacy sphere, despite being extremely busy. He is my go to expert as I know I can rely on him. He is up to date, pragmatic and solution driven.’ 

‘We selected Dentons as our legal partner based on Antonis Patrikios’s specialism in leading multi-jurisdictional projects in the UK, EU, US and Asian across multiple sectors, including technology, e-commerce, media and AdTech. Antonis’s remarkable approach in supporting clients during crises makes him the most valuable external legal partner I have ever worked with.’ 

Key clients

Avis Budget Group




Essential Living


John Lewis



Northern Trust

Open Text

Royal Mail

SITA (Société Internationale de Télécommunications Aéronautiques)

Sumitomo Mitsui Banking Corporation Europe (SMBCBI)



Virgin Group

Virgin Atlantic

Worldwide Clinical Trials

Work highlights

  • Advised Avis Budget Group on all aspects of global data protection compliance and related issues.
  • Assisted John Lewis with data protection compliance work.
  • Assisted Virgin Atlantic with its BAU data privacy operations to provide strategic and operational support across the full range of data privacy issues facing the company.


Taking a practical approach to privacy compliance and with the ability to think outside the box’, the privacy, security and information team at Fieldfisher acts for a wide range of companies, from start-ups to large multinationals operating across several industries, mostly notably tech, financial services, healthcare and life sciences. Practice head Hazel Grant is ‘commercial and able to give practical recommendations balancing commercial challenges against regulatory risks’. ‘Top notch expert’ Phil Lee is especially sought after by social media, cloud, and disruptive technology clients to advise on international data privacy matters. Another key practitioner is director Nuria Pastor, whose expertise spans data export strategies and data subject access requests.

Practice head(s):

Hazel Grant

Other key lawyers:

Phil Lee; James Seadon; Renzo Marchini; Lorna Cropper; Nuria Pastor; Natalie Barnfield; Leonie Powers


‘The practice is very professional and responsive. What I like the most is their practical approach to privacy compliance and the ability to think outside the box.’ 

‘I think what makes the team stands out is its ability to fully comprehend the nature of our business (to the smallest details) and therefore provides suitable and practical advice. On top of that the team is simply very nice to work with.’ 

‘Natalie Barnfield handles complex issues quickly and provides practical operational suggestions. Hazel Grant is commercial and able to give practical recommendations balancing commercial challenges against regulatory risks.’

‘The depth of knowledge that the data and privacy team has is second to none.’ 

‘The Fieldfisher privacy lawyers provide solution driven advice that is pragmatic and clear. They are fantastic at identifying key privacy risks and making sensible suggestions on how to mitigate them.’

‘Phil Lee and Renzo Marchini are top notch experts that both know the nitty gritty and ins and outs of privacy and data protection law as well as having first class knowledge and understanding of the market. They provide genuinely pragmatic advice that is straight forward and makes sense when trying to implement it.’ 

‘Natalie Barnfield is an extremely knowledgeable and friendly lawyer and always a delight to work with. I see her as a trusted pair of hands and I always feel confident and comfortable in her advice and approach.’

‘Renzo Marchini is a great business partner and lawyer, Lorna Cropper is extremely knowledgeable and business focused, and James Seadon shows great practical insights and instincts on litigation matters.’ 

Key clients





Pelo ton Interactive

Mitsubishi Pharma

Free Now



Work highlights

  • Advised Dunnhumby on a range of UK and EU privacy matters, including international data transfers, product privacy impact assessment, data protection impact assessment and HR data protection issues.
  • Assisted Zoom in in responding to questions from the ICO about Zoom’s application of the Children’s Code and with international data transfers.
  • Advised Peloton on its expansion into the UK and EU markets and data protection matters.

Hogan Lovells International LLP

The privacy and cybersecurity team at Hogan Lovells International LLP is 'made up of true data protection specialists who not only know the law but can apply it in a practical way, taking into account market practices’. Practice head Eduardo Ustaran  is highly regarded as 'a leading expert' in privacy and data protection matters and has extensive experience in assisting companies operating across a wide range of sectors, including tech, life sciences and financial services, with regulatory investigations, enforcement proceedings and compliance matters. Another key name is Nicola Fulford, whose expertise spans international data transfers, privacy policies for online profiling, and marketing consent issues.

Practice head(s):

Eduardo Ustaran

Other key lawyers:

Nicola Fulford; Katie McMullan (Senior Associate); Dan Whitehead(Counsel); Paula Garcia (Senior Associate); Ellie Hughes (Associate)


‘I have worked with Hogan Lovells on several engagements and was impressed with the quality of the work. They provide practical advice which is valued and appreciated.’

‘My go-to person is Eduardo Ustaran. He is a leading expert in privacy and data protection matters. He is always responsive, very pleasant to deal with and provides practical advice.’

‘Hogan Lovells is one of the best law firms I have had the pleasure to work with. As a global company, and with privacy laws being introduced at a rapid scale, we need a legal business partner that can respond to challenging legal issues in real time and provide pragmatic advice that we can leverage to help our business colleagues.’

‘Irrespective of jurisdiction, we can rely on the team, particularly when we need a fast turnaround.’

‘Eduardo Ustaran and his team are business oriented and very capable to advice on compliance and risk assessment matters. Always very pragmatic.’

‘We have the privilege of working with Paula Garcia and Ellie Hughes with the support of their partner Eduardo Ustaran. They are always ready to assist clients with novel issues and changes in regulation and legislation. The team is easy to get along with which is a plus, but the real benefit is definitely the quality of the work provided.’

‘The team is made up of true data protection specialists and practitioners. They not only know the law but can apply it in a practical way, taking into account market practices.’

‘Katie McMullan is very approachable and gives great pragmatic and commercial advice.’

Key clients


AmerisourceBergen Corporation




NCS Pearson


Work highlights

  • Advised on n a broad range of compliance and commercial issues relating to privacy and cybersecurity, including its strategy to comply with Schrems II and the implementation of Processor Binding Corporate Rules (BCR) in the EU and the UK.
  • Acted for NYSE-listed firm, AmerisourceBergen Corporation, on the data protection aspects of its $6.47bn acquisition of Walgreens Boots Alliance, Alliance Healthcare wholesale distribution business in Europe.
  • Assisted NCS Pearson, a US-based company that develops and markets enterprise application software, with cutting-edge strategic and operational advisory work, including the use of biometrics, AI and the worldwide roll out of palm vein technology.

Linklaters LLP

With avery credible global network to call upon’, Linklaters LLP attracts clients from a range of sectors, including financial services, tech, fintech and insurance, seeking assistance with cross-border compliance projects, GDPR work, and high-profile data breaches. Benefiting from a long-standing relationship with regulators in the UK and EU, the team is well versed in investigation proceedings and enforcement actions. Co-practice head Richard Cumbley is recommended for large data subject access matters and privacy litigation. Co-practice Georgina Kon provides exceptional service’ and excels in governance matters, privacy investigations and cyber events. Co-practice head Julian Cunningham-Day focuses on the tech and fintech segments. Counsel Alaister Johnson is also recommended.

Practice head(s):

Richard Cumbley; Georgina Kon; Julian Cunningham-Day

Other key lawyers:

Tanguy van Overstraeten; Olivia Grimshaw


‘The Linklaters data protection team is consistently excellent. In particular, Georgina Kon provides exceptional service. Her ability to understand and respond on complex matters quickly and fully, her sound judgement and pragmatic thinking are strongly valued.’

‘Olivia Grimshaw is highly responsive, quick and adept at understanding client business models and products. Clear and helpful contractual drafting.’

‘The Linklaters team has capacity, breadth and depth of expertise in relation to privacy, and a very credible global network to call upon.’

They are able to adjust their advice to the budget and risk appetite of their client, and have unique insights into the regulatory priorities and perspectives as they act for so many clients which involve regulator engagement.’

‘I would always go to Linklaters for complex, novel and innovative issues, as they have the experience and expertise to genuinely add value and assist.’

‘Georgie Kon and Tanguy van Overstraeten are terrific! Olivia Grimshaw is excellent, providing in depth and measured advice.’

Work highlights

  • Acted for the Internet Association in relation to its intervention in the appeal to the Supreme Court of the Court of Appeal’s decision in Lloyd v Google, which is a landmark judgment in the area of privacy class actions.

Allen & Overy LLP

The ‘smart and responsive’ team at Allen & Overy LLP acts for large data-rich companies across a range of sectors, including telecom, tech, financial services, media, and pharmaceuticals, on compliance projects and cybersecurity incidents. Clients benefit from its data privacy subscription tool, Rulefinder Data Privacy, which assists companies in identifying and managing their data obligations, covering more than 60 jurisdictions. The group is jointly led by Jane Finlayson-Brown, who focuses on data privacy, and Nigel Parker, who handles both both data privacy and ransomware/cyber matters. The group recently welcomed consultant Steve Wood, former deputy information commissioner at the ICO, who brings extensive experience in data protection policy and enforcement.

Practice head(s):

Jane Finlayson-Brown; Nigel Parker

Other key lawyers:

Karishma Brahmbhatt


‘I mainly work with Nigel Parker. He is the best data protection lawyer I have encountered. He has deep knowledge of the rules, but also understanding of where the market is.’

‘A&O is a solid and knowledgeable firm with good global coverage of offices and partners firms. They have developed various service offerings for us over the years and continue to refine these as our needs change.’

‘We have worked closely with Jane Finlayson-Brown for may years. She is extremely knowledgeable and understands our business and the industry.’

Key clients





Saudi Aramco



News UK



Rimini Street


IMI Precision Engineering


Incomm Payments





Work highlights

  • Advised Samsung on its response to Schrems II, including updates to its data transfer agreements and impact assessments.
  • Assisted Nokia with data protection matters, data ethics advice in relation to its smart city pilot project, and its proposed data marketplace for sharing the intelligence derived from urban big data.
  • Acted for a large international media company on its response to a ransomware attack.

Baker McKenzie

The 'professional and very capable' team at Baker McKenzie is adept at handling the data protection aspects of M&A and other corporate transactions, cybersecurity work, data breaches and incident responses. Offering clients 'seamless cross-jurisdictional support for data protection matters', the group is recommended for global compliance projects and international data transfers. Paul Glass overseas the practice and is noted for his extensive expertise in data breaches and data protection litigation. Julia Wilson is especially sought after to assists with ICO investigations and enforcement actions, and advise on employment-related data protection matters, including workforce monitoring and vaccination.

Practice head(s):

Paul Glass

Other key lawyers:

Julia Wilson; Benjamin Slinn; Ian Walden; Joanna de Fonseka


‘Ben Slinn is highly knowledgeable on the law as well as industry practices. A great addition to our legal team!’ 

‘A professional and very capable team who is able to handle the most complex and difficult issues. Their approach is always collaborative, and they become almost part of our team when advising and supporting us.’ 

‘Julia Wilson always uses her deep knowledge and expertise to provide advice which recognises business challenges and context while ensuring we remain compliant.’ 

Key clients





Clifford Chance LLP

Clifford Chance LLP's team of 'highly-talented individuals' acts for a multitude of major financial institutions and FTSE 100 and Fortune 500 companies on a wide range of matters, spanning compliance projects, international data transfers, cybersecurity strategy and the monetisation of big data. On the contentious front, the team is especially sought after to handle regulatory investigations and high-profile data privacy litigation. Data protection specialist Jonathan Kewley leads the group and highly regarded as 'a real star in the technology law world'. 'With deep knowledge of data, privacy and cybersecurity matters', Simon Persoff is recommended for banking secrecy and cybersecurity work. Data privacy claims and other contentious matters are the area of expertise of Kate Scott and Samantha Ward.

Practice head(s):

Jonathan Kewley

Other key lawyers:

Kate Scott; Simon Persoff; Samantha Ward; Herbert Swaniker


‘Incredibly strong and fast growing team of highly-talented individuals.’

‘Simon Persoff is a hugely committed partner with deep knowledge of data, privacy and cybersecurity matters. Incredibly hard working.’

‘Jonathan Kewley is a real star in the technology law world. Highly respected by clients. Any law firm would be lucky to have him.’

‘Herbert Swaniker is a highly talented associate, loved by clients and great to work with.’

‘Always professional, expert and the product is timely and to the point. Reliable, helpful and well informed on new and emerging trends and technologies, with a genuine curiosity for innovation.’

‘Simon Persoff and his team offer a breadth of practical experience as well as legal expertise.’

‘Simon Persoff has impressed with his technical and practical knowledge. When it really matters, he is there to support us. He has struck the right balance between technical requirements and pragmatic and practical advice, based on his own extensive industry knowledge and experience. He seeks to bring the right team for the matter in hand.’

Key clients

News Group




Specialized Bicycles


International Regulatory Strategy Group (IRSG)

Work highlights

  • Advised an international company that was the victim of a significant ransomware attack resulting in the encryption and exfiltration of personal data and commercially sensitive data.
  • Assisted a global OEM in the automotive industry with a range of data protection, privacy and technology transformation projects.
  • Advised a client on the design and implementation of its global tech, data and cyber security strategy.


CMS regularly assists high-profile companies across a range of sectors, most notably tech, medial, retail, telecom and financial services, with multi-jurisdictional compliance projects, data protection litigation, ICO investigations, and cross-border data transfers. Its clients benefits from its GDPR Enforcement Tracker tool, which traces fines issued in the UK and EU and provides fresh data and key enforcement themes. Emma Burnett leads the team and focuses on data protection, technology and outsourcing. Another key practitioner is data protection and cybersecurity specialist Loretta Pugh.

Practice head(s):

Emma Burnett

Other key lawyers:

Loretta Pugh


‘User friendly and solution-focused no matter how complex the situation.’

‘While I hope never to find myself in the position of having to deal with a similar situation, if I did, there is no one else that I would want to have by my side. I would have no hesitation in recommending the firm to others in that situation.’

‘From my experience of the associates in his team, I suspect that he has equally outstanding leadership qualities. They were excellent.’

Key clients


World Bank


World Bank

Work highlights

  • Assisted a diversified industrial technology company with a multi-jurisdictional data breach impacting more than 70 countries.
  • Advised a group of media clients on their partnership to launch a new subscription video on demand service.
  • Advised a medical device company on proposed new features for its AI enable digital platform that allows surgical teams to record and access surgical videos.

DLA Piper

The team at DLA Piper attracts a strong following of large multinational companies and public sector clients, and is adept at advising on legislative reform, cross-border compliance programmes, litigation and cyber incidents.  Benefiting from significant experience in interacting with the ICO, the team is well positioned to assist with investigations and enforcement actions. Leading the practice is Ross McKean, who is recommended for global data governance matters, information access requests and cyberattack responses. McKean works alongside Leeds-based Andrew Dyson, who has extensive expertise in advising government bodies on policy matters and novel issues such as AI, and ‘professional and very passionate’ legal director David Cook in Manchester.

Practice head(s):

Ross McKean

Other key lawyers:

Andrew Dyson; David Cook


‘David Cook is driven, professional and very passionate about his work.’

Key clients

Chubb Insurance Group



UnitedHealth Group Airbus


Department for Digital Culture Media and sport



Work highlights

  • Advised the UK Government on its landmark package of reforms to the UK’s data protection laws.
  • Assisted the ICO with its ground-breaking development of its transfer risk assessment in response to Schrems II.
  • Acted for Visa on a range of projects, including all aspects of its international data transfer strategy post-Schrems II.

Eversheds Sutherland (International) LLP

Eversheds Sutherland (International) LLP is the port of call for a slew of household names, including Dyson, Thames Water and Meta, when it comes to matters related to international data transfers, data breach incidents, investigations and group litigation, and is singled out for its ‘expertise in freedom of information matters’. Practice head Paula Barrett, who has ‘excellent technical grasp of the law and developing trends’, is particularly sought after by clients in the financial services, telecom and life sciences segments. Other key names are Liz Fitzsimons, who is recommended for freedom of information mattes, and Philip James, who is specialised in fraud prevention, regulatory investigations and international data breach responses.

Practice head(s):

Paula Barrett

Other key lawyers:

Philip James; Dave Hughes


‘The Team is quick to respond, particularly in very urgent matters and provides clear pragmatic legal advice.’

‘The team at ES is one of the largest data protection teams in the UK. It is also one of the few data protection teams that can offer expertise in freedom of information matters.’

‘The individuals I work with are dedicated information law practitioners. They are not commercial tech lawyers masquerading as data protection experts. Paula Barret has an excellent technical grasp of the law but more importantly a good grasp of developing trends and sector experience which enable me to benchmark our approach on various aspects of data protection compliance’

‘They really take time to understand the problem and the context of the situation.’ 

‘They actively listen to our problems and think about how we could approach them from a legal perspective. They are also really proactive.’

‘As a firm with a global presence, Eversheds’ global reach allows them to provide consistent jurisdiction-specific advice, which is absolutely invaluable.’

‘Dave Hughes is technically strong, has great knowledge of the sector and adopts a very pragmatic approach when it comes to the advice he gives. He is also incredibly personable and an absolute pleasure to work with. I would not hesitate to recommend Dave and his team.’

‘A knowledgeable team with broad experience and a commercial and pragmatic outlook.’

Key clients



Heathrow Airport


Thames Water


DWR Cymru Welsh Water



Eastman Chemicals

Kering Group

Epam Systems

National Grid


ADP (Automatic Data Processing)

Hunton Andrews Kurth LLP

Hunton Andrews Kurth LLP handles a range of data protection and privacy matters, including compliance projects, data sharing risk assessments, and large-scale cybersecurity incidents. Acting for high-profile clients such as Google and News Corporation, the group has a long-standing relationship with the UK ICO, other data protection regulators, and governments across Europe, often advising on policy matters. Splitting his time between New York and London, Aaron Simpson, who is recommended for cross-border data transfer solutions, overseas the team alongside Bojana Bellamy, who presides the firm’s think tank, the Centre for Information Policy Leadership. Other key names include Sarah Pearce, who joined the firm from Paul Hastings LLP in 2022; and senior consultant Rosemary Jay, who has extensive expertise in privacy and information laws. Bridget Treacy retired in October 2021.

Practice head(s):

Aaron Simpson; Bojana Bellamy

Key clients

Procter & Gamble Company

News Corporation (including News UK and Dow Jones)


Silver Lake Technology Management

TK Maxx (The TJX Companies)

TPG Global



e.l.f. Cosmetics


Work highlights

  • Advised a well-known multinational technology conglomerate on its global privacy framework and assisting with other strategic EU/UK related initiatives.
  • Advice a global engineering company on substantial global privacy and data protection matters.
  • Acted for a global private equity firm on privacy and cybersecurity matters, including assisting with its technology acquisitions.

Latham & Watkins

Acting for a range of companies, including start-ups and large multinationals, Latham & Watkins offers ‘very practical and insightful advice’ on the data protection aspects of corporate transactions such as M&A, GDPR compliance, regulatory investigations and data protection disputes. Gail Crawford leads the practice and is especially sought after by clients in the tech, financial services, media and healthcare segments to advise on cross-border data compliance matters. Ian Felstead is recommended for litigation and regulatory disputes, and Fiona Maclean is well versed in regulatory investigations. James Lloyd joined the group from Orrick, Herrington & Sutcliffe (UK) LLP in October 2021.

Practice head(s):

Gail Crawford

Other key lawyers:

Ian Felstead; Fiona Maclean; James Lloyd; Calum Docherty; Lara Nonninger


‘The team is brilliant at tailoring its advice to the specific situation at hand and gives practical steps to achieve the desired outcome. The firm offers reactive advice as well as assistance with terms for notices and legal terms, which makes it a one stop shop for data protection. The team is happy to put time in to build a relationship with its clients, which allows us to feel more supported as a business.’ 

‘Gail Crawford and Calum Docherty have a broad spectrum of expertise that does not impact the depth of their knowledge in these areas. They have both been willing to react to quick turnaround times in urgent situations. They can give advice on complex issues in an easy to digest way, that is suitable for both privacy professionals and those not versed in the industry – this allows for easy communication with colleagues who do not specialise in privacy.’ 

‘The team provides very practical and insightful advice in topics which are very complex.’

‘I would highlight the work of Calum Docherty, he is a very practical lawyer, particularly on data privacy agreements, showing a right balance between ensuring protection of the client and getting the deal done. He is also very keen to understand the business of the client and giving advice that tackles the client’s challenges.’ 

‘Latham has a strong bench of talent in this area particularly in the transaction space. They are subject matter experts who are also pragmatic in terms of the application of the law to difficult technology problems.’ 

‘James Lloyd is a standout individual within the practice. He is one of only a handful of true experts in cyber and data privacy litigation practising in the UK market. He brings laser sharp analysis, creative thinking and a calm and steady hand to any litigation or regulatory engagement.’

‘Lara Nonninger is an up and coming star in this area. She punches far above her weight in terms of experience.’ 

Key clients



Madison Dearborn Partners


Credit Suisse



Work highlights

  • Advised Meta on a number of highly complex and multi-jurisdictional regulatory investigations and inquiries regarding alleged data breaches.
  • Assisted GoHenry, a fast-growing UK-based fintech, with several aspects of GoHenry’s data privacy and cybersecurity programme.
  • Advised Intuit, the global technology platform that makes TurboTax, QuickBooks, Mint, and Credit Karma, on its acquisition of Mailchimp, a world-class customer engagement and marketing platform for growing and mid-market businesses.

Norton Rose Fulbright

Norton Rose Fulbright‘s ‘practical, friendly and commercially-aware’ team regularly handles GDPR work, cyber incident responses and investigations on behalf of large corporates operating across the tech, financial services, aviation, life sciences and automotive industries. Recently, it has been increasingly busy with global compliance projects and matters related to Schrems II. The practice’s leadership is split between Marcus Evans, who has extensive experience in advising on multi-jurisdictional outsourcing deals, and Ffion Flockhart, whose expertise spans cyber risk management, incident responses and investigations. Another key name is Lara White, who is recommended for privacy compliance, sourcing contracts and IT arrangements.

Practice head(s):

Marcus Evans; Ffion Flockhart

Other key lawyers:

Lara White


‘This practice has maintained a strong relationship with our organisation over a number of years and has always proved to be responsive in a timely manner. The advice has always been of the highest quality and always based on good commercial sense. Quick and sound legal advice at times of dispute and crisis always with a helping hand.’

‘Practical, friendly and commercially-aware.’

‘Great knowledge of norms and trends in the given sector (in this case, life sciences and healthcare). Able to provide pragmatic advice with clear suggestions on ways forward, even in complex areas of law where the approach to applying statutory legal tests is not yet clear in guidance or at common law. Useful to receive advice that can be applied in our business, rather than being so heavily qualified or caveated as to render it useless in practical terms!’

‘Marcus Evans was excellent at unpicking the advice that we required from what was a complex set of information and asks, and setting out a clear and transparent proposal and delivery timeframes.’

Key clients

American Airlines

Supreme Committee for Delivery and Legacy


Pinsent Masons LLP

The team at Pinsent Masons LLP ‘brings deep expertise in data protection with an ability to handle complex issues involving overlapping areas of law and different jurisdictions’. In addition to its notable strength in high-profile data privacy class actions and investigations, the practice excels in cross-border compliance matters and cybersecurity work. Co-practice head Jonathan Kirsop is ‘a very experienced data protection expert, who manages to translate challenging concepts into user-friendly and risk-based advice’. Co-practice head David McIlwaine is recommended for tech disputes and cyberattack responses. Co-practice head David Barker is a key name for data breach litigation.

Practice head(s):

Jonathan Kirsop; David McIlwaine; David Barker

Other key lawyers:

Lauro Fava (Senior Associate); Julia Varley (Senior Associate);


‘The team is extremely responsive, knowledgeable and responsive.’

‘David McIlwaine gives exceptional client service and his knowledge and authority in this area are unparalleled. Julia Varley is clearly partnership material and is always prepared to do what it takes to get things done to the highest standards.’

‘The team brings deep expertise in data protection with an ability to handle complex issues involving overlapping areas of law and different jurisdictions.’

Key clients


Tesco Stores

Honda Motor Europe

Dixons Carphone

Open Data Institute



Liberty Mutual

Visa Europe

Post Office

Tesco Bank

Barclays Bank


World Athletics

The Body Shop International

JD Wetherspoons


Harbour Solutions Group





Pomvom UK

Work highlights

  • Acted for Google on its successful defence of a £3bn class action brought by Richard Lloyd.
  • Advised PomVom, an Israeli start-up, on the UK and EU data protection issues associated with the use of facial recognition technology (FRT) in theme parks to allow visitors to purchase via an app the pictures taken of them on rides, In particular, and the consultation with the UK’s Information Commissioner on whether this FRT may be rolled out in compliance with the UK’s data protection law.
  • Assisted Barclays Bank with its global international data transfer project including carrying out data transfer impact assessments and remediating data transfer agreements.


The 'responsive, very knowledgeable and commercial' team at Ashurst frequently handles international data transfers, compliance projects, incident responses, class actions, and corporate deals. Acting for a wide range of clients, from startups to multinationals and government departments, the group is particularly active in the financial services, tech, infrastructure and transport segments. The practice is lead by 'outstanding data protection lawyer' Rhiannon Webster, whose expertise spans enforcement actions and compliance matters. Webster is supported by senior associate Shehana Cameron-Perera, who focuses on cross-border data transfers and ICO complaints.

Practice head(s):

Rhiannon Webster

Other key lawyers:

David Futter; Shehana Cameron-Perera; Julia Bell


‘The team provides very clear and pragmatic advice. They are always calm and considered, which gives me confidence in them as a client.’

‘Rhiannon Webster is the lead partner and is on the ball when it comes to providing clear and pragmatic advice.’

‘Rhiannon Webster is an outstanding data protection lawyer. She combines in-depth legal know-how with the pragmatism required to give clients true risk-based advice.’

Key clients

BAI Communications

Department of Transport

East West Rail

HM Treasury and British Business Bank

Keolis Amey


McLaren Automotive

Pirum Systems

Sage Group

Shawbrook Bank

Stone X

Thomas Cook (in administration) and Insolvency Service (as special managers to the administration)

Work highlights

  • Assisted a public sector body in improving and streamlining its information disclosure function, working in partnership with Ashurst’s newlaw” function “Ashurst Advance” and our consultancy arm in Australia.
  • Advised Sage Group as its law firm of choice for all of its outsourced data protection work, including drafting its privacy notices, provision of strategic advice on its approach to international data transfers, use of telemetry and global roll-out of its cookies notices and general use of new technologies including machine learning.
  • Acted for East West Railway Company (EWR) on the key data protection considerations for a transformational new project in the United Kingdom.

Covington & Burling LLP

Covington & Burling LLP assists large multinational companies with regulatory compliance advice, cybersecurity work, cross-border data transfers and data protection and privacy litigation. Key practitioners in the group is Daniel Cooper, who is especially sought after to advise on data protection matters, consumer protection and AI.

Other key lawyers:

Daniel Cooper


DWF's 'outstanding' team houses 'extremely capable and experienced legal practitioners', who cover the whole spectrum of data protection and cybersecurity work, including international data transfers, the data protection aspects of corporate transactions, large-scale litigation and investigations, among others. From Manchester, compliance expert JP Buckley overseas the practice alongside London-based lawyers Stewart Room, who is rated as 'one of the industry leaders in the area of data protection, privacy and cybersecurity', and James Drury-Smith, who is especially sought after by clients in the tech, financial services and healthcare sectors seeking advice on governance and privacy matters.

Practice head(s):

Stewart Room; James Drury-Smith; JP Buckley

Other key lawyers:

Richard Hall (Director); Simon Davis (Associate); Mark Hendry (Director); Shervin Nahid (Senior Associate)


‘The DWF data protection, privacy and cybersecurity team is among the best legal practices I have dealt with. They are very skilled and experienced in their respective subject matters and they work excellently together as a team. The team have a great blend of deep legal understanding, management consulting experience, as well as commercial pragmatism.’ 

‘Stewart Room is considered one of the industry leaders in the area of data protection, privacy and cybersecurity. Stewart has an unparalleled knowledge of data privacy regulations and can apply this in a commercial and pragmatic way. Stewart has also built a network of other providers who can support multiple different aspects of a broad engagement. Stewart was supported by his strong team members, namely; James Drury-Smith, Richard Hall, Simon Davis, and Mark Hendry.’ 

‘Stewart Room and Shervin Nahid form a market leading team in data. With deep understanding of the fast-evolving data space, having authored their own books and articles, Stuart and Shervin are at the helm of cutting-edge data matters.’ 

Key clients

Meta (Facebook)

Visa Europe

Telefónica UK

Virgin Media

KP Snacks

T-Mobile USA

NHS Digital



Lucozade Ribena Suntory

Hard Rock Cafe International (USA)

Ocado Retail

Kentucky Fried Chicken (KFC)




Severn Trent Water

Canopius Services

IVC Evidensia

Yum Restaurant Services Group

Tysers Insurance Brokers

Tokio Marine

Westfield Europe

Music Magpie

McColls Retail Group

Equiti Capital UK

Work highlights

  • Advised a global technology business on transparency reporting related to privacy incidents and data breaches.
  • Assisted a global financial services business through an email compromise attack with incident response support in the EU and UK and project management of communications providers and legal services providers in USA and Asia-Pac.
  • Represented a global communications company in regulatory enforcement proceedings brought for alleged contraventions of the direct marketing rules, with the case concluding in success for the client and the preservation of its marketing strategy.

Herbert Smith Freehills LLP

With ‘truly outstanding cybersecurity expertise', Herbert Smith Freehills LLP is well placed to handle cyber breach work, including ransomware attacks, incident responses and investigations. In addition to its notable strength in contentious matters such as large-scale class actions, the group excels in multi-jurisdictional compliance projects, data transfers and the data privacy aspects of corporate transactions. The practice is jointly led by 'technically superb, responsive and judicious’ Miriam Everett, cybersecurity and data breach specialist Andrew Moir, and Christine Young, who is recommended for contentious matters as well as data subject access requests.

Practice head(s):

Miriam Everett; Andrew Moir; Christine Young


‘We instructed HSF to act as our global advisers in the legal cybersecurity space given its subject matter expertise across disciplines and jurisdictions. The firm provides pragmatic and practical advice which fits around our processes. We have had sensible discussions around costs which have been adhered to.’

‘Andrew Moir is excellent, very available, absolutely on top of his subject matter but not overbearing, and willing to collaborate at all times. We were very comfortable putting him in front of our board.’

‘Exceptional technical knowledge, pragmatism and down to earth counsels.’

Key clients

UK Finance

Hays plc

e-Mersion Media

KodyPay Limited

Willis Towers Watson





Work highlights

  • Advised UK Finance on its member workshops on the principle of ‘fair AI’ and practical challenges associated with the use of AI.
  • Assisted GenesisCare with its data protection arrangements on various key strategic matters, including its global rollout of a quality management system, a global SAP platform and cloud-based clinical data management platform arrangements.
  • Acted for Willis Towers Watson on a number of international data protection mandates, including on the implementation of the DIFC data protection law and on the implementation of the South Africa data protection law.

Mishcon de Reya LLP

Under the leadership of Adam Rose , who draws on more than 30 years of experience in data protection and freedom of information matters, the team at Mishcon de Reya LLP handles regulatory investigations, data subject access requests, compliance matters and enforcement actions. Ashley Winton is recommended for international data transfers and privacy and cybersecurity work, with an emphasis on the financial services, telecom and tech segments, Jon Baines focuses on GDPR matters and freedom of information requests. The practice is noted for its strong capabilities in large-scale high-profile litigation, with Ben Lasserson leading an opt-out representative action on behalf of a class of 1.6million individuals against Google and DeepMind Technologies for allegations of unlawful transfer of confidential medical records.

Practice head(s):

Adam Rose

Other key lawyers:

Ashley Winton; Filippo Noseda; Jessie Bridgett; Jon Baines


‘The team is highly innovative in terms of funding, public relations and collaboration. Firstly, my case has been financed by crowd-funding which is quite novel and rare for firms of this calibre.’

‘The cross-disciplinary reach of my case has enabled the team to showcase its remarkable collaborative skills, involving legal, financial and technological experts, parliamentary representatives, and grassroots activists from across the world, especially the Netherlands, France, Canada and the USA.’

‘The stand-out Partner at Mishcon de Reya is Filippo Noseda. My case was made possible by his passionate and innovative approach to providing ordinary citizens with a path to justice; his world-beating expertise on data protection and privacy rights in the context of public authorities and cross-border information transfers; his meticulous knowledge of the British and EU legal systems; his enthusiasm for international collaboration and the continuous acquisition of new knowledge not only for himself but for his clients and stakeholders. His scholarly background shines through in his work, and one of the greatest benefits of being represented by him has been the chance to learn from him and develop my own expertise in legal and judicial processes, public policy, and the cutting-edge area of cybersecurity.’

‘I am immensely proud of what I have learned and achieved through working with Filippo Noseda. His team, including Jessie Bridgett and Adam Rose, has also been incredibly helpful to me throughout the litigation process.’

‘Mishcon is punching above its weight in several practice areas including data protection, privacy and cyber. Many of their lawyers and partners blend excellent legal knowledge with a commercial approach and are practical in their advice. Better value than that of similar or other, larger firms.’ 

‘The team has a good mix of technical legal knowledge and commercial awareness which makes for good practical advice.’ 

Key clients


Catena Media

American Express

Pimlico Plumbers


Bristol University Union of Jewish Students

Betting & Gaming Council

Various International Baccalaureate students


Claims Conference




Work highlights

  • Acted for Jennifer Webster on claims challenging the compatibility of the US’s FATCA treaties with the UK and other European countries GDPR.
  • Advised International Baccalaureate students on a complaint to the ICO relating to the adoption by the International Baccalaureate Organisation of an algorithm making automated decisions about student grades.
  • Assisted the Betting & Gaming Council with the proposed launch of a multi-operator data sharing scheme.

Osborne Clarke LLP

With a strong presence in the tech, financial services, telecom, energy and retail sectors, Osborne Clarke LLP advises on both contentious and non-contentious matters. As part of its busy workload, the team has recently handled GDPR work,  data protection litigation, ransomware attacks, investigations and data subject access requests. With more than 20 years of experience in advising on law enforcement data access matters, data breaches, and GDPR, 'pragmatic, responsive and detail-oriented' Mark Taylor leads the practice. Taylor works alongside Ashley Hurst, who is recommended for cyber incident responses. Simon Bollans left the firm in February 2022.

Practice head(s):

Mark Taylor

Other key lawyers:

Ashley Hurst


‘Mark Taylor is a wonderful lawyer. He is pragmatic, responsive and detail oriented. He understands how to work with us to make sure our business can reach its goals. He is our ‘go to’ data protection lawyer.’


Key clients

Cancer Research UK


Elephant Health





Western Power Distribution (WPD)


The Farm Post Production Limited


Police Federation of England & Wales

Cancer Research UK


Elephant Health





Western Power Distribution (WPD)


The Farm Post Production Limited


Police Federation of England & Wales

Work highlights

  • Assisted S-RM Intelligence and Risk Consulting with a claim brought by billionaire Arvind Tiku in relation to personal data contained in due diligence reports which S-RM had presented for regulated clients.
  • Acted for Police Federation of England & Wales (PFEW) on a highly publicised ransomware attack which affected its IT systems in March 2019 and its legal and regulatory obligations and follow-on ICO investigation in relation to the attack.
  • Advised Western Power Distribution (WPD), an electricity distribution network operator, on a wide range of data protection matters, including data subject access requests and impact assessments.


Major tech, social media and publishing companies such as Google, Meta, Twitter and Associated Newspapers turn to RPC for assistance with data privacy litigation, cybersecurity incident response and compliance matters. Jon Bartley offers ‘excellent guidance and support in respect of data protection requirements’ while data dispute litigator Rupert Cowper-Coles is recommended for subject access requests and right to be forgotten claims. Richard Breavington has extensive expertise in data breach response and David Cran is a key contact for tech disputes.

Practice head(s):

Jon Bartley; Richard Breavington; Rupert Cowper-Coles; David Cran

Other key lawyers:

Alex Wilson; Keith Mathieson; Oliver Bray; Joe Lippitt (Associate)


‘The RPC team is well versed at responding to cyber incidents. They are incredibly experienced and provide expert counsel at challenging times for businesses. They have an excellent understanding of GDPR but also reputational considerations of cybersecurity matters.’

‘Alex Wilson is a real future star. Enthusiastic, engaged and dynamic.’

‘The team has provided excellent guidance and support in respect of data protection requirements and how this applies in our complex multi-stakeholder environment.’

‘Jon Bartley has provided excellent guidance and support in respect of very specific data protection requirements and how this applies in our complex multi-stakeholder environment.’

‘Keith Mathieson is well experienced in media-related data protection work. Richard Breavington is strong in data breach litigation.’

‘Rupert Cowper-Coles is a data protection and privacy specialist with a particular strength in multi-jurisdictional online work, which he can combine with his reputation management expertise.’

‘The standout partner for me is Oliver Bray. He is simply best in class. He is a trusted adviser and a great ally. Olly has a genuine interest in our business and has tackled many complex data protection issues for me. Because he makes a real effort to understand not just the legal issues, but also the business dynamics, he is able to craft advice in a way that is most optimal for me to understand, implement, or escalate, as the need arises. I continue to see Olly not just as a business adviser, but a true partner to our business. Joe Lippitt is my go-to associate at RPC. Joe manages a big workload of complex work, including high-profile negotiations on issues in the media spotlight. He is a workhorse and unflappable.’

‘Having worked with RPC for a number of years on our data protection and privacy requirements, they have an excellent understanding of our business and requirements. They are happy to discuss a variety of potential approaches before agreeing how matters are going to be managed and provide solutions within budget constraints where required.’

Key clients

Meta (Facebook, Instagram, WhatsApp)



News UK


Frasers Group

Associated Newspapers

Times Newspapers

Reach (formerly Mirror Group)




CNA Hardy


Work highlights

  • Acted for trade association techUK on its role as intervening party in the Supreme Court case of Richard Lloyd v Google.
  • Advised Meta (Facebook) on a broad range of projects from AdTech compliance to drafting high-profile data processing agreements.
  • Advised on a detailed and multi-jurisdictional data protection maturity assessment for a global insurer and re-insurer.

Simmons & Simmons

The data protection practitioners at Simmons & Simmons sit in different practice groups within the firm, including digital business, IP, dispute resolution and employment. With a strong presence in the telecom, financial services and life sciences segments, the team has recently handled regulatory investigations, data breach responses and international data transfers. Alexander Brown leads the practice and is recommended for multi-jurisdictional compliance projects. From Bristol, Lawrence Brown advises on data protection matters related to outsourcing operations and cloud services.

Practice head(s):

Alexander Brown

Other key lawyers:

Lawrence Brown

Key clients


Telefonica UK (O2)


Bank of Nova Scotia


Pacific Investment Management Company (PIMCO)

Work highlights

  • Advised Huawei on data protection and security matters, including 5G security related legislation.
  • Assisted O2’s lead advisors with data protection compliance matters.
  • Acted for Hasbro on a variety of data compliance matters, including the implementation of new e-commerce platform in Europe.

Taylor Wessing LLP

Rated for its ‘excellent and sophisticated cyber and data protection expertise’, Taylor Wessing LLP is often retained by well-known names in the tech, life sciences, real estate and financial services sectors to handle GDPR matters, privacy compliance and cybersecurity work. Drawing on strength from its international network, the group is well placed to advise on multi-jurisdictional data protection projects. Key names are GDPR expert Victoria Hordern and Chris Jeffery, who is especially sought after by US-based companies looking to expand into Europe. Former practice head Vinod Bange left for Baker McKenzie in 2022.

Other key lawyers:

Victoria Hordern; Chris Jeffery; Jo Joyce


‘Excellent and sophisticated cyber and data protection expertise. My experience is the entire team is reliable, friendly, approachable and provides robust guidance with tailored depth necessary to make informed and defensible decisions.’ 

‘The practice is exceptional and a delight to work with.’ 

‘Strong reputation and solid experience in data-related matters.’ 

‘I really enjoy working with the data protection team at Taylor Wessing for its availability, capacity to understand the problem, solutions and outside of the box thinking, without stepping outside of the boundaries of the privacy laws.’ 

‘Taylor Wessing is a solid firm for privacy, bringing a well-rounded skillset, from contentious matters to strategic projects, meaning we can call on them for a variety of topics. Taylor Wessing always strives to provide options in their responses, demonstrating critical thinking, which we value as it acts as a partner rather than just external counsel. They always have their fingers on the pulse of what’s up and coming in privacy.’ 

‘Very pragmatic and proactive. People I like working with. It’s rare to find data privacy lawyers who explain things in a simple way.’ 

‘I appreciate how diligent Jo Joyce is in getting practical advice to me quickly, and Vin Bange has put together a fantastic team of individuals with good knowledge of privacy laws.’ 

Key clients


Live Nation

Interactive Investor

Cambridge University Press & Assessment

Centessa Pharmaceuticals

Burger King


Live Nation

Interactive Investor

Cambridge University Press & Assessment

Centessa Pharmaceuticals

Burger King

Work highlights

  • Advised SEGA on the impact of the Children’s Code on its main catalogue titles and games in development and increasing awareness across its key stakeholders’ groups across its UK, European and US studios.
  • Assisted Live Nation Entertainmenton with a range of multi-jurisdictional GDPR and e-privacy matters.
  • Acted for Burger King on the audit and then management of its data transfer arrangements with US and EU members of the wider corporate group.

White & Case LLP

With ‘a wide expertise in data protection, privacy and cybersecurity’, White & Case LLP is geared to handle transactional, advisory and contentious work, including compliance matters, international data transfers, privacy class actions, and the data protection aspects of PE and corporate transactions. GDPR expert Tim Hickman heads up the practice and is qualified in both England and Ireland. Hickman works alongside Lawson Caisley and Rory Hishon, who together have extensive experience in acting on contentious issues involving cybersecurity and data protection matters.

Practice head(s):

Tim Hickman

Other key lawyers:

Lawson Caisley; Rory Hishon


‘Tim Hickman is excellent and knows the law inside out.’

‘Tim Hickman. Would not use anyone else for data privacy.’

‘White & Case has a wide expertise in data protection, privacy and cybersecurity.’

‘The team’s strength is collaboration and flexibility.’

‘Tim Hickman has a great ability to explain a legal matter and provide legal advice in a clear way. His expertise in data protection and privacy, availability and engagement bring benefits for our collaboration.’

Key clients

Meta (Facebook, Instagram, and Whatsapp )


Deutsche Bank





Centerbridge Partners

Tink AB

Piper Sandler


The Carlyle Group

Softbank Vision Fund II

ION Acquisition Corp. 2

Vox Media

Nordic Capital

Kobalt Music Group

Work highlights

  • Represented Meta, including Facebook, WhatsApp, Instagram and Oculus, in major international litigation and class actions on privacy and data protection matters.
  • Advised Nestlé on a global scale, including specific GDPR compliance, e-Privacy compliance, regulatory matters and direct interactions with EU data protection authorities.
  • Assisted Deutsche Bank  (London Branch) with extensive legal support to ensure that data protection compliance priorities can be addressed with minimal business disruption.

Womble Bond Dickinson (UK) LLP

Womble Bond Dickinson (UK) LLP acts for public sector clients and corporates across a wide range of sectors, most notably tech, retail, financial services and life sciences, on cross-border data transfers, regulatory investigations, and the data aspects of corporate transactions. Through its online tech-driven solution, WBC Clarity, the group assists clients to manage data subject access requests. Practice head Andrew Kimble advises on all aspects of data protection and privacy matters. Also recommended are Andrew Parsons, who focuses on commercial litigation in the tech sector, and Newcastle-based Caroline Churchill, whose expertise spans cross-border acquisitions and e-commerce issues.

Practice head(s):

Andrew Kimble

Other key lawyers:

Andrew Parsons; Caroline Churchill


‘What makes the team at Womble Bond Dickinson unique is their pragmatic and can-do approach that works constructively with the client to provide a solution that fits the client’s requirements.’

‘Andrew Kimble is quick to grasp your requirements and thorough in providing a comprehensive response.’

Key clients





Work highlights

  • Advised Blackbaud on its response to a data breach involving the hacking of its customer databases, where the records of individuals were accessed in a global scale.
  • Assisted 20+ clients with contentious and complex data subject access requests, which were managed through WBD Clarity solution, an in-house tool for managing data subject access requests.
  • Acted for Chemring on the acquisition of the Cubica Group, a research and develop company specialised in artificial intelligence, machine learning, data fusion and autonomy.

Addleshaw Goddard

Addleshaw Goddard has a broad data protection, privacy and cybersecurity practice, which is equipped to handle both contentious and non-contentious matter. Acting for an array of FSTE 100 and FSTE 250 companies operating in the financial services, retail, healthcare and energy sectors, the team has recently advised on regulatory investigations, compliance projects, data breach response, ransomware attacks and litigation. Splitting her time between London and Edinburgh,  practice head Helena Brown focuses on complex compliance matters and large-scale incidents. Dr Nathalie Moreno often advises on multi-jurisdictional data transfers and data protection audits while Aberdeen-based Ross McKenzie is recommended for IT and data-related matters.

Practice head(s):

Helena Brown

Other key lawyers:

Ross McKenzie; Nathalie Moreno

Key clients


Global Generali Assistance

Vision Express


Ted Baker


British Land

Bestway Group


WSH Group (Baxter Storey)

Virgin Money


ARCH Emerging Markets Partners Limited (ARCH)

BP International

Caesars Entertainment

GHA Loyalty DMCC

Total Fitness

Work highlights

  • Advised Boohoo, a market leading retail and consumer online brand, on various complex data and related IT matters.
  • Acted for Dubai-based Global Hotel Alliance on very complex data sharing arrangements, enabling Spain-based global NH Hotel Group to join the Alliance and merge its own NH Rewards loyalty programme with DISCOVERY, a single guest recognition and rewards programme.
  • Assisted international gaming giant Caesars with ongoing support to ensure data protection compliance within the UK and European parts of its business, including international data transfers post Schrems II and policies.

BCL Solicitors LLP

Highly praised by clients for its ability to ‘truly combine criminal law and data law expertise’, BCL Solicitors LLP is uniquely positioned to handle enforcement actions, investigations, online harm issues, and cybercrime matters. Leading the practice is former GCHQ legal director Michael Drury, who is especially sought after to advise on cyberattacks, ransomware incidents and potential prosecutions by the ICO. Another key name is Julian Hayes, whose expertise spans data subject rights, compliance matters, data transfers and breach responses.

Practice head(s):

Michael Drury

Other key lawyers:

Julian Hayes


‘Julian Hayes is a creative lawyer with a good instinct for the law, which is absolutely key in this field.’

‘BCL is the only firm that is truly able to combine criminal law and data law expertise. Many other firms specialise in one or the other and are not competent to advise on both but BCL is uniquely placed to do so.’

‘Julian Hayes is a very driven and hardworking partner who manages to combine his fierce intellect with charm and a friendly persona. He is excellent with clients and knows how to get to the root of a problem.’

‘Michael Drury is the doyenne of national security law and this provides him with real expertise when it comes to cyber security issues.’

‘Julian Hayes and Michael Drury are both experts in their field and have the advantage over many competitors that they have a proven track record of acting in contentious investigations and litigation over many years.’

‘Julian Hayes has a deep understanding of data protection, privacy and cybersecurity. He also has a global awareness and perspective of how current issues are dealt with in other countries. He is the first person I phone when I need to discuss issues or bounce ideas around. He has an intuitive feel for the subject, backed up by sound knowledge and judgement.’

‘Michael Drury is a phenomenal lawyer with decades of experience with data protection and national security issues. He consistently provides strong legal and strategic advice.’

‘Julian is our go-to lawyer on UK law matters. He is an expert on data protection matters. He is always approachable, efficient, and practical.’

Bryan Cave Leighton Paisner

Under the leadership of GDPR specialist Kate BrimstedBryan Cave Leighton Paisner's team offers 'practical and sensible solutions' to data protection, privacy and cybersecurity issues. Frequently acting for Fortune 500 and FTSE 250 companies as well as household names such as Tesco, Royal Mail and Deliveroo, the group excels in data subject access requests, cross-border compliance projects, cyber incidents and regulatory investigations.

Practice head(s):

Kate Brimsted

Other key lawyers:

Jack Dunn


‘The firm’s international presence allows risk assessments in other jurisdictions to be done quickly and efficiently. The advice is always clear and proportionate.’

‘Kate Brimsted is able to offer sensible advice even when a matter is not clear cut. This is particularly important when the the client is not technical and may not be able to articulate all relevant technical details that may be relevant to data protection. Kate is also helpful in terms of guiding the in-house lawyers on how to communicate with technical specialists and other internal stakeholders to deliver a solution.’

‘We usually go to the firm with thorny problems which we cannot resolve ourselves. The team provides practical and sensible solutions to the problems that we face.’

‘Sensible and practical interpretation of rules which are at times opaque.’

‘They have performed various data protection and privacy projects to a very high professional standard. They remain our go-to adviser for data protection, privacy and cybersecurity requirements. The firm is always willing to assist with our enquiries no matter how small, and we feel the advice offered can be relied on which is always in the clients’ best interest.’

‘Kate Brimsted and Jack Dunn have been our two main contacts over a number of years. Their first class advice has enabled a strong bond of trust between us and the firm.’

‘Geraldine Scali is a great lawyer and has a world class knowledge of privacy laws. Her understanding of the issues allows her to provide practical advice to resolve issues quickly.’

‘In-depth legal technical knowledge across a variety of contracts and situations. Able to respond rapidly on urgent matters and manage an extensive caseload to ever changing deadlines. Effective reporting communication reflecting a strong understanding of client particular needs.’

Key clients

Apto Payments



Heathrow Airport

London Stock Exchange


Royal Mail

Stifel Financial


URW (owners of Westfield)

Work highlights

  • Advised a developer and operator of luxury accommodation for seniors with built-in domiciliary care, including collection and management of health information in conjunction with the third party regulated care provider.
  • Assisted various multinational organisations with the data protection implications of the design and launch of diversity and inclusion initiatives, including multi-jurisdictional employee surveys.
  • Acted on GDPR compliance assessment exercises for overseas-headquartered financial institutions, including in the Far East, with a particular focus on the recent EU and UK developments regarding regulation of international data flows.

Charles Russell Speechlys LLP

Housing a team of data protection specialists that sit within other departments such as employment, litigation and pensions, Charles Russell Speechlys LLP advises on international data transfers, data breaches, subject access requests and compliance programmes. The team is led by Jonathan McDonald, who is often sought after by clients from the healthcare, tech and financial services industries to handle compliance matters. McDonald is supported by senior associate Olivia Crane, who is well versed in international data transfers and data processing agreements, with a focus in the tech, healthcare and financial services sectors.

Practice head(s):

Jonathan McDonald

Other key lawyers:

Olivia Crane


‘The team provides very good strong practical advice and takes time to understand the client’s business to provide relevant advice.’

‘They devised a platform to store data protection documents so that they can be accessed by client and firm. It tracks data compliance matters and ensures everything remains current.’

‘Jonathan McDonald understands how to distill the regulations into the practical business environment. Always available for urgent matters.’

‘Friendly responsive practice that understands the workings and needs of your business.’

‘Jonathan McDonald deals with our business needs, he is very approachable and no question is stupid.’

Key clients


Caffe Nero

Oncam Global


The International Tennis Federation

Work highlights

  • Advised Ericsson and its Swedish parent company on UK Binding Corporate Rules (BCRs).
  • Assisted Caffe Nero with comprehensive advice on how to respond to a number of data subject access requests, including searching and collecting personal data, redacting third party information and complying with the regulatory obligations to respond to a request.
  • Acted for Nike on the data protection aspects of its’s commercial and tech agreements, including in relation to the integration of AI and augmented reality into the consumer journey.

DAC Beachcroft LLP

DAC Beachcroft LLP‘s team is ‘at the cutting edge of the law’ and geared to handle both contentious and non-contentious work, including ICO investigations, data subject access requests, class litigation, international data transfers and compliance matters. Co-practice head Jade Kowalski is especially sought after by clients in the insurance, financial services and tech sectors to advise on data transfers. Co-practice head Hans Allnutt is an expert in cybersecurity matters, ransomware attacks and litigation.

Practice head(s):

Jade Kowalski; Hans Allnutt

Other key lawyers:

Darryn Hale; Bett Randles; Astrid Hardy


‘Hans Allnutt is the doyen of mass data breach claims. His work on landmark matters has shaped the sector. Astrid Hardy is a real rising star, with an excellent eye for detail and the important points of a case. Eleanor Ludlam is excellent and good tactically. Bett Randles and Camilla Elliot are also very good from my work with them.’

‘Great team focused on building effective client relations with good turnaround and industry focused expertise.’

‘Jade Kowalski is friendly, attentive, pragmatic and solution focused. Aligned in thinking to the financial services industry and enable to provide useful insight into common practices and issue spotting.’

Key clients


Ecclesiastical Insurance

Domestic & General


NHS Digital

Beamtree UK

Egton Medical Information Systems

Data Science Central UK (DataCamp)


Pet Proactive

Eastlight Community Housing Trust

Lloyd’s Market Association

Mint Velvet & Others


NHS England


The Information Commissioner’s Office

National Data Guardian


Work highlights

  • Advised AXA UK on a full range of data protection matters, including strategic advice regarding international data transfers post Schrems II.
  • Assisted Verlingue (an insurance broker) in relation to a ransomware incident resulting in an application to the High Court for injunctive relief and judgment in default against the threat actor.
  • Represented NHS Digital in relation to a potential judicial review challenge regarding the proposal to create a national dataset of information held by GPs.

Mayer Brown International LLP

Mayer Brown International LLP is recognised for its ‘cross-border coverage and expert knowledge and background in cybersecurity and data protection law’. ‘Stand-out partner’ Mark Prinsley leads the practice and has extensive experience in advising pensions and clients in financial services sector on privacy and compliance matters. Prinsley works alongside cybersecurity expert Oliver Yaros.

Practice head(s):

Mark Prinsley

Other key lawyers:

Oliver Yaros


‘The team at Mayer Brown provides quick and excellent advice and solutions as we respond to ever-changing privacy laws and regulations. They work hard to understand our unique challenges and limitations to provide solutions that assist us with our compliance matters.’

‘Oliver Yaros is exceptionally talented at asking the right questions in order to create a programme that meets our needs as privacy laws and regulations change rapidly. He works very well and coordinates with the Mayer Brown team in the US to ensure that the EU and UK solutions work with our US compliance programme. He is energetic and responsive and provides great value for the work.’

‘There is a broad depth of legal knowledge and commercial understanding. A clear ability to translate legal context and intention into commercial and practical application. Subscription to Mayer Brown news, blogs and podcasts is useful and easily accessible at the clients convenience.’

‘Mayer Browns Data protection, privacy and cybersecurity practice has depth and breadth in its knowledge, is meticulous in its analysis of a particular company set-up and has the practical application to work with that set-up.’

‘They are particularly knowledgeable and humorous, and can predict their billing accurately. Mark Prinsley is the stand-out partner.’

‘Mayer Brown clearly has extensive knowledge and experience in this area. For those clients with a non-legal background, unlike a lot of other firms, the Mayer Brown team communicates legal issues to the client in layman’s terms the client can understand and then make decisions with confidence and assistance of the back up Mayer Brown provides.’

‘Mayer Brown has key capabilities in data protection and cybersecurity risk, steps to mitigate risks and in event of a breach, guidance on response and remediation. Oliver Yaros is a key partners.’

‘Cross-border coverage and expert knowledge and background in cyber security and data protection law.’

Key clients


Andersen Tax

Ingevity Corporation

Plantage Rio


Overmore Group

Bank of New York Mellon (BNYM)

TC Energy Corporation

Corney & Barrow Group

Caravel Group

Work highlights

  • Advised Fintech client Previse on the innovative legal framework which supports its unique financing model, the construction, ownership and licensing of Previse’s IP rights in the platform and data, and the terms on which parties may access and use it.
  • Assisted Marlin Equity Partners, a global investment firm, with the data protection aspects of its majority investment in Silobreaker, a leading provider of risk and threat intelligence solutions.
  • Advised ad technology company Overmore on the GDPR-compliant self-service platform it has developed for its customers, including on technology issues, data protection and intellectual property rights.

Morrison Foerster

Morrison Foerster is particularly active in the financial services and tech segments and handles the full spectrum of data protection, privacy and cybersecurity work, with the team most recently advising on international data transfers, data breaches, data subject access requests, representative actions and corporate deals. The practice is led by Annabel Gillham, who ‘provides excellent and practical advice at a very short notice’ and is especially sought after to act on ICO investigations, enforcement actions and compliance issues. Working alongside Gillham is Gemma Anderson, who is recommended for contentious matters and cross-border disputes.

Practice head(s):

Annabel Gillham

Other key lawyers:

Gemma Anderson


‘Annabel Gillham always responds very promptly and provides excellent and practical advice at a very short notice. Gilham is always quick to recognise the bigger picture and provides advice that is clear and concise.’

‘Annabel Gillham has a great client manner.’

Key clients

Marriott Hotels International


SoftBank Group Corp

ON Semiconductor




Work highlights

  • Advise a global insurance company on all aspects of data privacy, and in particular on complex cross-border transfer issues in connection with its reinsurance deals with UK-based pension schemes.
  • Assisted SoftBank Group with significant data protection matters in relation to the $65bn proposed sale of UK-headquartered multinational semiconductor and software design company Arm Limited to US chip company NVIDIA.
  • Acted for Infobip Group on a global basis on privacy and data security matters, including the setting up of its UK privacy compliance programme.

Paul Hastings LLP

Paul Hastings LLP‘s responsive, commercial and very knowledgeable’ team assists a wide variety of high-profile clients operating across a wide range of sectors, most notably fintech, financial services, tech and media, with cross-border compliance projects, data breach responses and regulatory investigations. Associate Ashley Webber is a key name in the area and well versed in international data transfers and privacy matters. Former practice head Sarah Pearce left the firm in 2022 to join Hunton Andrews Kurth LLP.

Other key lawyers:

Ashley Webber


‘I find Paul Hastings exceptionally easy to deal with – responsive, commercial and very knowledgeable.’

Reed Smith LLP

Praised for its 'exceptional knowledge of data protection and privacy', Reed Smith LLP excels in global compliance projects, regulatory investigations, cyberattack incident responses and data exports, with notably strength in regulated sectors such as life sciences and gambling. The practice is jointly led by Cynthia O’Donoghue, who is recommended for matters related to big data, privacy impact assessments and compliance programmes, and Elle Todd, who 'always delivers clear, succinct and practical advice' and frequently handles investigations, incident responses and cybersecurity strategies. Also noted are Carolyn Pepper, who is well versed in regulatory issues, and international data transfers expert Philip Thomas.

Practice head(s):

Cynthia O’Donoghue; Elle Todd

Other key lawyers:

Carolyn Pepper; Philip Thomas; Tom Gates


‘Elle Todd and Tom Gates are very much embedded in our organisation as data privacy advisers. They provide excellent commercial and cost effective legal advice. We’ve worked with Elle for three years now and she is an excellent person to have in your team. She is calm, can work at a very fast pace, has very good judgment and understands the data privacy landscape like no one else I’ve worked with.’

‘Tom Gates is like a member of our in-house legal team. He has developed an excellent understanding of our business operations and is able to provide commercial data privacy advice tailored to our organisation. He is very diligent but always conscious about producing advice in the most cost effective manner. I highly recommend him!’

‘Our experience is that the team at Reed Smith have exceptional knowledge of data protection and privacy and that they are able to translate to a practical level to give clear and meaningful guidance to clients. We have also observed that they foster development of individuals in their team and actively support and celebrate the progress and achievements of trainees as they progress in their career. We appreciate having a consistent single point of contact with an specific expert partner which brings valuable continuity to our service experience. Although we are a small business, we have always found the firm, from admin staff to partners, too be highly responsive and to make us feel valued as a client.’

Ropes & Gray LLP

Working in close conjunction with that firm's US offices, Ropes & Gray LLP is geared to advise on cross-border compliance matters, data transfers, regulatory investigations and cybersecurity incidents. Leading the group is ' knowledgeable and personable' Rohan Massey, who is often retained by clients from the financial services, life sciences, retail, and food and beverage sectors. Massey is supported by senior associate Robert Lister, who often advises on a wide range of buy and sell-side data protection matters related to transactional deals.

Practice head(s):

Rohan Massey

Other key lawyers:

Robert Lister; Edward McNichals


‘Strong team delivering pragmatic, sensible and implementable advice.’

‘Rohan Massey is knowledgeable and personable.’

‘This team is led by star Rohan Massey, who is assisted by a number of excellent colleagues. What he does not know about data risk is unimaginable.’

‘Rohan Massey is excellent in his field and is always our go-to person for data risk queries.’

‘The team includes excellent practitioners and is diverse in terms of age, gender, etc. They are all very much focused on data protection, privacy, cybersecurity and have great knowledge of the market and of the law.’

‘I know I can count on both Rohan Massey, who has extensive experience and is very smart and reliable, and Edward McNichals, who is a great data privacy lawyer and is very smart and reliable.’

Key clients

GHO Capital Partners

Monster Energy US


The Carlyle Group

Audley Travel Group

Sandbridge Acquisition


Bain Capital


Ardian Group


BDT Capital Partners

Sixth Street Partners

New Mountain Capital



Work highlights

  • Assisted Carlyle in respect of its global data compliance programme, most recently advising on a complex technology restructuring to integrate certain businesses onto global platforms.
  • Advised New Mountain Capital on the acquisition of a cutting-edge advertising technology company.
  • Acted for AllianceBernstein on global data protection issues ranging from SEC expectations and GDPR issues to the new cybersecurity expectations in China.

Shoosmiths LLP

The team at Shoosmiths LLP is ‘extremely knowledgeable about data protection, particularly international data transfers’ and is especially active in the automotive, life sciences and software sectors, where it typically handles regulatory investigations, compliance matters, data breaches and subject access requests. Practice head Sherif Malak is ‘a superb expert in the field of data privacy and always delivers sound and commercial advice‘. Malak works alongside Nick Holland and Anastasia Fowle. Birmingham-based Sarah Tedstone was made partner in May 2021.

Practice head(s):

Sherif Malak

Other key lawyers:

Sarah Tedstone; Anastasia Fowle; Nick Holland; Christian Cockcroft (Senior Associate); Adam Fox (Senior Associate)


‘The team is highly knowledgeable and has great experience in the field.’

‘Sarah Tedstone stands out as having an in-depth knowledge of the subject.’

‘Anastasia Fowle is knowledgeable and pragmatic. The firm’s deep understanding of the motor industry makes it uniquely positioned to respond to our specific initiatives.’

‘In an area that is vastly changing on almost a daily basis, the team at Shoomsmiths keeps up to date with cutting-edge and commercially viable advice. They make labour intensive work seem inconsequential and deliver technical advice on a clear and pragmatic manner.’

‘Nick Holland and Christian Cockcroft are clear masters of their subjects. They are able to grasp information quickly and deliver advice in an expeditious manner.’

‘Sherif Malak is a superb expert in the field of data privacy and always delivers sound and commercial advice. His understanding of our business and internal workings of the company is a huge plus.’

‘They are very good at responding quickly to urgent matters, and excellent at taking complex matters and explaining them in more simple terms so the wider business understands the matter. They are also excellent at helping to assess the commercial risk for various data-related activities. One of the many things I like about the Shoosmith’s data privacy team is that they fully collaborate with the business and our parties to help find practical, commercial and compliant solutions for our projects and initiatives.’

‘We rely heavily on the data privacy expertise of Adam Fox.’

Key clients

Next 15 Communications

Estee Lauder Companies


Fair Isaac Cooperation

WeWork International

British American Tobacco


Groupe Renault

Global Switch


Cignpost Diagnostics

Ultralinq Healthcare Solutions

Belbin Associates

Nissan Motor Company


Santander Consumer Finance


Conde Nast International



GoBrands (Gopuff)

Work highlights

  • Assisted Next 15 Communications as its global data protection officer for its 25 brands.
  • Avised Cignpost, innovative life sciences business, on a broad range of complicated and sector-specific privacy matters, including several large projects.
  • Acted for Volkswagen Group as its appointed sole data privacy counsel on its AdTech and digital marketing activities and related training programmes.

Sidley Austin LLP

With a strong focus on the life sciences and financial services industries, Sidley Austin LLP often acts for a wide range of financial institutions, fintech and pharmaceutical companies, and insurance firms on GDPR-related matters and international data transfers. Leading the practice is William Long, whose expertise spans regulatory matters, e-commerce issues, and information security. John Casanova is a key name for investigations and commercial transactions. Also noted are senior managing associate Francesca Blythe, who is ‘very responsive, pragmatic and clear in her advice’, and managing associate Eleanor Dodding, who is well versed in GDPR matters.

Practice head(s):

William Long

Other key lawyers:

Francesca Blythe; Eleanor Dodding; Lauren Cuyvers


‘The practice is distinguished by its leadership, namely William Long, who is an expert in the field but also a pragmatic thinker and commercially oriented.’

‘I particularly appreciate William’s no-fuss demeanor, and quiet, efficient execution of every task. Without any fanfare, the work is undertaken, timely delivered, and always reflective of an application of the law within the context of commercial realities.’

‘The team is knowledgeable and very responsive. They are flexible and deliver quality services.’

‘William Long, Francesca Blythe, Lauren Cuyvers, and Eleanor Dodding are an absolute pleasure to work with. While this is not important to everyone seeking legal advice, particularly in today’s fast-paced digital economy, I would much rather have a conversation with counsel who takes the time to be personable, is always polite, and has a sense of humor than one who is merely competent.’

‘The team is great at answering questions practically and pragmatically.’

‘I have worked with Francesca Blythe, who is very responsive, pragmatic and clear in her advice.’

Key clients



Jazz Pharmaceuticals


Nektar Pharmaceuticals

Magnetar Capital

Dicerna Pharmaceuticals

IO Biotech ApS

Monument Group

Work highlights

  • Advised Mallinckrodt, an international pharmaceutical company, on the development and implementation of a global privacy programme.
  • Assisted Accelerant, a fast growing international insurance company, with a range of data protection and GDPR-related matters, including the review of data processing provisions in contracts with vendors and data transfer requirements following the Schrems II case.
  • Acted for Jazz Pharmaceuticals on EU data privacy and the GDPR matters, including issues in the context of direct marketing and international transfers.

Stephenson Harwood

The 'engaged, pro-active and practical' team at Stephenson Harwood collaborates with the firm's offices in Hong Kong, Singapore and Dubai to offer 'excellent practical advice' on international data transfers, data subject access requests, data breaches and investigations. Katie Hewson leads the practice and is well regarded by clients as a 'valued advisor in relation to EU and UK GDPR matters'. The group welcomed in February 2022 former Osborne Clarke LLP practitioner Simon Bollans, who has extensive experience in advising on IT transactions, compliance matters and cybersecurity issues. 

Practice head(s):

Katie Hewson

Other key lawyers:

Simon Bollans; Bobbie Bickerton (Associate)


‘Katie Hewson is friendly and efficient and great at distilling the law down to its practical application. In a live and developing cyber security situation, we found Ben Sigler to be calm, considered and practical as well as available and engaged.’

‘Katie Hewson has has excellent technical knowledge and gives practical, commercial advice that is relevant to our company. She is a delight to work with and is my go-to lawyer for data protection advice.’

‘Katie Hewson has a genuine passion for data privacy and brings huge enthusiasm, energy and determination to any problem. She is practical, hands on and a delight to work with.’

‘It is very rare to find an external legal team that not only provides excellent legal advice, but provides excellent practical legal advice. Too often, external firms simply recite the law, and do not apply it to the situation at hand.’

‘Katie Hewson acts as an extended member of our in-house legal team. I know the advice I receive from Katie will take into account the risks and concerns of our particular business. Katie knows there is no one size fits all, and she takes time to understand the business and our risk appetite. She is an invaluable resource.’

‘We work regularly with Katie Hewson who is a valued advisor in relation to EU and UK GDPR matters, and has also helped us fill resourcing gaps where needed for other privacy-related work such as policies and procedures. Katie is very practical and has good industry knowledge. Her turnaround times are fantastic and she is always available to jump on a call.’

‘The Stephenson Harwood’s data protection, privacy and cybersecurity practice provides excellent practical advice, with deep knowledge of both the law and current practices in the industry. The team is keen to get to know our business which means the advice is very relevant and can be implemented which is key in this area.’

‘Katie Hewson and Bobbie Bickerton can advise on any topic with speed and at a reasonable fee. The advice is pragmatic and can be implemented. Katie and Bobbie also make sure we are aware of new legislation that is coming down the line so we can keep one step ahead.’

Key clients

Bvlgari UK

S&P Global


Mizuho Bank

Trident Trust

Neuberger Berman Europe

Trenitalia c2c

Civica Group

Fine Art Group

Abellio Transport Holdings

Work highlights

  • Advised S&P Global on a wide variety of data protection issues, notably the significant data protection impacts of its $44bn merger with another financial information services provider, IHS Markit.
  • Assited Exscientia, a cutting-edge AI drug discovery company, with a data protection review in the run up to its $2.9bn listing.
  • Advised a global advisory company working on behalf of the Foreign, Commonwealth and Development Office,  on the Data Protection Bill of a significant South Asian jurisdiction to facilitate international data sharing in the public interest.

Travers Smith LLP

Under the leadership of IT and outsourcing expert Dan Reavill, Travers Smith LLP's technology and data group frequently handles global compliance projects, complex data subject access requests, international data transfers and data breaches. Key practitioners in the team include 'commercial and responsive’ James Longster and Louisa Chambers, who 'provides straightforward and easy to understand advice in an efficient and cost effective way’. The team is particularly active in the financial services, retail, fintech and automotive sectors.

Practice head(s):

Dan Reavill

Other key lawyers:

James Longster; Sarah Robinson (Associate); Stephanie Beams (Associate); Louisa Chambers


‘James Longster always knows much more than the other side but wears it with good humour.’

‘Louisa Chambers is very approachable and easy to get hold of. She provides straightforward and easy to understand advice in an efficient and cost effective way.’

‘James Longster is incredibly commercial and responsive.’

‘The team manages to strike an excellent balance between commercial considerations and obligations under DP law. They allow us, as data controller but not lawyers, to understand choices and implications in order to make the key decisions. The advice is there with clarity and without undue influence or steer.’

‘The individuals strike a good balance between being personable and professional. So interactions are efficient and thorough, without being a chore. Particular positive mention to James Longster, Sarah Robinson and Stephanie Beams.’

Key clients

Micro Focus

Kroll Associates UK


Marathon Asset Management

Foster & Partners



CLS Holdings

Bain Capital






Association for Computer Machinery

Work highlights

  • Advising Truworths International, the owner of the Office and Offspring high street and online shoe retailers, on its UK and EU privacy compliance, including complex international data transfer arrangements and direct marketing initiatives.
  • Acted for Pay.UK, the UK’s retail payments authority, on the data compliance architecture for the launch of the UK’s new payment system.
  • Assisted Rathbone, a FTSE 250 UK-based provider of investment management services, with ongoing data protection compliance, including its templates and various critical data processing agreements with its third-party suppliers and business-critical transfers of personal data to third countries.

Wiggin LLP

With extensive expertise in the media and entertainment, marketing and gaming segments, the data privacy team at Wiggin LLP ‘is not only technically knowledgeable but also commercially astute, making it a very good business partner’. Practice head Patrick Rennie is a key contact for GDPR-work, audits, direct marketing issues and compliance matters. Senior Associate Christina Henry, who focuses on the tech and media sectors, is also another name to note.

Practice head(s):

Patrick Rennie

Other key lawyers:

Christina Henry


‘Strong commercial understanding of how data protection works in the gambling sector. Practical recommendations on how to proceed rather than just repeating the law.’

‘Patrick Rennie not only understands data protection law but also how to offer advice within a commercial context. He is practical and great at solving problems encountered by clients’

‘Wiggins is extremely knowledgeable in the iGaming sector and is trusted by us to lead and advise on data protection.’

‘Wiggin is an extension of our in-house legal function. The team seamlessly steps in to support us when we need. Its industry knowledge is fantastic and allows it to advise with real practicality and commerciality.’

‘Patrick Rennie is incredibly knowledgeable and practical. He is able to give fast and clear advice on every issue we are facing.’

‘Patrick Rennie has been excellent as the key point of contact for privacy-related work. The differentiator we have felt with Wiggin is that the advice is always anchored in practical, pragmatic considerations and it is always provided from a standpoint of knowing our business very well.’

‘The Wiggin data protection, privacy and cybersecurity team is not only technically knowledgeable but also commercially astute, making it a very good business partner.’

‘Patrick Rennie is not only very technically competent in this area but also, having spent substantive time on secondment in DPO roles in-house, understands the practical and commercial realities faced by businesses and DPOs intimately.’

Key clients

The Stars Group t/a Pokerstars

Centaur Media

Transaction Services Group

Expereo International BV

Starz Entertainment

Oxford Strategic Marketing

WHG (International) (William Hill)

SP Film Production (Sony)

DAZN Media Services




Perform Content Services

Work highlights

  • Assisted the Stars Group t/a Pokerstars with all of its data protection matters, providing support for its DPO and in-house team.
  • Acted for Centaur Media, a publisher of B2B publications, on a wide range of data protection compliance matters, including the implementation of cookies and direct marketing.
  • Advised Xplor and its group of companies on a full range of data protection matters, including audits, intra-group agreements, and international data transfers.

Bates Wells

Bates Wells is noted for its ‘vast experience of working with non-profit organisations’, which often seek out the practice for advice on data protection matters, marketing issues and regulatory compliance. A key contact in the team is Eleonor Duhs, who is well versed in GDPR work, regulatory investigations and data transfers. Victoria Hordern has recently departed the firm.

Other key lawyers:

Victoria Hordern; Hannah Lyons (Senior Associate); Rayhaan Vankalwala (Associate): Eleonor Duhs


‘This practice has vast experience of working with non-profit organisations. Their responses and advice, whether it be about marketing and/or data protection have always been timely, precise and pragmatic.’

‘The quality and expertise of Bates Wells practitioners stands out for their professionalism. This can be in regards to invoicing and the professional services of their lawyers. We have mainly sought advice from Hannah Lyons who has a wide breadth of knowledge regarding the charity sector, fundraising and data protection.’

‘I worked with Victoria Hordern and Rayhaan Vankalwala. Their approach is brilliant. They are sensitive to the situation of the client and very supportive. Their advice is concise and clear, and I felt very comfortable asking additional questions after our initial meeting.’

‘Bates Wells have been extremely generous and supportive to our charity, advising us in a range of legal areas such as GDPR.’

‘Michael Charalambous has been very helpful with his expertise in data protection. We have developed a much more comprehensive and robust data protection policy which is fully GDPR compliant thanks to his advice and support.’

‘The team at Bates Wells is really well versed on specific topics and can also provide insight on related areas as required. They work really well as a team and are able to provide support to each other when the need arises.’

Farrer & Co

Companies in the education, media, retail, tech, charities and financial services sectors turn to Farrer & Co for assistance with a wide range of matters, spanning data subject access requests, data protection compliance, investigations and litigation. Leading the group is Henry Sainty, who excels in ePrivacy regulations, GDPR matters and freedom of information law. Ian De Freitas focuses on ICO investigations and data breaches and Peter Wienand is a key contact for international data transfers. Another name to note is Owen O’Rorke, who handles both contentious and non-contentious matters.

Practice head(s):

Henry Sainty

Key clients

Telegraph Media Group

We Buy Any Car

Independent Schools Bursars Association (ISBA)

J.P. Boden & Co

Lawn Tennis Association (LTA)

The Economist Newspaper



UK Athletics (UKA)

Activity Alliance (English Federation of Disability Sport)

Work highlights

  • Assisted We Buy Any Car with an ICO investigation into the company’s online marketing activities and alleged lack of compliance with the Privacy and Electronic Communications Regulations.
  • Advised the Lawn Tennis Association (LTA) on data protection issues, including numerous matters arising from the LTA’s complex relationships with clubs, counties, coaches and players in an information sharing and safeguarding referral context, as well as cross-organisation data sharing agreements and direct marketing compliance.
  • Acted for Independent Schools Bursars Association (ISBA) on a number of data protection matters.


Goodwin is particularly known for its strong expertise in emerging technologies and the life sciences sector, and is rated for its 'solid advice and guidance'. Co-practice head Gretchen Scott draws on more than 20 years of experience in advising tech and data driven businesses on global compliance projects, investigations and incident response. Co-practice head Lore Leitner is highly regarded as 'truly excellent, super pragmatic, commercial and thorough', and is a key contact for GDPR work and the privacy and data protection matters related to corporate transactions. Also noted is counsel Curtis McCluskey.

Practice head(s):

Gretchen Scott; Lore Leitner

Other key lawyers:

Curtis McCluskey


‘The Goodwin Team is supremely knowledgeable in the field but also demonstrates realism and pragmatism when understanding the nature of any data protection and privacy challenges. The team uses its expertise and experience to provide solid advice and guidance. They are always on hand, quick to respond and are also lovely to interact with.’

‘Gretchen Scott and Curtis McCluskey are personable, friendly and helpful. I value their opinion and also really enjoy interacting with them as there is mutual respect and an openness to learn and adapt.’

‘Strong bench and very well connected.’

‘Lore Leitner is truly excellent, super pragmatic, commercial and thorough.’

‘I have had the pleasure of working with Curtis McCluskey over the past 18 months as my primary GDPR and data privacy advisor. I have come to rely upon his counsel and partnership for all data privacy matters.’

‘Curtis McCluskey is very client oriented and provides clear input and advice.’

‘Great specialists. Very user friendly and prompt to reply. A reliable external adviser in this field.’

‘Gretchen Scott is excellent.’

Key clients

Allurion Technologies

AM Pharma

Andreessen Horowitz

Bank Delen

Bregal Sagemount


Celsius Therapeutics


Couchsurfing International


Epic Staffing

FIA Technology






National Public Radio

Peanut App





TA Associates


Theradex Oncology

TowerBrook Capital


Webster Equity Partners


Work highlights

  • Advised Andreessen Horowitz on a number of high-stakes investments in emerging companies with significant global privacy and data protection considerations.
  • Acted for Meta on the development of the first EU-wide code of conduct under the GDPR.
  • Assisted Deliveroo and its global privacy team with all aspects of its privacy and data protection compliance matters across a number of jurisdictions.

Harbottle & Lewis LLP

With extensive expertise in marketing AdTech and digital media, Harbottle & Lewis LLP frequently advises on the data aspects of high-profile marketing campaigns, data breaches, reputation management, large scale data subject access requests and compliance matters. The team is jointly led by Anita Bapat, who excels in international data transfers and investigations, and cybersecurity expert Emma Wright.

Practice head(s):

Anita Bapat; Emma Wright

Key clients

Take Two Interactive


De Beers Group

Havas Media Group


The Ozone Project

Nimax Theatre


WhiteHat Jr

Hunter Boots

Primer API


Atom Learning

Citywire Financial Publishers


Equal Experts

Knight Frank

Work highlights

  • Advised Havas Media Group on complex data privacy issues in relation to its agencies’ digital advertising activities.
  • Acted for a Chinese online retail platform on various data privacy issues associated with its expansion into the UK and Europe.
  • Advised the real estate consultancy Knight Frank on all aspects of its privacy compliance programme.

Kingsley Napley LLP

Kingsley Napley LLP houses a sizeable team of professionals that have ‘the skill and experience to deal with all aspects of data protection and privacy work, including those involving contentious and criminal matters’. The practice is jointly led by Emily Carter, whose expertise spans public law, regulatory investigations, information law and prosecutions, and GDPR and juridical review specialist Adam Chapman. Other key names in the group are David Sleight, who is recommended for enforcement actions and investigations, and media litigator Helen Morris.

Practice head(s):

Emily Carter; Adam Chapman

Other key lawyers:

Helen Morris; Nick de Mulder


‘Kingsley Napley’s data protection and privacy practice perfectly dovetails with its market leading work in criminal litigation and investigations. Its lawyers have the skill and experience to deal with all aspects of data protection and privacy work, including those involving contentious and criminal matters.’

‘David Sleight is agile and an innovative practitioner. He is on top of the details of the case and the big picture.’

‘A fantastic team whose members all work together to ensure that the client gets the best service and results possible.’

‘Nick de Mulder brings a high level of clarity, experience and practical advice.’

‘The team is characterised by the highest level of professionalism. Due to the size of the team and the many years of experience of its leaders, the team can react quickly to any situation. What particularly distinguishes the colleagues at Kingsley Napley is that they not only have great legal expertise, but that they are also very well connected internationally. What is particularly striking about the team at Kingsley Napley is the high proportion of women, which in my opinion contributes greatly to the fact that the team as a whole seems to function excellently and the clients are not only managed with a great deal of expertise, but also with a great deal of empathy.’

‘I have had the privilege of working with the partners Sue Thackeray and Helen Morris on reputation management cases. They both impress with their overall understanding of media crisis situations, both from a legal and a PR perspective. Both are constantly available and the cooperation is always very pleasant, even under high pressure.’

Key clients

David Spivack

Lewis Silkin

Rated for its ‘ability to provide clear and concise advice driven by business needs’, Lewis Silkin ‘has deep knowledge of data protection laws’ and is often retained to advise on compliance matters, subject access requests and data breaches. Under the leadership Alexander Milner-Smith and Bryony Long, who together have extensive experience in data processing and multi-jurisdictional compliance projects, the team acts for clients across a wide range of sectors, most notably financial services, tech, media and entertainment and marketing. Managing associate Tom Ford has niche expertise advising on workplace privacy and data protection.

Other key lawyers:

Ali Vaziri; Sean Illing; Tom Ford


‘Alexander Milner-Smith is an expert when it comes to complex data protection and privacy issues. He is very focused, fast-thinking and pragmatic. He always handles matters efficiently. He is business oriented and never loses sight of the client’s best interests.’

‘Bryony Long provides excellent practical advice, enabling clients to make informed choices within a risk-based privacy framework. Bryony’s friendly and responsive approach makes her a pleasure to work with.’

‘All of the individuals I have liaised with have been very knowledgeable about the specifics and requirements of data protection law. They are able to explain the various options in clear and sufficient detail, and provide practical advice on what to do.’

‘Bryony Long has built an excellent practice with top quality associates who deliver very practical and efficient advice.’

‘Bryony Long is an exceptional partner with a real talent to cutting to the core of the issue and delivering practical advice in a timely manner. Ali Vaziri is also technically diligent and leaves no stone unturned to provide commercially balanced and clear advice.’

‘Ali Vaziri is exceptional and has tackled some very difficult and unique data situations for us and given us the advice we needed and would probably not have got anywhere else. He is absolutely the person I would go to for any data protection matters.’

‘I would  recommend Sean Illing if you have any subject access requests to deal with, especially difficult and detailed ones with multiple litigation matters in the background and a wealth of documentation to go through. There is more law involved in this than most people know and he will guide you exceptionally through what can be a very difficult and stressful process.’

‘Working with Sean Illing has allowed us to manage general privacy compliance in an efficient manner and most importantly in a manner which aligns to our business needs. Being given legal advice with a business driven focus is difficult to find, but we found that with Sean.’

Key clients

Omnicom Group (including Omnicom Media Group, TWBA, BBDO, DAS Group, DDB)

Viacom CBS

Daily Mail & General Trust



Harvey Nichols


Work highlights

  • Acted for an international events organiser on a review of GDPR compliance and a remediation plan.
  • Advised a financial services firm on the data protection aspects of an acquisition.
  • Assisted a global technology manufacturing organisation with data protection assessments in relation the AI aspects of its products.

Mills & Reeve LLP

The data protection team at Mills & Reeve LLP is active across a wide range of sectors, most notably tech, education, healthcare and charity, and is rated for being ‘responsive and extremely knowledgeable in the area of data protection and privacy’. The practice is jointly led by GDPR specialist Jagvinder Singh Kang, Gary Attle, who is a key contact for freedom of information matters and litigation, and Peter Wainman, whose expertise spans compliance audits, data sharing contracts and data breaches.

Practice head(s):

Jagvinder Singh Kang; Gary Attle; Peter Wainman

Other key lawyers:

Paul Knight; Richard Sykes; Helen Tringham; Emma Tuck (Principal Associate)


‘Huge breadth of experience, plus pragmatic advice.’

‘Jagvinder Singh Kang just knows everything and what to do in a crisis.’

‘Not only does Mills & Reeve has deep knowledge of data protection laws, it is adept at finding solutions for implementing processes that comply with those laws. Mills & Reeve has invested time to learn about our organisation and our industry, dramatically enhancing the value of the data protection advice its lawyers provide.’

‘Peter Wainman ‘s knowledge of technology and its uses in the healthcare sector separate Peter from other data protection lawyers. In the continuously evolving landscape of data protection laws, he can navigate through the risks and requirements to help the quick identification of the the best available options.’

‘Mills and Reeve has a great team, which is responsive and extremely knowledgeable in the area of data protection and privacy.’

‘Richard Sykes, Helen Tringham, Emma Tuck and Paul Knight are our main contacts. They are responsive and work closely with us, taking the time to understand our situation and its nuances.’

‘The data protection practice at Mills & Reeve has played a vital role in the establishment of our charitable programmes. These programmes involve complex data sharing frameworks and arrangements and Mill & Reeve has provided accurate and practical advice throughout, which has led to the successful launch of our programmes. In particular, the tailoring of advice to our individual circumstances and the application of the legislation to the environment we operate was very impressive.’

‘We have worked closely with Paul Knight and his team. Paul’s ability to apply the relevant data protection legislation accurately but in a practical and pragmatic way to suit our needs and the needs of our constituents has been invaluable.’

Key clients

Macmillan Cancer Support

Chartered Institute of Personnel and Development (CIPD)

Fareva Group

Podium Analytics


Siemens Healthcare




Nottingham Trent University

Work highlights

  • Assisted MySense with its technology SaaS offering in the field of wellbeing data analytics including its proprietary AI platform and IoT technology.
  • Acted for a multi-billion-pound global pharmaceutical company listed on the New York Stock Exchange on its intra-company global data protection arrangements.
  • Advised a private equity-backed blockchain crypto-exchange and currency provider on its global IT and data protection arrangements, including GDPR and data protection law requirements.

Morgan, Lewis & Bockius UK LLP

With specialist teams across Europe, the Middle East, China, Singapore and the US, Morgan, Lewis & Bockius UK LLP is uniquely positioned to handle GPDR matters, multi-jurisdictional compliance programmes and data transfers. The team is jointly led by Pulina Whitaker, whose expertise spans outsourcing transactions, employment data privacy issues, and data breach investigations, and Matthew Howse, who is recommended for privacy and cybersecurity matters.

Practice head(s):

Pulina Whitaker; Matthew Howse

Key clients

Mitek Systems

Urban Outfitters

Total System Services

The Kraft Group

Mesmerise Global


Work highlights

  • Assisted Mitek Systems with complex privacy issues relating to the use of data, including biometric and hashed data, customer agreements and data sharing requirements.
  • Advised Urban Outfitters on various aspects of data privacy, including website cookies and data transfers as well as privacy notices and compliance with supervisory authority requirements and recommendations.
  • Acted for TSYS on all aspects of data protection relating to international commercial agreements as well as internal processing activities.

Pillsbury Winthrop Shaw Pittman LLP

With notable expertise in tech, advertising, social media, financial services and pharmaceuticals, Pillsbury Winthrop Shaw Pittman LLP excels in international data transfers, GDPR work, compliance matters, data breaches and investigations. Splitting his time between London and Silicon Valley, Rafi Azim-Khan leads the group and is highly regarded as ‘an outstanding expert in data privacy law’. He works alongside privacy and data breach specialist Steven Farmer.

Practice head(s):

Rafi Azim-Khan

Other key lawyers:

Steve Farmer


‘Rafi Azim-Khan provides excellent advice for cross-border deals. His advice is critical for US-based companies looking to do business in Europe given the differences in data protection laws between the US and Europe.’

‘Pillsbury has worked with my business on a range of data privacy, commercial and regulatory matters for many years. The team brings strategic thinking and rare depth of experience in data, e-commerce, web platforms, marketing, etc. to their advice. I am a very happy client and plan to continue our long relationship for many years to come.’

‘Our work with Rafi Azim-Khan over the years has been a true partnership. I trust his advice and guidance, and he plays an important role in many areas of our business. He is also very good about connecting me with his fellow partners for specific advice. Rafi is a top-notch international business lawyer and first-class for technology and data privacy advice. I would say that Rafi is an outstanding expert in data privacy law. He is a true specialist not only in GDPR and CCPA but also in the laws of many other countries.’

‘The depth of knowledge and experience in the field of data protection, privacy and cyber is, in my experience, unsurpassed. The team is responsive, practical and pragmatic. Its advice has been crucial to the growth of our business.’

‘Steven Farmer’s input and advice on a broad range of topics has been indispensable to our business. His views and advice are always clear, concise and informed. His expertise in the field of data protection makes business decisions easier and provide comfort to me and my fellow shareholders. He has a fantastic attitude and is so easy to work with – always delivering quickly and with a deep understanding of what we want to achieve.’

‘Steve Farmer is very knowledgeable and he is always timely with his responses. Rafi Azim Kahn is an expert in this area and has the regulatory contacts to be able to get sound advice on murky issues.’

‘Rafi Azim-Khan is simply the best in his field. His guidance through an ever-changing regulatory framework provides the confidence to our company and our board that we need as we expand into new international markets.’

‘The team can provide global advice. We are an international organisation with offices and doing business in multiple countries. Pillsbury always has us covered.’

Key clients

Victaulic Company

Sinclair Broadcast

CSC (Corporation Service Company)

Upland Software



Decision Logic

State Street Corporation

HM Electronics

G.Network Communications

Institute of International Finance

Work highlights

    Pritchetts Law

    Pritchetts Law is particularly active in the media, financial services, retail, healthcare, charity and education sectors, where it handles a wide range of data protection and privacy matters, including international data transfers, risk assessments and regulatory compliance, among others. Stephanie Pritchett, who 'has a wealth of knowledge on all things data privacy related' leads the team alongside 'pragmatic and all-round lawyer’ Ben Wootton.

    Practice head(s):

    Stephanie Pritchett; Ben Wootton


    ‘Prompt response and very efficient. Clear billing regime.’

    ‘Available, practical, clear and tailored advice.’

    ‘They are some of the most knowledgeable DP lawyers I know, and they bring a wealth of industry knowledge from their time spent in-house earlier in their careers.’

    Key clients

    Yeo Valley Farms

    Ceuta group

    Voice and Script International



    Link Maker Systems

    Northumbrian Water

    National Foundation for Educational Research


    PDP Companies

    AXA Health

    Breast Cancer Now

    Scammell & Nyland

    CFH Docmail

    Work highlights

    • Advised Yeo Valley, a UK’s organic food brand, on its understanding of the data that it collects, drafting detailed privacy notices, responding to data subject access requests and implementing new processes to manage future individual rights requests.
    • Acted for VSI, a global provider of translation and post-production services in the broadcasting industry, on the use of actors’ personal data and voice recordings and international data transfers within the group’s companies.
    • Assisted DataRobot, a leading artificial intelligence cloud service provider, with data sharing arrangements within its network of companies, its AI platform and the collection and use of employee data related to Covid-19.

    PwC LLP

    PwC LLP is noted for its strong cross-border capabilities, which makes it uniquely positioned to handle large global compliance projects and international data transfers. The practice was recently boosted with the arrival of counsel Chris Cartmell, who joined the firm in November 2021 from Tiang & Partners, bringing extensive expertise in data protection and cybersecurity. Cartmell leads the group alongside Fedelma Good, who has more than 30 years of experience in advising on privacy compliance.

    Practice head(s):

    Chris Cartmell; Fedelma Good


    With strong and specialised expertise in media, tech, advertising, gaming and social media, Sheridans is 'excellent at explaining, informing and guiding' clients on data protection and privacy matters, including regulatory compliance, data processing, and the data privacy aspects of corporate transactions. Eitan Jankelewitz heads up the team and is rated for his 'deep knowledge of data protection and technology'. Stefano Debolini is recommend for data breaches, data sharing agreements and regulatory matters. Antonia Gold, who is dual qualified in England and Germany, excels in GDPR work and ePrivacy issues.

    Practice head(s):

    Eitan Jankelewitz

    Other key lawyers:

    Stefano Debolini; Antonia Gold; Alex Tutty


    ‘We use Sheridans for its experience in video game companies.  The team knows how we work and key legislation. It saves a lot time explaining our industry and the specific needs that entails.’

    ‘The team is always available on email or phone call. Since COVID, I have noticed zero impact on the work rate or quality. We have had numerous Zoom meetings which have worked fantastic and been very productive.’

    ‘Sheridans is excellent at explaining, informing and guiding us in our legal matters. Everything is very transparent and easy to follow.’

    Key clients


    The Economist





    Fireproof Studios


    Internet Advertising Bureau

    Lead Forensics


    Work highlights

    • Assisted The Economist   Sheridans with its data compliance and strategies for data monetisation.
    • Advise new client and UK unicorn Motorway on its entire compliance regime, including all uses of data whether internal or external, marketing or operational.
    • Acted for Awin, an online marketing networks, on all of its privacy and related commercial matters.

    Stevens & Bolton LLP

    The ‘clever, responsive, and well-informed’ data protection team at Stevens & Bolton LLP houses experts from various practice areas, including technology, employment, IP and dispute resolution. Under the leadership of Beverley Flynn, the group typically handles data breaches, international data transfers, and compliance matters. Working alongside Flynn are dispute resolution expert Sarah Murray, Gary Parnell, who focuses on the IT and telecom sectors, and employment specialist Kerry Garcia.

    Practice head(s):

    Beverley Flynn

    Other key lawyers:

    Charles Maurice


    ‘Excellent firm. Great breadth of specialisms and knowledge. Pro-active and diligent.’

    ‘Beverley Flynn is brilliant. Highly personable, knowledgeable and pragmatic. She inspires confidence in the top quality advice she provides.’

    ‘Very clear responses and guidance that address the issue in hand. Excellent understanding of our company and the industry. Structured responses. Superb knowledge and great relationship with clients.’

    ‘Clever, responsive, and well-informed.’

    ‘The team is very hands on and to-the-point in their advice, always a pleasure to work with them.’

    ‘Beverley Flynn and Charles Maurice are highly recommended professionals.’

    ‘I have worked with Stevens & Bolton for many years on different legal aspects and have always found its advice well considered, well explained to clients and presented well and timeously .’

    ‘Charles Maurice explained the principles and guided me through a very difficult subject for which I was very grateful.’

    Key clients

    Foodient (t/a Whisk)

    Club Logistics

    BrightStarr (t/a Unily)

    Cad & The Dandy

    G&J Distillers (t/a Quintessential)

    Kia UK


    RBB Economics

    UST Global Private

    Work highlights

    • Assisted the DPO for Kia Motors UK with all of its data protection matters, including advice on telematics for vehicles and the structure of the telematics arrangements in the Kia Group.
    • Advised Penhaligon’s as part of a GDPR/data protection retainer arrangement on all of its data protection matters.
    • Acted for Quintessential on the launch of the data protection aspects of its online offering to consumers during lockdown, including a loyalty programme.


    TLT houses 'an experienced pool of lawyers, who are highly skilled in data protection, privacy and cybersecurity', which attracts a strong following from public sector clients and companies operating across the retail, telecom, financial services and education segments. Practice head Gareth Oldale is praised for his 'great depth of knowledge and experience when it comes to data protection and cybersecurity matters'. Other key names in the team are legal director Louisa Williams, who is skilled in international data transfers, e-privacy compliance and data breaches, and Bristol-based Ed Haynes, who is recommended for sensitive data protection matters.

    Practice head(s):

    Gareth Oldale

    Other key lawyers:

    Ed Hayes; Emma Erskine-Fox; Louisa Williamson


    ‘TLT is my first port of call for anything related to law enforcement related data protection queries. Its close involvement in this field means that it keeps abreast of all the latest moves and developments in data protection in general.’ 

    ‘Gareth Oldale provides a great depth of knowledge and experience when it comes to data protection and cybersecurity matters, especially where they relate to issues faced by public sector clients. His help on matters relating to law enforcement and intelligence processing and his in-depth understanding on the approaches taken and the legal frameworks used in other jurisdictions have proven very beneficial on numerous occasions. Always responsive, knowledgeable, and happy to provide a friendly word of advice.’

    ‘These guys know our business and are truly determined to help us get the best results. I love them!’

    ‘TLT has an experienced pool of lawyers who are highly skilled in data protection, privacy and cybersecurity. Having worked with them on some complex privacy matters, I found them to be able to articulate the risks faced by the client in a clear, honest and approachable manner. They were able to present the facts and manage the client expectations well and were very quick to deliver a resolution with even the most difficult of claimants. As there are a number of skilled legal advisors within the practice, it was great for the client from a resilience perspective as there was always someone to contact for support and guidance. Nothing is too much trouble and the team has also been very supportive in answering client ad hoc queries. The billing process was well explained too.’

    ‘For me there have been four individuals that have really stood out from a client perspective and these are Gareth Oldale, Emma Erskine-Fox and Ed Hayes. Their style and professional approach is very welcoming, extremely knowledgeable and reassuring. They are able to articulate complex data privacy issues into clear understanding and highlight any areas of least to major concern. I enjoy reading their informative articles on data protection, privacy and cyber security as they are so easy to digest. Knowing they will go out of their way to make themselves available for a quick discussion when the most challenging of matters come to light is such a relief!’

    ‘TLT offers a wide range of legal services covering commercial, technical, IP and data protection. This comprehensive range of services allows TLT to bring all the various elements together to provide a holistic view that has really aided our decision making.’

    ‘Excellent, pragmatic advice and really easy to work with the team.’

    ‘Gareth Oldale is an excellent partner, knowledgeable, pragmatic and accessible. Louisa Williamson is also recommended. Excellent, pragmatic and timely advice.’

    Key clients

    Department for Digital, Culture, Media and Sport

    Information Commissioner’s Office (ICO)

    Police Digital Service

    Metropolitan Police Service

    Government Legal Department

    TSB Bank

    NatWest Group

    Monzo Bank

    Starling Bank

    City Football Group (Man City FC)

    UK Sport

    Sport England

    University College London

    Kent Police & Essex Police


    BGL Group Limited (CompareTheMarket)

    Imperial Brands

    Unite Students

    Softbank Robotics


    Financial Conduct Authority

    Work highlights

    • Advised on the development of a global intra-group data transfer agreement (IGTA) to formalise the data sharing relationship across the client’s 30+ entities around the world.
    • Assisted UK Sport as primary legal advisor in respect of data protection and privacy matters, including contract reviews for data protection provisions.
    • Acted for Vodafone on a range of data protection and privacy matters, including the drafting of its global data processing agreement templates, the incorporation of the new EU standard contractual clauses and the UK’s international data transfer agreement.