Firms To Watch: Data protection, privacy and cybersecurity

Founded in 2022 by Phil Lee, formerly at Fieldfisher, Digiphile’s specialist UK and EU data protection and cybersecurity practice acts for global technology companies, handling compliance, commercial, and cybersecurity risk management issues.

Data protection, privacy and cybersecurity in London

Bird & Bird LLP

Noted for its ‘excellent experience and knowledge,’ the data protection and privacy team at Bird & Bird LLP acts for a wide range of market-leading clients on an international basis, with particular expertise in the technology, pharmaceuticals, media, and telecoms sectors. Ruth Boardman leads the practice and has extensive experience advising on the full range of data privacy issues, including dealings with data protection authorities and personal data breaches. Gabriel Voisin handles international data transfers and compliance projects. ‘Highly knowledgeable‘ legal director Elizabeth Upton is a key name for GDPR compliance and international data transfers, while senior associate Alex Jameson has a broad practice that covers compliance, employment-adjacent privacy matters, and novel issues such as AI. The team strengthened its enforcement, regulatory, and investigations practice with the March 2023 arrival of James Moss, the former legal director of regulatory enforcement at the ICO. Former practice co-head James Mullock left the firm in April 2023.

Practice head(s):

Ruth Boardman

Other key lawyers:

Gabriel Voisin; Elizabeth Upton; James Moss; Alex Jameson


‘The level of the advice is exceptional, based on a deep understanding of our segment of the market – tech and privacy. I work mostly with Gabriel Voisin and Alex Jameson. Their advice is spot on with practical and efficient solutions.’

‘Alex Jameson, albeit young, has a lot of practical and spot-on advice in our tech field.’

‘B&B is a specialised technology and data protection law firm with excellent experience and knowledge of the technology sector.’

‘Gabriel Voisin is highly experienced and knowledgeable, very responsive and pragmatic.’

‘Elizabeth Upton is highly knowledgeable, very responsive and pragmatic.’

Bristows LLP

Bristows LLP‘s full-service offering runs the gamut of transactional, advisory, and contentious data privacy, protection, and cybersecurity issues, handling high-profile data breaches, litigation, and global compliance matters for blue-chip international technology and life sciences clients. Practice head Mark Watts has an ‘effortless mastery of the subject‘ and is recommended for his expertise in global compliance projects and regulatory litigation, while Marc Dautlich advises clients in the life sciences sector on the full range of data protection issues and cyber incidents. Hannah Crowther was promoted to the partnership in May 2023 and tackles high-profile contentious matters before UK and European data protection authorities. At the senior associate level, key names include Jamie Drucker, noted for his ‘impressive grasp of detail and technical law’, and Faye Harrison, who handles privacy compliance programmes and strategy.

Practice head(s):

Mark Watts

Other key lawyers:

Jamie Drucker; Hannah Crowther; Marc Dautlich; Faye Harrison; Christopher Millard


‘There are two individuals that stand out. The first is the partner Mark Watts. Effortless mastery of the subject and stakeholder management. The second is the senior associate Jamie Drucker. Really skilled and knowledgeable and an all round nice guy who is always willing to help.’

‘Mark Watts is an excellent lawyer to work with. He is very practical with his advice and he adapts as necessary to the style of his clients.’

‘Our go-to external firm for complex data privacy issues. We have instructed them for a number of years and have found their service to date to be faultless.’

Key clients

Coalition for Epidemic Preparedness Innovations


Twitter, Inc.

Meta Inc. (WhatsApp, Facebook, Instagram)

Costello Medical

General Electric

McKinsey Consulting


Work highlights

  • Advising Twitter regarding its acquisition by Elon Musk.
  • Advising WarnerBrosDiscovery in connection with integration activity.
  • Advising General Electric in connection with its Binding Corporate Rules.


Offering ‘excellent, industry informed, advice that is practical and strategic in nature,’ the team at Dentons is regularly instructed by major multinationals on the full spectrum of data privacy, protection, and cybersecurity issues. The team, which benefits from the firm’s wider international network, has particular strength in new and developing technologies and is adept at advising on emerging AI and tech data privacy regulation, and also has a strong data breach response practice. Simon Elliott now heads the team and leads on large-scale and high-profile regulatory investigations and class action litigation, while founding partner and former practice head Nick Graham is recommended for his expertise in multi-jurisdictional data privacy matters. On the cybersecurity side, Antonis Patrikios handles multijurisdictional data breach responses as well as cybersecurity compliance and incident preparation plans.

Practice head(s):

Simon Elliott

Other key lawyers:

Nick Graham; Antonis Patrikios


‘Very collaborative and easy to work with. Always ready with a pragmatic risk-based solution.’

‘Nick Graham is the standout partner. Always a pleasure to work with. Great depth of knowledge and a welcome calm, wise presence in difficult situations.’

‘The team provides excellent, industry informed advice that is practical and strategic in nature.’

Key clients

Avis Budget Group

Virgin Atlantic

Avania Investments

John Lewis Partnership


Global Payments

RealtimeBoard (Miro)




Work highlights

  • Sole global privacy and cyber counsel to Avis Budget Group, advising on all aspects of global data protection compliance and related issues.
  • Embedded into Virgin Atlantic’s data privacy operations to provide strategic and operational support across the full range of data privacy issues facing the company.


Fieldfisher‘s data privacy, security, and information team acts for clients across a broad range of sectors, including financial services, health and life sciences, and tech. Counting start-ups and large multinationals alike among its clients, the team handles compliance, commercial data contracts, and cyber incident responses on a multi-jurisdictional level. Hazel Grant heads the team and has particular expertise in international data transfers, global data compliance projects, and data audits, while Renzo Marchini handles data breach responses and subject access disputes. Director Nuria Pastor is dual-qualified in England and Wales and Spain, and is a key name for regulatory queries and data export strategies. 2022 saw the departures of Phil Lee, now at Digiphile, and Eleonor Duhs, now at Bates Wells.

Practice head(s):

Hazel Grant

Other key lawyers:

Nuria Pastor; Renzo Marchini; Leonie Power


‘Well rounded capacities and knowledge of the industry.’

‘Nuria Pastor and Renzo Marchini stand out as great support with pragmatic advice and a great understanding of our industry.’

‘The practical approach, the understanding of the needs of different sectors, good understanding of technology, timely responses.’

‘Besides them being absolutely lovely people to work with, all members of the team had deep knowledge of their respective areas, they understand the client’s needs perfectly and make sure to deliver on time what was agreed on.’

Key clients

dunnhumby Limited

Mitsubishi Tanabe Pharma

Free Now

Hasbro and Wizards of the Coast (WotC)

Ancestry Ireland Unlimited

Deltatre Limited

Peloton Interactive, Inc.

Work highlights

  • Providing ongoing advice to dunnhumby in relation to its UK and EU privacy needs.
  • Advising Hasbro Inc, the household name behind brands such as Monopoly, Wizards of the Coast (WotC) and Furby, on its ongoing GDPR compliance.
  • Supporting Mitsubishi Tanabe Pharm as a data protection officer (DPO) client.

Hogan Lovells International LLP

Hogan Lovells International LLP‘s privacy and cybersecurity team consists of ‘true data protection practitioners‘ and has ‘extensive knowledge of the law‘, with significant transatlantic capabilities. The team has particular strength across the tech, e-commerce, life sciences, and financial services sectors, advising international household names on high-profile and critical contentious and non-contentious issues, including emerging areas including biometrics and AI. The highly rated and ‘hugely knowledgeableEduardo Ustaran oversees the practice and is adept at handling both advisory work and litigation, having extensive experience representing major multinational corporations in regulatory investigations, enforcement proceedings, and high-profile litigation. Nicola Fulford is the key name for international data transfers, privacy policies, and compliance strategies.

Practice head(s):

Eduardo Ustaran

Other key lawyers:

Nicola Fulford


‘Good strength in depth and international support available.’

‘Eduardo Ustaran is hugely knowledgable and has a great presence with senior client representatives.’

‘The team are true data protection practitioners who not only have extensive knowledge of the law but are able to apply it in a pragmatic and commercial way. They are also very responsive and great to work with.’

‘We deeply enjoy working with Eduardo Ustaran and his team. Eduardo is one of the most professional lawyers in privacy and data protection. He brings a very pragmatic point of view, and helps us assess the regulatory field and the risks involved. We worked with different privacy pros over the years, but Eduardo is definitely one of the best ones.’

‘We work with Eduardo Ustaran and his team in the UK. All are very responsive, are true professionals in their expertise, and truly understand our business.’

Key clients



AmerisourceBergen Corporation




NCS Pearson

Work highlights

  • Advised on a broad range of compliance and commercial issues relating to privacy and cybersecurity, including its strategy to comply with Schrems II and the implementation of Processor Binding Corporate Rules (BCR) in the EU and the UK.
  • Advising BDO, the fifth largest accounting network globally, on the adoption, authorisation and implementation of BCR, including managing the approval process and engaging with regulatory authorities.
  • Assisted NCS Pearson, a US-based company that develops and markets enterprise application software, with cutting-edge strategic and operational advisory work, including the use of biometrics, AI and the worldwide roll out of palm vein technology.

Linklaters LLP

Equally adept at handling contentious and non-contentious mandates, the ‘exceptional’ data privacy team at Linklaters LLP routinely handles significant global compliance projects, regulatory investigations and enforcement actions, and high-profile data breaches for an impressive roster of clients. ‘Senior statesmanRichard Cumbley oversees the practice and has a strong contentious practice, handling large-scale privacy litigations and appeals before regulatory authorities. Fielding a deep and accomplished bench of specialists, the team also includes Georgina Kon, who takes point on cybersecurity matters and handles international cyber and privacy-related regulatory investigations, Harriet Ellis, an experienced litigator with a particular focus on collective actions, as well as Greg Palmer, who was elevated to the partnership in May 2023. At the associate level, the ‘excellent and extremely knowledgeablePatrick O’Connell acts for public bodies and private companies on data management, and has particular expertise in gambling-related privacy issues. Counsel Alaister Johnson is also recommended.

Practice head(s):

Richard Cumbley

Other key lawyers:

Georgina Kon; Alaister Johnson; Patrick O’Connell; Ben Packer; Peter Church; Harriet Ellis; Greg Palmer


‘Linklaters have great global reach and are pushing outwards in terms of the services they are offering. They seem to be adding a lot of strength in depth in this field at the moment. Senior statesmen like Richard Cumbley are backed up by a great generation of new and emerging talent.’

‘The people are great – very accessible, excellent client management and pragmatic advice.’

‘Patrick O’Connell is excellent and extremely knowledgeable. His advice is always on-point and commercially minded. Patrick is approachable, friendly and very professional. Cannot recommend Patrick enough.’

‘Heavyweight firm with an exceptional data privacy team – suitable for the heaviest data and privacy litigation.’

‘Harriet Ellis – seasoned partner, with strong litigation experience, good at running a team and a delight to work with. Ben Packer – commercial disputes partner with data protection expertise. Peter Church and Richard Cumbley – well-respected data protection specialist partners.’

‘What sets Linklaters LLP apart is its comprehensive understanding of the ever-evolving data protection landscape and its ability to provide tailored solutions to clients’ specific needs.’

‘The standout quality that sets them apart from competitors is their unwavering commitment to excellence in data protection and privacy practices. Their deep knowledge and understanding of data protection laws, coupled with their meticulous attention to detail, ensure that clients receive exceptional legal advice and representation.’

‘Patrick O’Connell is an exceptional data protection lawyer. He has encyclopaedic knowledge of the law, guidance and cases, but also understands businesses extremely well. This allows Patrick to provide first-rate advice to clients with a true commercial understanding. He is also a lovely chap.’

Key clients


Work highlights

  • Advised Experian, a leading global information service company and credit ratings agency, on one of the most significant UK data protection appeals to date.
  • Advising a major social media platform on regulatory engagement with the UK Information Commissioner and related privacy civil litigation.
  • Advising one of the world’s largest temporary staffing providers: on a ransomware attack affecting its business in more than 15 countries.

Baker & McKenzie

Noted for its ‘impressive depth of knowledge and experience‘, the data protection, privacy and information security practice at Baker McKenzie counts market-leading tech companies, financial services providers, and retail sector clients among its clients. With notable strength in advising on the data protection aspects of corporate transactions, the team also handles cybersecurity work, including data breaches and incident responses. Practice head Paul Glass advises on data breaches, emerging technologies, and regulatory enforcement and has a strong technology disputes practice. In October 2022, the team was bolstered by the arrival of Vinod Bange, former practice head at Taylor Wessing LLP and a seasoned data protection specialist who advises clients from the tech, fintech, and life sciences sectors on the full spectrum of data protection matters. Julia Wilson is the key contact for employment-related data privacy matters.

Practice head(s):

Paul Glass

Other key lawyers:

Vinod Bange; Julia Wilson; Joanna de Fonseka


‘We appreciate their impressive depth of knowledge and experience and find the advice they provide clear and practical. The team also makes great effort to be available.’

‘Julia Wilson and Joanna de Fonseka are both extremely knowledgeable and bring a practical, commercial approach to their advice. Julia has a very good understanding of the complexities and challenges of our group and tailors her advice accordingly. Joanna has a quietly assured manner which engenders trust and confidence on the client side.’

‘Baker McKenzie have the strength of sheer market reach, but also starting to add a tech-forward, innovation-focussed spin to their practice. BM are providing great thought leadership in the emerging tech areas, which is very important to us.’

Clifford Chance LLP

Leveraging the firm’s broader transactional, contentious, and commercial capabilities, the data privacy and cybersecurity team at Clifford Chance LLP handles complex, cross-border work for a diverse group of clients spanning numerous sectors including financial services, consumer goods, and the automotive industry. The team is jointly headed by Jonathan Kewley and the ‘fiercely intelligentSimon Persoff. Kewley has a broad practice with particular strength in data protection work for global corporations, while Persoff handles cybersecurity and banking secrecy mandates. On the contentious side, Samantha Ward represents financial institutions and large corporates in regulatory investigations, in addition to advising on cyber incident response planning, while Kate Scott handles civil claims as well as advising on risks related to emerging tech. At the associate level, Herbert Swaniker advises on data-related advisory and transactional matters with a focus on emerging tech including AI, fintech, and data ethics.

Practice head(s):

Jonathan Kewley; Simon Persoff

Other key lawyers:

Herbert Swaniker; Kate Scott; Samantha Ward; Claudia Hall; Adam Hunter


‘The team has grown significantly in the last two years and is now one of the strongest on the market. They regularly act for some of the world’s largest companies, dealing with multiple complex issues.’

‘Jonathan Kewley is one of the top technology lawyers in the UK. He is widely respected and has built an impressive team in the last few years. Simon Persoff is fiercely intelligent and has an encyclopaedic knowledge of data protection law. He brings enormous drive and dedication to all his mandates. Herbert Swaniker is a rising star. Loved by clients, he combines great intelligence with equal affability.’

‘Strong collaborative team, working well together.’

‘Very strong technical abilities of course, but it’s the broad and deep experience of (in particular) Simon Persoff that has impressed me most. It means we get advice that is practical and supportive of our goals.’

‘Clifford Chance’s data protection, privacy and cybersecurity practice provides strategic advice that is informed by its experience working for clients across different industries. The commentary is informed but also pragmatic and sensible, identifying and balancing relevant considerations. It is particularly useful when working to meet statutory deadlines. Working with Clifford Chance to respond to complex UK DSARs has been a good experience – as a client you feel well supported.’

‘Partner Simon Persoff doesn’t sit on the fence – he sets out your options and identifies the option he recommends. That is what clients need in practice – clear, considered, pragmatic and expert advice. Senior Associate Claudia Hall and Associate Adam Hunter are both diligent and thoughtful, and meet deadlines (which is super important when dealing with UK GDPR matters).’

Key clients


Wells Fargo


Standard Chartered Bank


PNC Bank


Partners Group



News Group Newspapers Limited


Rio Tinto


C&C Group plc



LZ Labs

Specialized Bicycles


UK Finance

TheCityUK International Regulatory Strategy Group


Stop the Traffik

Save the Children

Zero Waste

Business and Human Rights Lawyers Association


Sparkle Malawi

Social Business Trust

Advocates for International Development (A4ID)

Work highlights

  • Advising HSBC on its acquisition of Silicon Valley Bank UK, on the data protection, banking secrecy, material outsourcing and transitional services aspects of the transaction.
  • Advising a U.S.-headquartered technology company on a range of global and regional data law mandates.
  • Advising a global leader in the automotive industry on a range of data protection, privacy, and technology transformation projects.


The data, privacy, and cybersecurity practice at CMS leverages the firm’s international network to provide a strong offering with particular strength in multi-jurisdictional regulatory investigations, data protection litigation, and global compliance projects. Regularly instructed by international organisations as well as large multinational corporates across a wide range of industries, the team also advises on international data transfers and emerging technologies. Overseeing the team is Emma Burnett, whose practice focuses on data protection, tech, and outsourcing, particularly in the context of commercial agreements. Loretta Pugh also handles data protection matters and has a strong cybersecurity practice covering incident response planning and breach advice. The ‘first rate’ Duncan Turner leads the Scotland team and is also recommended.

Practice head(s):

Emma Burnett

Other key lawyers:

Loretta Pugh; Duncan Turner


‘We work with Duncan Turner. Duncan is a superb lawyer, extremely practicable, reassuring and has a great feel for the negotiating positions of both sides. He also has a first-rate data protection background.’

‘For me, the CMS team’s greatest strength is their understanding of our company’s risk appetite and their ability to find solutions that are legally sound and reflective of our risk tolerance.’

‘Emma Burnett is able to simplify complicated issues to make them easily digestible for a non-legal audience.’

Key clients


Balfour Beatty Pension Fund Trustee

Octopus Energy


Work highlights

  • Advised a large multinational streaming service provider to the implementation of a new ad-supported tier within its platform and the related processing particularly in relation to children.
  • Advising a large e-commerce company on the roll out of its revolutionary instore automated retail technology which involved the collection of substantial personal information.

DLA Piper

Large multinational corporations and public sector clients regularly instruct DLA Piper on high-profile mandates concerning legislative reform, emerging technologies and regulation, and multi-jurisdictional cyber incident responses. Ross McKean leads the practice and is recommended for his global data governance and compliance expertise. Andrew Dyson, in Leeds, advises governmental bodies, international organisations, and corporates on policy matters and data breach responses. On the cybersecurity front, the team has seen a notable increase in work related to cyberattacks and cyber resilience. A key name here is Manchester’s David Cook, who was elevated to the partnership in May 2023; his practice has an exclusive focus on contentious cybersecurity and data protection matters, handling civil, criminal, and regulatory litigation matters, as well as internal investigations.

Practice head(s):

Ross McKean

Other key lawyers:

Andrew Dyson; David Cook


‘The team is friendly, accessible – always ready to help with any query (both at Legal Director and Partner level).’

The practice has also created an innovative tool to assist with consistently rating and documenting risks associated with international transfers which is incredibly helpful.’

‘I work frequently with Andrew Dyson, he is an expert in this field and is also very pragmatic and responsive and always makes time to discuss queries.’

‘Andrew Dyson: First class analysis, excellent strategic advice adapted to the complex context of an international organization, clear and precise communications.’

Key clients

Chubb Insurance Group SE

NHS England

Information Commissioner’s Office

Department for Digital Culture Media and Sport (DCMS)

Office for AI (UK Government)

Aon plc



Reckitt Benckeiser


Work highlights

  • Engaged by the Office for AI to provide in depth analysis on the current and prospective legal framework the UK to regulate the use of AI.

Eversheds Sutherland (International) LLP

The privacy and cybersecurity team at Eversheds Sutherland (International) LLP acts for public bodies and UK and multinational corporates on matters concerning international data transfers, data breach incidents, and large-scale litigation. Paula Barrett, head of the practice, is ‘ preeminent in her detailed yet practical advice‘ and is regularly instructed on international compliance programmes, regulatory investigations, and incident response, with particular sectoral expertise in financial services, life sciences, and telecoms. Liz Fitzsimons heads the team’s freedom of information subgroup, while Philip James specialises in fraud prevention, cybersecurity incidents, and multijurisdictional regulatory investigations. Dave Hughes handles privacy and cybersecurity work for clients in the consumer sector. ‘Persistent and pragmatic‘ senior associate John Inglese is also recommended.

Practice head(s):

Paula Barrett

Other key lawyers:

Liz Fitzsimons; Philip James; Dave Hughes; John Inglese


‘The Data Protection team we use at Eversheds has strength and depth in the number of strong data protection specialists that it has. Our key contact is Dave Hughes who is one of the partners in the Data Protection team. Dave is commercially very pragmatic, helpful and always makes himself available for key matters.’

‘I work with Liz Fitzsimons’ team on FOI and data protection. They have a lot of knowledge and practical experience of dealing with the ICO which is invaluable. It enables them to give very pragmatic advice on how to approach issues.’

‘The individuals I have worked with are extremely responsive and will always make time in a very busy schedule for calls etc. They are hugely knowledgeable and experienced and give very practical advice taking on board a deep knowledge of their client.’

‘Dave Hughes’ expertise is very much appreciated. He is responsive and available at short notice. With his detailed understanding of our business he is able to provide pragmatic and commercial advice.’

‘Deep and technical knowledge of the requirements but able to provide advice that is clear and simple to understand’

‘The Eversheds team is truly international, and we are able to make inquiries about data protection, privacy and security and receive localized advice from practitioners in varying jurisdictions while maintaining single points of contact for overall advice and relationship management. The single point of contact remains very well versed in the subject matter to know when localized advice is necessary while still providing value in our primary jurisdiction of interest.

‘Paula Barrett is preeminent in her detailed yet practical advice.’

‘John Inglese is persistent and pragmatic.’

Key clients

Meta (Facebook, Reality Labs, WhatsApp)


LHR Airports Ltd (Heathrow Airport)


Thames Water Utilities Ltd


DWR Cymru Welsh Water


NEST Corporation


Kering Group

WC Bradley

National Grid

Telford & Wrekin Council

Ecclesiastical Insurance Office plc

South London Coroner


Latham & Watkins

Latham & Watkins has an active privacy and cyber practice that runs the gamut of contentious and non-contentious data work, including compliance, regulatory, litigation, and transactional matters. The team leverages the firm’s international network and cross-departmental tech expertise to provide a full-service data protection and cybersecurity offering, acting for a range of companies, including start-ups and global technology corporations. Practice head Gail Crawford is recommended for her expertise in global data privacy compliance issues, while Ian Felstead takes point on data-related litigation and regulatory disputes, both in the UK and globally. Other key names include Fiona Maclean and James Lloyd, whose practices focus on regulatory investigations and enforcement. The team is supported by a strong group of associates and counsel, including counsel Danielle van der Merwe, senior associate Calum Docherty, and associate Hayley Pizzey.

Practice head(s):

Gail Crawford

Other key lawyers:

Ian Felstead; Danielle van der Merwe; James Lloyd; Fiona Maclean; Calum Docherty; Hayley Pizzey


‘LW is a dedicated team, an outcome-focused one. Once the objectives are set, they deliver.’

‘I specifically enjoyed the appetite for achievement, detail-oriented and elegant exchanges we had. As a 20 years data protection SME and a lawyer, my expectations were high, and LW knew how to meet those.’

‘The team were extremely knowledgeable and pragmatic in our work with them.’

‘We worked with Danielle van der Merwe and Calum Docherty in connection with a data protection matter which was time sensitive – both very supportive in getting the matter across the line.’

‘Ian Feltstead: good data protection litigation insights and very responsive with a great number two in Hayley Pizzey. Gail Crawford and Fiona McClean are also good all rounders when it comes to data protection work.’

‘The UK privacy team is very professional and at the same time attentive to business constraints and open to creative solutions.’

‘Danielle is very professional, understands the business and provides practical advice. She is always available when needed.’

Key clients

Meta Platforms, Inc.




GB Group plc

Intuit, Inc.


Credit Suisse


Anzo Group

Work highlights

  • Advising Meta, as lead counsel in relation to a number of highly complex and multijurisdictional regulatory investigations and inquiries regarding alleged data breaches and compliance with data protection laws, and related litigation, globally.
  • Advised entertainment hosting service, Fandom, on data privacy and intellectual property matters in connection with the sale of D&D Beyond to Hasbro.
  • Advised global investment bank, Credit Suisse, on the commercial agreements and data protection implications in connection with a number of strategic transactions, including the sale of its global trust business to independent offshore bank and trust company, Butterfield.

Norton Rose Fulbright

Jointly headed by Marcus Evans and Ffion Flockhart, Norton Rose Fulbright’s data protection, privacy, and cybersecurity team acts for large corporate and government clients in the financial services, life sciences, telecoms, and tech sectors. Evans leads the firm’s data privacy offering, handling multi-jurisdictional privacy issues across the spectrum of compliance, strategy, and regulatory response issues with a focus on emerging technologies. Cybersecurity is a notable strength of the firm, headed by Flockhart who has significant experience advising on the various aspects of risk management, global crisis response coordination, and incident response and impact mitigation.  Working alongside them is Lara White, who is recommended for her expertise advising retail and consumer clients in relation to privacy obligations. At the senior associate level, Shiv Daddar and Fiona Bundy-Clarke act on cross-border data protection and compliance projects.

Practice head(s):

Marcus Evans; Ffion Flockhart

Other key lawyers:

Lara White; Shiv Daddar; Fiona Bundy-Clarke


‘The team is very knowledgeable and work together well. They have all relevant data privacy specialisms and always provide pragmatic, business and solution-orientated advice.’

‘I have worked with Lara White and her colleagues Fiona Bundy Clarke and Olivia Wint. I have had a very good working relationship with all of them. They are all efficient, experienced, and experts in their fields.’

‘Shiv Daddar is generally responsive and pragmatic when it comes to ensuring that our global and highly regulated business is able to satisfy European data privacy requirements.’

Pinsent Masons LLP

Noted for its ‘wealth of experience’, the team at Pinsent Masons LLP has full-service data privacy, protection, and cybersecurity offering with notable strength in cross-border matters, advising on the full range of contentious and non-contentious mandates. Jonathan Kirsop leads the information law team, acting for international banks, asset managers, and insurance sector clients on data sharing agreements, multi-jurisdictional privacy projects, and general data protection advice. The ‘extremely reliableKathryn Wynn works alongside him and is regularly instructed by clients in the financial services and fintech sectors on data protection, information security, and freedom of information mandates. David McIlwaine takes point on cyber, and also handles tech disputes alongside David Barker, who heads the data privacy disputes group. Also on the cyber front is Stuart Davey, singled out for his ‘exemplary‘ advice.

Practice head(s):

Jonathan Kirsop; David McIlwaine; David Barker

Other key lawyers:

Stuart Davey; Kathryn Wynn


‘Global team with access via my dedicated contact, Kathryn Wynn, to a wealth of experience not only in data protection but more complex contentious issues and data privacy in the context of employment related matters.’

‘Kathryn Wynn is extremely reliable and makes herself available at short notice as required which is hugely appreciated. I very much value the interactions with Kathryn as I know I can use her as a sounding board to validate my view to support internal business discussions but also to procure legal advice and opinion, where needed on more complex matters.’

‘The Pinsent Masons team are experts in their field in relation to data protection/data misuse issues, as well as defamation and right to be forgotten claims. They have solid associates who can readily grapple with these issues, even in complex factual scenarios.’

Key clients

Dixons Carphone Warehouse

DeepMind Technologies Limited

Google UK Limited

Google LLC

Barclays Bank plc

Tesco plc

Zurich Insurance plc

Cabinet Office

Work highlights

  • Advising Barclays in respect of the remediation of approx. 200 IT and other suppliers following the Schrems II judgment and the issuance of new standard contractual clauses for international transfers of data.
  • Acting for DeepMind and Google in relation to a class action concerning around 1.6 million patient records at the Royal Free hospital.


Ashurst’s data privacy and cybersecurity offering runs the gamut of matters, with particular areas of focus being cyber and breach response, the privacy aspects of emerging technologies, and compliance advise for clients in the financial services and infrastructure sectors. The ‘always impressive, highly knowledgeable and very responsiveRhiannon Webster leads the team and handles regulatory enforcement actions, compliance matters, and data security breach management. At the senior associate level, the team is supported by Shehana Cameron-Perera, whose expertise spans complex data sharing and transfer matters, regulatory complaints, and GDPR compliance projects.

Practice head(s):

Rhiannon Webster

Other key lawyers:

Shehana Cameron-Perera; Tom Brookes


‘Partner-level leadership giving pragmatic advice on difficult issues, joined up with other disciplines where needed for holistic view. Associates part of the team where appropriate.’

‘Rhiannon Webster – tackles complex issues with patience and a collaborative approach, focused on finding pragmatic, risk balanced solutions that will work in practice.’

‘Ashurst Data Protection team has two elements that make them stand out, the people and the knowledge of the industry and our company operations. it is a pleasure working with Rhiannon and the rest of the team.’

Key clients

BAI Communications

Department of Transport

East West Rail

HM Treasury and British Business Bank

Keolis Amey


McLaren Automotive

Pirum Systems Ltd.

Sage Group plc.

Shawbrook Bank

Stone X


Work highlights

  • Advising a public limited listed company on its response to a cyber security incident.
  • Advising Sage Group on all of its outsourced data protection work, including on privacy impact assessments; data transfers and contract remediations; data subject access requests (DSARs); and on Sage’s strategic approach to data protection complaints and marketing practices.

Covington & Burling LLP

Regularly instructed by large multinational corporates in strongly regulated sectors, Covington & Burling LLP handles the full range of data privacy, regulatory compliance and investigations, cybersecurity work, and contentious data matters for clients in the tech, pharma, biotech, and medical device industries. Mark Young leads the team and is recommended for his expertise across data privacy compliance, regulatory investigations, and cybersecurity matters, including incident response and evolving cyber-related regulations. Lisa Peets acts for high-profile tech, media, and life science companies and has a broad regulatory practice that also covers legislative advocacy.

Practice head(s):

Mark Young

Other key lawyers:

Lisa Peets

Key clients



Meta Platforms

Bristol Myers Squibbs

Business Software Alliance

Eli Lilly & Company

American Express


DAC Beachcroft LLP

Acting for clients in the insurance, financial services, health, and public sector, DAC Beachcroft LLP’s ‘comprehensive and unequalled‘ expertise spans the full range of data protection, privacy, and cyber matters. Jade Kowalski has particular experience advising clients in the insurance industry on the full range of data protection mandates, while Hans Allnutt specialises in cyber breach response and related litigation; the two jointly lead the team. The ‘outstandingDarryn Hale advises healthcare and public sector clients on data protection, confidentiality, and freedom of information, while ‘talented’ associate Astrid Hardy focuses on defending data breach compensation claims.

Practice head(s):

Jade Kowalski; Hans Allnut

Other key lawyers:

Darryn Hale; Astrid Hardy


‘Exceptional breadth and depth of knowledge from the team. They hit the sweet spot between being extremely client friendly and easy to work with, knowing the area of law and regulatory context back to front, and great commercial acumen. They offer a comprehensive and unequalled service for those hit by data breaches.’

‘Hans Allnutt continues to stand out as the go-to partner for data breach and cyber matters. He pioneered the field and has managed some of the leading cases in the courts. Astrid Hardy is one to watch – a talented lawyer destined for great things.’

‘Very good knowledge, always try and solve the problem not tell the client they can’t do it’

Key clients

Beamtree UK Limited

National Data Guardian

NHS England

NHS Digital

The Post Office

The Parliamentary & Health Service Ombudsman

Ivolve (formerly Envivo Group)


Ecclesiastical Insurance



Mental Health First Aid England

Work highlights

  • Advising the AXA group of insurance companies on contract support and providing strategic legal advice on AXA’s international data transfers remediation programme arising out of the Schrems II decision following a competitive tender pitched against a top ranked firm.
  • Advising MHFA England on a number of complex and nuanced data protection matters over the last 12 months, including the role of MHFA England, employers and first aiders in connection with the MHFA England App.
  • Acting in matters on behalf of global companies Verlingue Limited, Ince Group and Pendragon in separate cyber attack incidents, and working at short notice to obtain a prohibitive injunction against the criminals behind the attack, to prevent further use or publication of stolen data.


DWF‘s multi-disciplinary data protection and cybersecurity team stands out for expertise in crisis management and incident response, regulatory investigations, and risk management and compliance matters. Stewart Room, singled out for his ‘unparalleled’ knowledge of the sector, leads the firm’s global data practice and his expertise spans both contentious and non-contentious matters, and has experience acting in major post-GDPR personal data breach cases. Working alongside him is James Drury-Smith, who leads the UK practice, and Manchester-based regional practice head JP Buckley. Also recommended are director Tughan Thuraisingam, who leads the team’s financial services sub-group, and senior associate Shervin Nahid, who leads the firm’s data protection M&A sub-group.

Practice head(s):

Stewart Room; James Drury-Smith; JP Buckley

Other key lawyers:

Tughan Thuraisingam; Shervin Nahid


‘They give commercial straight-forward advice relevant to data protection. They understand how business operates including the constraints and give practical, useful advice. The team collaborates well to give you a 360-degree look at a problem providing sensible solutions. They are enthusiastic and engage well with clients.’

‘Shervin Nahid – is a frontrunner in the data protection world. He is engaging, enthusiastic and provides excellent advice. His delivery and style is second to none in my experience of data protection experts, encouraging a sense of comfort and inherited enthusiasm for data protection to his clients.’

‘Stewart Room as the lead partner on data protection matters is the reason for us to switching to DWF as our main firm for data protection and cyber security advice. Stewart’s knowledge and skill in this area of the law is unparalleled, but what makes him stand out is his ability to place the legal analysis in a commercial context and help an organisation to move forwards in practical and tangible terms.’

Key clients

Meta (Facebook)

Visa Europe

Hard Rock Café International (USA)

Virgin Media O2

KP Snacks

T-Mobile USA

10x Bank Technology Services Ltd.



Lucozade Ribena Suntory


Equiti Capital UK

Yum Restaurant Services Group

Yum! III (UK) Limited (Pizza Hut)

Tysers Insurance Brokers

IVC Evidensia

Otsuka Pharmaceutical Development & Commercialization, Inc.


Checkout Limited

Work highlights

  • Advised a global technology business on the design of an operating model for its data protection function, the tasks of the data protection officer and the development of its annual work plan.
  • Supported a global payments company to integrate a number of large acquisitions into its global data privacy programme.
  • Supported a global telecommunications company with its response to a ransomware and data exfiltration attack, including support with the development of the strategy for incident response as well as engagement with the threat actor and regulatory authorities.

Herbert Smith Freehills LLP

Herbert Smith Freehills LLP draws on the firm’s wider capabilities across multiple disciplines, including employment, corporate governance, intellectual property, and dispute resolution, to offer a strong full-service data and cybersecurity practice with particular strength in cross-border work. Miriam Everett co-leads the team and has notable strength advising on data protection and privacy issues, and her expertise spans global compliance advice, policy design and implementation, and data retention issues. Co-head Andrew Moir takes point on cybersecurity matters, leading a team that is well-placed to handle cyber breach work, including ransomware attacks, cyber-related litigation, as well as cyber-readiness and resilience. Working alongside them is Christine Young, who handles employment-related data advice.

Practice head(s):

Miriam Everett; Andrew Moir; Christine Young


‘The team has its finger on the pulse of the ever-changing and complex data privacy world – across many jurisdictions.’

‘The team is very responsive and provides practical advice – easy to implement.’

‘Miriam Everett – She makes herself available and follows up timely. She provides advice in an efficient and effective manner and seeks practical solutions – while highlighting the pros and cons with different approaches. Her work (and that of her team) is greatly valued.’

‘Utilised the services of the team for data protection advice during a very complex divestment and also on a transactional basis to re-paper contracts in line with the new IDTA regulations. Quality of advice, partner availability and collaborative approach all exceptional.’

‘Quality of advice, availability and collaborative approach all stood out in dealings with Miriam Everett as Partner.’

‘HSF pulled together an internationally minded team which worked well with our organisation’s global presence. The team were able to deliver tailored outcomes, adjusting to and working with tight ‘turn around’ time.’

‘Miriam Everett heads up the Privacy team, combining first class subject knowledge allowing for pragmatic and ultimately successful navigation of the complex issues being considered.’

Key clients

UK Finance

Hays plc

e-Mersion Media

KodyPay Limited

Willis Towers Watson





Hunton Andrews Kurth LLP

Hunton Andrews Kurth LLP acts for clients from a range of industries, including tech, life sciences, and retail, on compliance projects, data sharing risk assessments, and cybersecurity incident response, in addition to handling the data aspects of corporate transactions. Sarah Pearce leads the London team and has a broad practice covering global privacy risk management and compliance issues, while Aaron Simpson splits his time between New York and London and handles cross-border data transfer matters. Bojana Bellamy manages the firm’s information policy think tank and is another key name. ‘Diligent‘ associate Ashley Webber advises clients on UK and EU data protection law, including cross-border data transfers and privacy policies. Senior consultant Rosemary Jay, an extensively experienced data protection expert, is also recommended.

Practice head(s):

Sarah Pearce; Aaron Simpson; Bojana Bellamy

Other key lawyers:

Rosemary Jay; Ashley Webber


‘The team are knowledgeable especially working with clients using outsourcers.’

‘Ashley Webber is diligent and approachable giving commercially focused advice.’

Key clients

Cybereason Inc.

Silver Lake Technology Management

Tiffany & Co.

TJX Companies, Inc. / TK Maxx

TPG Global, LLC

Work highlights

  • Advising a well-known retail and consumer client on global data protection and privacy advice while providing extensive GDPR compliance efforts.
  • Providing substantial global privacy and data protection advice to a wealth management company.
  • Providing global privacy and cybersecurity advice to a leading global technology company.

Mishcon de Reya LLP

The ‘tactically astute‘ team at Mishcon de Reya LLP handles the full spectrum of personal and non-personal data issues with an emphasis on regulatory investigations and high-stakes litigation. ‘Master tacticianAdam Rose  heads the team and has extensive experience acting in high-profile data protection and freedom of information litigation, representing both corporates and individuals from the technology, gaming, real estate, and financial services sectors. Working alongside him is Ashley Winton, recommended for his expertise in international data transfers and binding corporate rules. The ‘commercially sensibleJon Baines supports the team on contentious and non-contentious GDPR compliance matters, while  Stuart McMaster takes point on compliance and regulatory mandates for clients in the betting and gaming sector.

Practice head(s):

Adam Rose

Other key lawyers:

Jon Baines; Stuart McMaster; Ashley Winton


‘In-depth knowledge of the area of law (data protection), their experience and their strategic advice. Brilliant to work with – communication fantastic.’

‘Their expertise in the field, and their communication, is great. I always had the feeling that they were fighting very hard for me and that they were much better at what they do than the government department we were dealing with. I would pay particular tribute to Jon Baines.’

‘Good practical advice based on excellent understanding of the law and commercial requirements.

‘Practical advice and good understanding of legal concepts; Stuart McMaster stands out.’

‘Friendly people to work with. Fast turn around on everything. Tactically astute. Will take every point to advance the client’s case.’

‘Adam Rose – Brilliant. Friendly. Really clever. Master tactician. Encyclopaedic knowledge of the law. Jon Baines – Very clever. User friendly. Homes on the the commercially sensible next steps.’

Key clients

Criminal Bar Association

Campus Crusade for Christ (“CRU”)

Public Law Project


Saudi Data & AI Authority

Work highlights

  • Acting for a claimant in a representative claim under CPR 19.6 against Google and DeepMind, on behalf of a class of approximately 1.6m people, in a case relating to defendants’ receipt of medical records.
  • Acting for claimaint in a high-profile claim against HMRC in relation to HMRC’s onward transmission to the US internal Revenue Service (“IRS”) of her data, pursuant to the UK FATCA regime.
  • Acting for the Criminal Bar Association in relation to concerns regarding the collection and dissemination of the names of barristers taking part in “Days of Action”.

Osborne Clarke LLP

Osborne Clarke LLP acts for major international and domestic clients in the tech sector, providing strategic data advice, cyber incident response expertise, and advice on developing and emerging technologies including AI, machine learning, and blockchain. The extensively experienced Mark Taylor leads the team and has a strong track record advising clients in the financial services and technology sectors on a broad range of data protection matters. The ‘highly knowledgeable’ Ben Dunham is recommended for data flows advice, privacy policy drafting, and compliance matters. On the contentious and cyber front, Ashley Hurst and Charlie Wedin are the key names, advising international clients on cyber incident response and data litigation cases. The team strengthened its commercial data protection offering with the May 2023 arrival of Jonathan McDonald, formerly the practice head at Charles Russell Speechlys LLP.

Practice head(s):

Mark Taylor

Other key lawyers:

Ashley Hurst; Charlie Wedin; Ben Dunham; Jonathan McDonald


‘It is the people at this firm, and their collective knowledge, that stands out for me.’

‘Mark Taylor remains our ‘go to’ data protection lawyer. He is vastly knowledgeable, approachable and pragmatic. He has a fantastic ability to get the trust of our business colleagues. They know that Mark is always focused on finding scaleable solutions to even the trickiest data protection problems.’

‘Very responsive and pragmatic, advice is consistently high quality.’

‘Mark Taylor and his team are our go-to for strategic advice on complex data protection and privacy matters. OC always delivers quality.’

‘Ben Dunham is an expert in his field and highly knowledgeable of the law and practical in his application of the law to novel and complex situations crossing several continents. The team’s ability to draw in expertise from several jurisdictions and to filter and present a sensible aggregated approach is commendable.’

‘Their technical knowledge is of course excellent, and is delivered in a straightforward practical way.’

‘Mark Taylor and his team have been a fantastic support as we have refreshed our privacy programme. They are approachable and engaging, and have provided us with excellent technical advice. Their advice is clear and concise and they put the risks into context, allowing us to make informed commercial decisions.’

Key clients

Police Federation of England & Wales

Wise Payments Limited

Wates Group

S-RM Intelligence and Risk Consulting Limited

National Grid Electricity Distribution (formerly Western Power Distribution)

Work highlights

  • Continuing to support and advise the Police Federation of England & Wales in relation to a ransomware attack and the claims arising from it.
  • Acting for Wise Payments (formerly TransferWise) in data protection litigation brought by Ben Delo, the co-founder of the cryptocurrency exchange BitMEX.
  • Advising National Grid Electricity Distribution (formerly Western Power Distribution) on a range of data protection matters.


RPC counts major tech, social media, and newspaper companies among its impressive roster of clients, handling the full range of contentious and non-contentious matters for clients including Meta, Google, TikTok, and the BBC. Jon Bartley leads on data advisory matters, with a sector focus on retail and technology. Richard Breavington takes point on cyber matters, while Rupert Cowper-Coles and David Cran are the key names for data and tech disputes. Also in the core team is Oliver Bray, whose practice has a particular focus on data issues relating to digital media and online retail. The ‘oustanding’ Joe Lippitt was elevated to the partnership in May 2023 and is also recommended.

Practice head(s):

Jon Bartley; Richard Breavington; Rupert Cowper-Coles; David Cran

Other key lawyers:

Oliver Bray; Joe Lippitt


‘I value my firm’s relationship with RPC very highly. Oliver Bray leads a great team that is keen to learn about our business and work with us as true partners. The team’s willingness to get underneath the bonnet and really understand the business is a huge asset.’

‘The stand-out names for me are Oliver Bray and Joe Lippitt.’

‘Oliver Bray is a trusted adviser and a great ally. Olly has a genuine interest in our business and has tackled many complex data protection issues for me. He makes a real effort to understand not just the legal issues, but also the business dynamics.’

‘Joe Lippitt is outstanding. Joe manages a significant workload of complex work for us around data sharing contracts. Joe has also dealt incredibly well with a series of high profile contracts that have been particularly time-pressured due to media interest in the topic. I have complete trust in Joe to represent the interests of my organisation with the same tenacity as my own team members.’

Key clients

Meta (including Facebook, Instagram, WhatsApp)



News UK


Frasers Group

Associated Newspapers

Times Newspapers Limited

Reach (formerly Mirror Group)




Work highlights

  • Advised a household name insurer on a significant project to review 50 data-heavy and complex vendor agreements and revise, update and renegotiate as needed.
  • Advised a national newspaper group on two separate ICO investigations into the content of newspaper articles.
  • Provided full support to a major software provider on the issues arising from a ransomware attack that had the potential to impact national transport infrastructure

Simmons & Simmons

Simmons & Simmons’ data protection team draws on the firm’s digital business, dispute resolution, and employment capabilities, forming a multidisciplinary offering that has a strong presence in the financial services, healthcare and life sciences, and telecoms sectors. Under the leadership of new practice head Lawrence Brown, who takes point on multi-jurisdictional compliance and data protection mandates from the firm’s Bristol office, the team also handles data disputes and data breach response work. Head of the Digital Business practice Alexander Brown concentrates on advising clients in the telecoms sector on a broad range of data protection and privacy matters, particularly in the context of digital tech. On the contentious side, Robert Allen, also in Bristol, heads the firm’s data protection litigation practice.

Practice head(s):

Lawrence Brown

Other key lawyers:

Alexander Brown; Robert Allen

Key clients


Pacific Investment Management Company, LLC (PIMCO)

Virgin Media Telefonica UK (VMO2) / giffgaff




Work highlights

  • Advised Huawei on various developing laws and regulations related to restrictions on the ability for Huawei to supply 5G equipment to mobile operators.
  • Advised the Bank of Novia Scotia on a wide-ranging data protection compliance review with a focus on transfer risk assessments for intra-group and vendor transfers.

Taylor Wessing LLP

Now jointly led by Victoria Hordern and Chris Jeffery, Taylor Wessing LLP’s data and cyber practice has notable expertise in the digital health, technology, and financial services sectors. The firm’s strong tech focus means the group is well-placed to advise on emerging and novel technology issues, including AI, blockchain, and the privacy implications of facial recognition technology and biometric data. Hodern advises on all aspects of EU and UK data protection and privacy compliance, while Jeffery advises US and global tech clients looking to expand into European markets.

Practice head(s):

Victoria Hordern; Chris Jeffery


‘The Taylor Wessing team can always be relied upon to pair regulatory expertise and technology knowledge together. Paired with a strong pragmatism when delivering their advice makes them valuable partners for us.’

‘Victoria Hordern is a great head and responds to us incredibly quickly. We have appreciated the out of the box thinking in their tender submissions.’

Key clients

Burger King


Work highlights

  • Provided support to Burger King in managing its digital privacy compliance operations and in a data mapping exercise.
  • Advising Owlstone on the data protection implications of its Breath Biopsy® VOC Atlas.

White & Case LLP

White & Case LLP’s team leverages the firm’s global network to provide a solid offering with an emphasis on cross-border matters, acting for large multinationals across the full range of advisory, regulatory, transactional, and contentious data, privacy, and cybersecurity mandates. Tim Hickman, singled out for his ‘unparalleled knowledge of the sector,’ leads the team and is recommended for his GDPR compliance expertise. Rory Hishon takes point on technology disputes, working alongside Jenna Rennie, while John Timmons is the key name for regulatory data protection litigation and cybersecurity incident response.

Practice head(s):

Tim Hickman

Other key lawyers:

Rory Hishon; John Timmons; Jenna Rennie


‘Understands the law across multiple jurisdictions. Knows the answers straight away.’

‘Tim Hickman has unparalleled knowledge of his sector.’

‘White & Case provide comprehensive and pragmatic advice on complex legal matters.’

‘Responsiveness and business-oriented mindset.’

‘The team timely responded to our inquiries, completing the tasks and delivering good quality work products within appropriate amount of time.’

‘Besides strong knowledge of EU privacy laws, the counsel perfectly understands client’s expectations, reflectively reading back client’s questions to ensure he is in synch with client’s objectives.’

Key clients




AutoCruitment, LLC




Magnum Opus Acquisition Limited

Zimmer Biomet Holdings

KLDiscovery Limited

Work highlights

  • Representing Meta in major international matters involving high-profile privacy and data protection issues, as well as helping the Company navigate data protection requirements across the globe.
  • Providing extensive support and advice to Nestlé concerning compliance requirements.
  • Supporting MSI on a wide range of data protection compliance projects to help ensure that MSI is able to lawfully collect, analyse, and transfer personal data among its international operations.

Womble Bond Dickinson (UK) LLP

Womble Bond Dickinson (UK) LLP’s data, privacy, and freedom of information team acts for clients across a broad spectrum of sectors, including petrochemicals, retail, and educational bodies. Under the leadership of data protection specialist Andrew Kimble, in Southampton, the team advises on regulatory investigations, cross-border data transfers, and the data aspects of corporate transactions.  The team has a strong contentious practice both in the data privacy and cybersecurity space, handling disputes concerning misuse of personal data as well as litigation following data breaches; Southampton’s Andrew Parsons is the key name here.  Also recommended are Caroline Churchill, whose practice covers non-contentious commercial, technology, and data protection matters, and Sarah Daun, who handles day-to-day GDPR compliance and data sharing agreements. Daun and Churchill are both based in Newcastle.

Practice head(s):

Andrew Kimble

Other key lawyers:

Andrew Parsons; Caroline Churchill; Sarah Daun

Key clients

Blackbaud Inc


B&Q/Kingfisher plc

PDP Training

Work highlights

  • Advising Blackbaud Inc., on its response to a data breach involving the hacking of its customer databases, where the records of individuals globally were accessed

Addleshaw Goddard

Addleshaw Goddard‘s full-service data practice works with domestic and multinational blue-chip clients in the e-commerce, gaming, and retail sectors, handling the full spectrum of data protection matters, including regulatory investigations, compliance matters, and the data privacy aspects of project development and launches. Helena Brown, who splits her time between Edinburgh and London, leads the time, working alongside Aberdeen-based Ross McKenzie, who has a niche subspecialisation in data protection work for clients in the retail and consumer sectors, and Nathalie Moreno, in London, who has a focus on large-scale international compliance projects.

Practice head(s):

Helena Brown

Other key lawyers:

Nathalie Moreno; Ross McKenzie; Claire Edwards; Charles Christie


‘The team provides practical advice with understanding of the nuances of our business and our customers.’

‘Ross McKenzie, a partner based in the Aberdeen office, is a standout advisor who is always enthusiastic and incredibly helpful. I will always lean on Ross whenever in need of data protection related advice.’

‘Nathalie Moreno – is able to take quite complex issues and break them down, solutionise them and give practical ways to resolve them, without hesitation she steps us and gives us support, always willing to go that extra bit to make sure everything is as it should be.’

‘Nathalie Moreno is cool, calm, and collected, which is always appreciated.’

Key clients

Boohoo Group PLC

BP International Limited

JD Sports


Barclays Bank UK plc

HSBC UK Bank plc

Lloyds Banking Group plc

Nationwide Building Society

NatWest Group

Northern Bank Limited

Santander UK plc

TSB Bank plc

Virgin Money

Bank of Ireland (UK)

Generali Global Assistance, Inc.

GHA Loyalty DMCC

John Lewis plc and Waitrose

Wickes Building Supplies


Saga Plc


Virgin Money

Work highlights

  • Advised Primark on their privacy strategy for the launch of their click and collect website.
  • Advised Virgin Money on a number of strategically significant privacy matters.
  • Advised Generali Global assistance on a global program to roll out identity theft monitoring solutions for Mastercard.

Bates Wells

With a niche specialisation in advising charities and not-for-profit organisations, Bates Wells has particular strength in advising public sector bodies and political organisations on complex privacy issues. The team is now led by Eleonor Duhs, formerly at  Fieldfisher. Duhs’ practice focuses on GDPR compliance matters and has significant government experience, where she worked on the UK’s negotiations on the GDPR. Also in the core team are Rupert Earle and associate Hannah Lyons; Earle handles media and regulatory issues, while Lyons specialises in charity sector-related data protection issues.

Practice head(s):

Eleonor Duhs

Other key lawyers:

Rupert Earle; Hannah Lyons


‘Eleonor Duhs in particular with her background in government service has a strong insight into the policy background to both EU and UK GDPR and data protection reforms which enables her to describe the key changes and divergence between the two regimes with considerable critical accuracy.’

‘The team is attentive to our needs, understands our business and what makes us unique. Their advice is commercial and balances risk well.’

‘Hannah Lyons is great to work with and is always attentive to our needs, providing straightforward and practical advice.’

‘Bates Wells is extremely innovative and client-focused. The firm has a very clear identifiable vision about its role and values in delivering their services.’

‘Rupert Earle is an excellent lawyer – he’s very perceptive, knowledgeable and provides a wonderful calming presence in difficult situations.’

‘We have found the team at Bates Wells to be very approachable, quick to respond to queries and willing to take the time to discuss ways to explain complicated legal jargon to different audiences with less expertise.’

‘From our first contact with Ms Duhs, she has been extremely approachable and shown great enthusiasm to aid us in our dialogue with the government. She clearly and skillfully demonstrated her expansive expertise in legislation related to the EU as well as data protection, privacy and cybersecurity. We, therefore, highly recommend Ms Duhs as a legal expert.’

‘Bates Wells gives very practical and timely advice on privacy matters, in a manner that is understandable to non-experts.’

Key clients

Effective Ventures Foundation

Vodafone Foundation

Smile Train

Liberal Democrats

Architects Registration Board

Webster, Chamberlain and Bean





Internet Watch Foundation

Work highlights

  • Advised Vodafone Foundation on data privacy issues relating to new technologies being rolled out.
  • Briefing the DCMS group of Liberal Democrats peers on the Data Protection and Digital Information Bill, including areas where the UK could breach standards set out in international law or undermine the free flow of data from the EU to the UK.
  • Advised LifeArc on data protection compliance in the scope of its activities and assisted with data protection compliance.

BCL Solicitors LLP

Boutique firm BCL Solicitors LLP specialises in cybercrime, investigatory and enforcement powers, and general data protection work, acting for individuals and large tech corporations on their engagement with regulators, state authorities, and law enforcement agencies. Former legal director of GCHQ Michael Drury heads the team and is ‘thorough, hard-working, incredibly responsive and always able to anticipate the needs of his clients.’ Julian Hayes‘ expertise spans both contentious and non-contentious matters, handling compliance, policy drafting, incident response, and regulatory investigations, while Richard Reichman advises corporate clients on data breaches and freedom of information act requests.

Practice head(s):

Michael Drury

Other key lawyers:

Julian Hayes; Richard Reichman


‘BCL is uniquely placed in data protection matters because of their combined expertise in criminal law and matters relating to national security.’

‘Julian Hayes stands out in this area. He knows all that needs to be known and combines his great charisma with fierce intellect.’

‘The team’s unique location at the overlap between crime, investigatory powers and data privacy puts them at the forefront of cyber work that intersects these fields.’

‘Michael Drury is the ultimate solicitor for any knotty case involving a national security or privacy issue. Thorough, hard-working, incredibly responsive and always able to anticipate the needs of his clients, he is trusted, respected and admired by all and with good reason. Richard Reichman is also starting to make waves – just the sort of solicitor you want on your team.’

‘Michael Drury: clever, tenacious and supremely measured in everything he does.’

‘I have worked with Julian Hayes several times and he is a brilliant lawyer as well as a great team player. He always listens attentively and finds the best way to proceed in the interest of the client.’

‘Julian Hayes is a first-rate lawyer, who works incredibly hard for his clients, taking every proper point on their behalf to achieve the best possible outcome.’

Bryan Cave Leighton Paisner

Clients in the financial sector regularly instruct Bryan Cave Leighton Paisner on data subject access requests, cross-border compliance projects, and the data privacy aspects of divestments and acquisitions. The ‘efficient and exceptionalKate Brimsted leads the team and has a broad practice with an emphasis on UK and EU GDPR matters, while Geraldine Scali is recommended for her ‘masterful’ knowledge of regulatory matters and authorities.

Practice head(s):

Kate Brimsted

Other key lawyers:

Geraldine Scali


‘The team provides a pragmatic approach to dealing with Data Privacy and Cyber security matters and collaborates effectively with industry experts to deliver an effective service to their customers. Key strengths relate to Data Privacy GDPR consulting and advisory services and interpretation of the regulation and best to navigate it both within the UK and abroad.’

‘Kate Brimsted is knowledgeable about her subject matter expertise and approachable when consulting with clients. She provides a fair, prompt and measured response to client requests and brings in appropriate external partners when appropriate to address broader client needs in the intersection of data privacy and cybersecurity.’

‘Excellent team that is particularly dialed in on regulators’ mindset, which is so key in this field. Overall, a fantastic team that provides top-notch service and advice.’

‘Geraldine Scali is a great partner. She is enthusiastic, very adept at finding creative paths forward, is not shy about giving a strong opinion, even if it is not the opinion we were hoping for, and is masterful at synching her advice with the mindset our regulators are coming from. We love Geraldine and are so glad she’s in our corner.’

‘Kate Brimsted is efficient and exceptional when it comes to communicating status of projects.’

Key clients


Heathrow Airport

London Stock Exchange Group



URW (owners of Westfield)

Royal College of Midwives

Estee Lauder

Worcester Warriors Rugby Club administrators (Begbies Traynor)

Lumen Technologies

Dragonfly Eye Limited

AI Software LLC (Capacity)

Ness USA Inc

The Foschini Group Limited

Work highlights

  • Advised AI Software, LLC (recently renamed Capacity), in connection with the acquisition by Capacity of Textel CX Inc. (Textel), a technology company that enables businesses to provide automated customer service support via text message.
  • Advised Dragonfly Eye Ltd (Dragonfly), a leading geopolitical and security intelligence provider, on its sale to FiscalNote Holdings, Inc., a major AI-driven enterprise SaaS technology provider of global policy and market intelligence.
  • Advising Lumen Technologies on the $1.8 billion proposed divestiture of its Europe, Middle East and Africa (EMEA) business including its terrestrial and subsea networks, data centres and network equipment in the region, to London-headquartered Colt Technology Services (Colt).

Mayer Brown International LLP

Mayer Brown International LLP‘s cybersecurity and data privacy team leverages the firm’s international capabilities to offer a strong cross-border practice. Led by Mark Prinsley, who handles data protection issues and GDPR compliance matters for clients in the financial services, pensions, and tech sectors, the team also includes the ‘exceptionally responsiveOliver Yaros, who advises on tech and outsourcing transactions as well as cybersecurity incident response.

Practice head(s):

Mark Prinsley

Other key lawyers:

Oliver Yaros


‘The privacy and cybersecurity team at Mayer Brown provides excellent legal advice as well as practical business solutions to complex issues.’

‘Oliver Yaros is exceptionally responsive to our needs and requests. He is very knowledgeable and also shares innovative and practical business solutions.’

Key clients

Previse Limited

Andersen Tax LLC

Ingevity Corporation

Plantage Rio Inc


Overmore Group

Bank of New York Mellon (BNYM)

TC Energy Corporation

Corney & Barrow Group Limited

Caravel Group

EMK Capital

Work highlights

  • Represented private equity firm EMK Capital in acquisition of a majority stake in leading online marketplace, and provided subsequent data privacy advice.
  • Advising US-based accountancy and audit professional services firm Andersen Tax on GDPR compliance.

Morrison Foerster

With strength in contentious matters and cross-border investigations, Morrison Foerster acts for software providers and international tech companies, handling a broad range of regulatory, cybersecurity, and compliance matters. The ‘excellent, very pragmatic, efficient, and completely client-orientedAnnabel Gillham leads the team, which also includes Gemma Anderson, a commercial litigator with a focus on technology and data privacy disputes. At the associate level, the team is supported by Mercedes Samavi, who has experience advising on B2B and B2C data privacy matters, and Dan Alam , who advises on intersection of employment and data protection law.

Practice head(s):

Annabel Gillham

Other key lawyers:

Mercedes Samavi; Dan Alam; Gemma Anderson


‘The team has a global and thorough view of data protection, privacy and cybersecurity issues with excellent partners in different offices. The level is high and homogeneous among the different partners we have been working with.’

‘We have mainly worked with Annabel Gillham, she is excellent, very pragmatic, efficient, and completely client-oriented.’

Key clients


Work highlights

  • Representing Fujitsu Services Limited in relation to an extremely high-profile and significant matter, which concerns the Horizon IT System provided by FSL to the UK Post Office from 1999 to date.

Orrick, Herrington & Sutcliffe (UK) LLP

Orrick, Herrington & Sutcliffe (UK) LLP acts for a diverse range of clients in the tech, gaming, and entertainment industries, handling high-profile data breaches, regulatory investigations, and cyber and data protection-related litigation matters. Kelly Hagedorn now leads the team after former practice head Keily Blair left for an in-house position in April 2022. Hagerdorn has extensive enforcement background and handles compliance risk and data protection regulatory matters for multinational clients. On the cybersecurity front, ‘super knowledgeableCameron Carr is recommended for his expertise across cyber incident response and risk management.

Practice head(s):

Kelly Hagedorn

Other key lawyers:

Cameron Carr


‘Availability, empathy, kindness and professionalism.’

‘Exceptionally talented lawyers!’

‘Cameron Carr really understands the commercial side of a breach. He’s super knowledgeable and really comes across like a business partner to his clients.’

Key clients

Baidu, Inc

Deltek, Inc.

Dream Games

Fenix International Limited (d/b/a OnlyFans)

Juniper Networks

Legends International, LLC

Louis Dreyfus Company

NerdWallet, Inc

Nina Lakhani

Technologies of Voice Interface Limited

W. W. Grainger, Inc

Workday, Inc.


Zynga, Inc

Work highlights

  • Advised Deltek with its privacy and cyber security programme including dealing with specific queries surrounding direct marketing, compliance with PECR, international data transfers, intra-group data sharing arrangements, implementation of standard contractual clauses and cyber security preparedness.
  • Advising Fenix International Limited (OnlyFans) on an ongoing basis in connection with all UK regulatory and compliance matters, including those related to online safety, anti money laundering, financial regulatory matters, and organisational strategy for compliance with UK, EU and US consumer and privacy laws.
  • Advised Legends International, LLC on its data use and data protection strategy, as well as on data collection and sharing in connection with key strategic transactions.

Ropes & Gray LLP

Ropes & Gray is regularly instructed by clients in the private equity and financial services sectors, as well as from the healthcare and life sciences industries, to advise on all aspects of compliance and enforcement-related data privacy and protection matters. The team is led by ‘superb‘ data protection and cybersecurity expert Rohan Massey, who specialises in international data transfer issues and global compliance matters. Working in close conjunction with its US offices, the team has particular strength in transatlantic data privacy mandates. At the senior associate level, the ‘knowledgeable, responsive, practicalEdward Machin is also recommended.

Practice head(s):

Rohan Massey

Other key lawyers:

Edward Machin


‘Strong understanding of the law and an ability to deliver advices in an easily digestible form.’

‘Rohan Massey – Rohan is knowledgeable, and provides useful and practical advice, in an easy going manner.’

‘Rohan has great strength in depth within his team including at the most junior associate level. Rohan offers a flexile and sensible, commercial approach to challenging issues.’

‘Rohan is a great leader, is easy to deal with, hands on and a genuinely nice guy while being a superb lawyer.’

‘I have worked with only one person in the office, Edward Machin and he is excellent. Knowledgeable, responsive, practical.’

Key clients

The Carlyle Group, L.P.

Baring Private Equity Asia

Bain Capital

Providence Equity Partners



Work highlights

  • Advising Carlyle Investment Management LLC on a complex technology restructuring to integrate certain businesses onto global platforms.
  • Providing ongoing privacy, data protection and information security advice to HUTCHMED, on a wide range of challenging legal and regulatory issues in three of the world’s most highly regulated jurisdictions for the development and commercialisation of medicinal products (the European Union, the United Kingdom and the People’s Republic of China).
  • Represented NielsenIQ, a portfolio company of Advent International, in connection with its entry into a definitive agreement to combine with GfK SE.

Shoosmiths LLP

Praised for its ‘excellent knowledge’ and ‘unparalleled experience’, the dedicated privacy and data team at Shoosmiths LLP acts for clients across a diverse range of sectors, including financial services, defence technology, and life sciences. The ‘incredibly knowledgeable’ Sherif Malak oversees the practice and works alongside Anastasia Fowle, who regularly acts for clients within the automotive and sports sectors. Also in the core team is Nick Holland, recommended for his global privacy compliance expertise. At the associate level, senior associate Adam Fox and principal associate Matthew MacLachlan assist on regulatory enquiries and cyber disputes, respectively.

Practice head(s):

Sherif Malak

Other key lawyers:

Matthew MacLachlan; Anastasia Fowle; Adam Fox; Nick Holland


‘Depth of resource within the team, exceptional knowledge of a very technical and evolving area of the law, excellent interaction with other interested parties (e.g. insurers).’

‘Matthew MacLachlan has been outstanding in managing a significant data incident for our business. Depth of technical knowledge in the team is outstanding and advice is always provided through a sensible commercial lens.’

‘Strong knowledge and understanding of the industry, and able to apply insight and expertise that is relevant and appropriate within context.’

‘Anastasia Fowle – valued expertise with a commercially pragmatic approach.’

‘A hidden gem amongst data privacy practices in London. The team punch well above their weight and all take a pragmatic approach to their advice based on their unparalleled experience working with regulators, large multinational, and domestic clients. I think you’d be hard-pressed to find a better privacy team.’

‘Sherif Malak and Adam Fox are two standouts for me. Sherif is incredibly knowledgeable and always looks for practical solutions based on other client experiences, as opposed to just telling you the problem. Adam Fox is a rising star in this area.’

‘What has made Shoosmiths unique is their deep knowledge of our business, from our operational capabilities to our risk philosophy.’

‘Adam Fox has been our valued advisor for many years. He knows our business inside out and understands our specific needs.’

Key clients



Hilton Grand Vacations (HGV)

Belden Inc

Hewlett Packard Enterprise Company (HPE)

The Law Society

Groupe Renault

Noerr/Audi AG

giffgaff (VMO2)


FremantleMedia Group

EG Group

Nissan Japan

Global Switch

Volkswagen Group UK

Sosei Heptares

Acaster Lloyd





Blue Skeye




Restore Plc

London BTR Investments

Sigma Capital

Start Living

2020 Trustees Limited

Trustees of Essar Oil Limited


Mercedes Benz

RIXO London


The White Company


United Talent Agency

Estee Lauder Companies

Nectar Sleep


British American Tobacco


Order Pay


Scania (Great Britain)

French Connection UK

Grass Valley

Briggs and Riley



Work highlights

  • Advising Hewlett Packard Enterprise Co as lead global privacy counsel.
  • Enabled implementation of novel data-driven technologies for WeWork’s global business aimed at protecting the safety and security of its members, staff and buildings
  • Appointed Data Protection Officer of the EG Group across its entire portfolio.

Sidley Austin LLP

Highly rated for its expertise across the healthcare, pharma, and life sciences sectors, the privacy and cybersecurity team at Sidley Austin LLP acts for large pharmaceutical firms as well as global tech companies. William Long, singled out for his industry experience, leads the team and advises clients on GDPR compliance, e-commerce, and information security issues. Recently promoted partner Francesca Blythe is ‘extremely commercially minded and pragmatic‘ and has a particular focus on data privacy and protection issues in the life sciences sector.

Practice head(s):

William Long

Other key lawyers:

Francesca Blythe


‘An exceptional data protection team that provides prompt, practical data privacy legal advice. Instead of being overly conservative, they adopt a risk-based approach that makes their advice stand out from others.’

‘Francesca Blythe is extremely commercially minded and pragmatic. Her advice is already ‘ready to use’ and I don’t need to spend more time digesting what she says.’

‘Subject Matter experts with a strong focus and understanding of life sciences. Able to see the big picture and the interplay between different rules and regulations.’

‘Client focused. Accommodating. Well-connected within industry groups – particularly William Long.’

Key clients

Bristol Myers Squibb


Jazz Pharmaceuticals


DaVita Inc.

Magnetar Capital


Nurix Pharmaceuticals

Monument Group


Stephenson Harwood

Under the leadership of the ‘standoutKatie Hewson, the data protection team at Stephenson Harwood advises tech sector clients on emerging data protection legislation and also handles international data transfers, breach work, and investigations. Simon Bollans advises on cybersecurity as well as the data privacy and regulatory aspects of emerging technologies. Michael Bywell and Peter Dalton joined in early 2023 from Hausfeld & Co LLP and Herbert Smith Freehills LLP, respectively, strengthening the team’s technology disputes and cyber capabilities. ‘Vastly talented‘ associate Olivia Fraser is recommended for her experience advising on the data aspects of corporate transactions.

Practice head(s):

Katie Hewson

Other key lawyers:

Olivia Fraser; Simon Bollans; Michael Bywell; Peter Dalton


‘Katie Hewson. She is a very knowledgeable, pragmatic lawyer. In terms of the limited instructions given to her so far I have found her work very business orientated and solution focused.’

‘Stephenson Harwood is our go-to law firm for data protection matters. They set themselves apart from the competition through deep technical knowledge combined with a strategic approach which empowers the business.’

‘Katie Hewson is a force! She is a strategic legal advisor with deep knowledge of data protection law, and consistently provides practical, actionable advice for her clients.’

‘Olivia Fraser is a vastly talented associate from the data protection team — smart, efficient, strategic, and such a pleasure to work with. Olivia seamlessly ties her deep technical knowledge with business savvy, making her an indispensable advisor to the business.’

‘The team has been incredibly helpful and practical in managing bespoke privacy issues, including related to DSARs, complaints, incidents, and interpretations of regulations. They never simply restate the law, but always provide context and thoughtful approaches on a way forward.’

‘Katie Hewson has been wonderful to work with. She gives very specific and practical guidance to help manage our privacy program and always considers the nuances specific to our firm.’

‘Katie Hewson is standout – excellent technical expertise and commercial mindset.’

‘Katie Hewson and Olivia Fraser have particularly stood out for their technical expertise, understanding of business and market and delivery of pragmatic advice on novel issues.’

Key clients




S&P Global

Neuberger Berman Europe Limited

Association of British Investigators

Work highlights

  • Advised an industry body on the development of a UK GDPR code of conduct.
  • Advised on an industry-wide digital transformation project in the benefits sector, involving complex data sharing arrangements.
  • Advised a global insurance, risk and consulting business on the high-risk data protection aspects of a £7.0 million acquisition.


Public sector clients and clients operating across the retail, telecom, financial services, and education sectors regularly instruct TLT on mandates concerning developing data protection legislation, transfer risk assessment agreements, and data breaches. The growing team, led by Gareth Oldale, a ‘powerhouse in his field,’ also includes legal director Louisa Williams, whose practice concentrates on advising public sector clients on complex data protection issues, including international data sharing arrangements and data rights requests. In Bristol, Ed Hayes handles sensitive data protection matters. At the associate level, the ‘excellent’ Bristol-based Emma Erskine-Fox is also recommended.

Practice head(s):

Gareth Oldale

Other key lawyers:

Emma Erskine-Fox; Louisa Williams; Ed Hayes


‘What I think makes the practice unique is the talent of the team. Gareth Oldale in particular is endlessly impressive. The team is very accessible, from the most junior to most senior, and they all speak in terms clients understand.’

‘Gareth Oldale is a powerhouse in his field – having him on your side feels unfair. He has an amazing breadth of knowledge, in particular within the wider public sector.’

‘The team is exceptionally practical and pragmatic. They understand systems, software, and how businesses operate to give risk-aware advice that is useful in the real world. They are friendly, amenable, and professional.’

‘Very knowledgeable about data protection in general, but also specific advice relating to AdTech and new means of using data for marketing. The team is friendly, quick to respond, and always stick to deadlines.’

‘The team has TLT is incredibly diverse and collaborative. Their knowledge and characters even all work very well together and there is nothing they cannot advise you on in a succinct and timely manner.’

‘Emma Erskine-Fox is excellent, both in her expertise and her delivery.’

‘Excellent – know the law, always available and willing to assist.’

‘Gareth Oldale is excellent & pragmatic. Louisa Williamson is fantastic to work with and really knows the law.’

Key clients

Department for Digital, Culture, Media and Sport

Information Commissioner’s Office

Police Digital Service

Metropolitan Police Service

Government Legal Department

TSB Bank Plc

NatWest Group Plc

Monzo Bank

Financial Reporting Council

City Football Group (Man City FC)

UK Sport

Sport England

University College London

University of Warwick


BGL Group Limited (CompareTheMarket)

Imperial Brands plc

Preston North End Football Club

Kent Police & Essex Police


Financial Conduct Authority

ColCap UK

Work highlights

  • Advising a US Headquartered payments systems business on complex cross-border transfers of personal data, taking part in various negotiations with merchants and suppliers to provide data protection advice, as well as reviewing and drafting data processing agreements with the client’s suppliers.
  • Engaged by a leading price comparison website to assist with privacy impact assessments (“PIA”) and legitimate interest assessments covering a variety of topics and processing activities.
  • Engaged by one of the UK’s largest universities to support on data protection and freedom of information queries, including advising on interactions with the Information Commissioner’s Office, assisting with data protection contracts and data breaches, undertaking freedom of information internal reviews, and advising on large scale data subject rights and freedom of information requests.

Travers Smith LLP

Travers Smith LLP advises clients in the financial services, tech, mobility, and health sectors on the full range of data protection and cybersecurity matters. The team is overseen by Dan Reavill, whose practice covers both contentious and non-contentious data and cyber matters for major IT vendors and buyers. Also in the core team is the ‘technically soundJames Longster, who takes point on data breaches and data exploitation matters, and the ‘comprehensive and pragmaticLouisa Chambers, recommended for her expertise in the tech and fintech sectors.

Practice head(s):

Dan Reavill

Other key lawyers:

Louisa Chambers; James Longster


‘Thorough knowledge of the application of GDPR appropriate for the real estate industry, including the incorporation of cross boarder entities.’

‘We very much value Louisa Chambers’ advice, which is comprehensive and practical and she always offers solutions rather than general legal advice with various caveats!’

‘A strong team with technical excellence but more than that they are able to take a real word/practical approach when giving advice (rather than sitting on the fence).’

‘James Longster provides technically sound and commercially grounded advice.’

‘Availability and collaboration’

Key clients

Samsung Electronics





Sportlight Technology


Datapharm Limited



Phoenix Group


Melia Hotels

Bain Capital


Work highlights

  • Advised Samsung Electronics (UK) Limited on data protection matters to facilitate the launch of new smart products and services, as well as on the potential impact of new UK and EU digital legislation.
  • Advised Datapharm Limited, the UK’s leading provider of medicine information, on transforming its approach to user data, including advising on improvements to its cookie practices, privacy policies, handling of special category health data and terms and conditions with customers to help optimise the use of data it collects.
  • Advised Emis with regards to data protection matters relating to its role as a data processor of patient record data which it hosts on behalf of GP surgeries.

Wiggin LLP

The ‘creative and knowledgeable’ data privacy team at Wiggin LLP has demonstrable strength advising clients in the media, entertainment, and gaming industries on all aspects of data protection, with particular emphasis on regulatory issues and investigations. The ‘brilliantPatrick Rennie leads the practice and is a key name for GDPR compliance matters, Age Appropriate Design Code issues, and regulatory obligations. Senior associate Christina Henry specialises in advising tech and media sector clients on compliance matters and is highly rated for her ‘forensic approach to complex matters‘.

Practice head(s):

Patrick Rennie

Other key lawyers:

Christina Henry


‘A very digitally-focused practice with unrivalled specialist expertise in gaming, interactive entertainment, film, and TV.’

‘The team is creative and knowledgeable – the go-to team for tough or unusual problems.’

‘The team is led by Patrick Rennie who is brilliant at explaining complex issues in simple (and entertaining) terms. His level of client service is outstanding and overall he is fantastic to work with.’

‘Christina Henry is one of the most knowledgeable and committed data protection lawyers in the UK. Her level of diligence and forensic approach to complex matters sets her apart from competitors.’

‘The team consistently goes above and beyond to understand the specific needs and objectives of each client, tailoring legal strategies accordingly. This client-centric approach ensures that potential clients can expect exceptional service and results.’

‘What sets them apart from competitors is their deep expertise in this complex and evolving field. They possess an in-depth understanding of data protection laws, regulations, and best practices, allowing them to provide invaluable guidance to clients.’

‘One standout partner I had the privilege of collaborating with is Patrick Rennie. His extensive experience and comprehensive knowledge of data protection and privacy laws make him a trusted advisor in the industry.’

‘Patrick Rennie is a brilliant data protection specialist, providing great technical advice and pragmatic solutions.’

Key clients

Thunderful Group AB

Stannah Management Services Limited

Notonthehighstreet Enterprises Limited

The Stars Group t/a Pokerstars (TSG Interactive Services Limited)

Centaur Media PLC

Transaction Services Group Limited

Expereo International BV

Starz Entertainment, LLC

Oxford Strategic Marketing Limited

WHG (International) Limited t/a William Hill

SP Film Production Limited (t/a Sony)

DAZN Media Services Limited

Warner Bros. Discovery

Perform Content Services Limited


Work highlights

  • Acting as the Data Protection Officer for the retail brand, Not On The High Street, advising the business on all aspects of data protection.
  • Long-stranding advisor to Centaur Media, publisher of various b2b publications including The Lawyer, providing advice on collection of personal data (directly and from external sources) as well as acting as its Data Protection Officer.

Clyde & Co

Clyde & Co acts for clients from the tech, insurance, energy, and construction sectors and is adept at handling compliance, risk management, and cyber incident response, as well as data issues related to emerging technologies. Mark Williamson takes point on data protection matters, while Ian Birdsey and Helen Bourne lead on the cybersecurity front; the trio jointly lead the practice.

Practice head(s):

Mark Williamson; Ian Birdsey; Helen Bourne

Other key lawyers:

Madeleine Shanks


‘Clyde & Co has a great global reach. They’re super responsive and have a great depth of experience.’

‘Always super responsive. The Clyde team gives proportionate and direct advice. I’m not sure you can get anyone more experienced in breaches than Helen Bourne and Ian Birdsey. There’s a few great associates too, Maddy Shanks being a standout.’

‘Very skilled combined with excellent pragmatism.’

Key clients



Work highlights

  • Acting as the main trusted data protection adviser to UCL.
  • Advising B&Q on a range of data-related issues relating to its commercial and strategic arrangements.

Cooley (UK) LLP

Cooley (UK) LLP has a full-service cyber, data, and privacy offering with strength in cross-border projects, GDPR compliance, and multijurisdictional data breaches. Guadalupe Sampedro helms the practice and advises clients in the fintech and financial services sectors, while the ‘very knowledgeableAnn Bevitt handles data transfers, breach notifications, and internal investigations.

Practice head(s):

Guadalupe Sampedro

Other key lawyers:

Ann Bevitt


‘Global data privacy team. Very accessible, sociable and communicative. Responding quickly with profound but pragmatic advice and solutions.’

‘Ann Bevitt is very knowledgeable and sound, but also quick and pragmatic in providing direct legal advice as well as obtaining advice from multiple teams on global or multinational issues through her network.’

‘In-depth experience of the tech and payments industry, very pragmatic, great insights into regulatory activities.’

‘Guadalupe Sampedro is fantastic!’

‘The practical business guidance is what makes Cooley so unique. Cooley is like having your own in-house counsel “dream team” of experts who specifically understand the in-house deadlines and drama. I receive rapid, actionable, thoughtful, analysis and guidance.’

‘Guadalupe Sampedro has the gravitas, professional EQ, and executive presence to calm stressful situations. I walk away feeling well-advised and that there is a clear executable plan.’

Key clients

eBay, Inc.

Yum! Brands, Inc.

Grinder LLC

Colt Technology Services

Work highlights

  • Advising eBay on a wide range of data protection matters relevant to their payments business globally (EU, UK, US, Australia).
  • Assisted Yum!Brands, a global restaurant brand, with global data privacy compliance.
  • Representing the social networking app Grindr before the ICO in an investigation regarding its compliance with the GDPR and a Freedom of Information request.

Farrer & Co

Acting for clients in the education, sport, and media sectors, Farrer & Co handles compliance, data retention queries, and data transfers. Henry Sainty leads the team, which also includes Ian De Freitas, head of data disputes, and Owen O’Rorke, whose practice spans both contentious and non-contentious matters. Associate David Morgan is recommended for marketing and adtech compliance advice. Jeremy Isaacson, a freedom of information specialist, and data litigator Tom Rudkin were promoted to partner in 2022.

Practice head(s):

Henry Sainty

Other key lawyers:

Owen O’Rorke; Ian De Freitas; David Morgan; Jeremy Isaacson; Tom Rudkin


‘Highly knowledgeable, skilled, collaborative, hard-working and pragmatic approach to advice and legal services. Particularly impressed with the dedicated forums and webinar series to support in-house lawyers which, in my experience is unique and offers great support for myself and my team.’

‘A brilliant team of lawyers who take the time to give specific, commercially oriented advice. Owen O’Rorke stands out in particular for his responsiveness, exceptional knowledge, and real-world application of the law.’

‘Effective, experienced, personable, diverse team, especially the inspirational Ian De Freitas.’

‘Ian De Freitas – a very experienced skillful lawyer and safe pair of hands.’

‘Great team, providing clear, tailored advice.’

‘Owen O’Rorke gives clear advice, tailored to our needs.’

‘David Morgan is extremely responsive and provides sensible advice.’

‘The team has an excellent knowledge of our business and can therefore provide properly considered and tailored advice. They consider both the legal and commercial issues in all scenarios providing practical advice that can be implemented by the business.’

Key clients

London Business School (LBS)

English Federation of Disability Sport (Activity Alliance)

British Swimming

Logicalis Group

Eton College

Vistra Group

The Economist

Lawn Tennis Association (LTA)

MCC Marylebone Cricket Club


Department for Education

Church of England

Work highlights

  • Acting for Eton College advising on data protection compliance issues including data retention, complaints and queries from parents and pupils involving personal data, and requests from individuals to exercise their privacy rights, erasure and subject access requests.
  • Advising the Economist on its direct marketing and newsletter advertising and its compliance with the UK GDPR and PEC Regulations.
  • Representing Logicalis Group International, a global IT solutions provider, overseeing a comprehensive redraft of the agreement covering its complex international data transfer arrangements, including dealing with differences between ex-UK and ex-EEA transfers, new confidentiality provisions and questions of group liability and regulation.


Jointly led by Lore Leitner and Gretchen Scott, the data, privacy, and cybersecurity practice at Goodwin has a full-service offering with particular strength advising clients in the emerging tech, software, and healthcare and life sciences sectors. The team also includes ‘highly knowledgeable’ counsel Curtis McCluskey and senior associate Josephine Jay, recommended for her data compliance and GDPR expertise.

Practice head(s):

Lore Leitner; Gretchen Scott

Other key lawyers:

Curtis McCluskey; Josephine Jay; Annabel Loose


‘The Goodwin privacy team is knowledgeable, pragmatic, responsive, and really personable and helpful. I have built a great relationship with them and enjoy our interactions and knowledge-sharing.’

‘I have forged great relationships with Gretchen Scott and Curtis McCluskey. As well as respecting and valuing their professional opinions and knowledge, I also really enjoy their company when we have an opportunity to connect socially at events.’

‘Gretchen Scott has a helicopter view of the GDPR and legislation around different countries, a great understanding of the situation and the business needs, and clear judgement. Curtis McCluskey is very knowledgeable, has a helicopter view of the GDPR and legislation around different countries, quick responses and writing of legal documents, always up to the point with a great understanding of the situation.

‘Josephine Jay has great knowledge of GDPR, quick responses and writing of legal documents, always up to the point with a great understanding of the situation, strong on defending the legal choices in writing and in talking.’

‘The Goodwin data protection team demonstrates an exceptional depth of knowledge and a remarkable ability to bridge the gap between the legal framework and practical implementation. Their expertise and insights enable them to provide legal opinions that are not only accurate and reliable but also aligned with the practical needs and goals of their clients. The team consistently goes above and beyond, going the extra mile to ensure the best possible service.’

‘Lore Leitner consistently showcases a deep understanding of data protection compliance and industry expertise. She is skilled at providing well-rounded advice that balances legal compliance with commercial objectives. Annabel Loose provides sound and actionable legal advice and exhibits exceptional responsiveness. Working with them has been a pleasure.’

‘The team are incredibly commercial in their approach and take the time to think about how advice is presented, and the format which would be more accessible and digestible for a busy in-house lawyer. The people are fantastic and a pleasure to work with.’

‘Lore Leitner is a superstar and so knowledgeable. She doesn’t waste your time either. I appreciate her no nonsense, commercial approach to data protection and would always recommend her.’

Key clients

Luka, Inc. (dba Replika)

Chaos Software EOOD; Chaos Group


Semrush, Inc

Transmit Security

CMR Surgical Limited

Medidata Solutions, Inc.

HungryPanda Limited

AM Pharma B.V.

Apart Of Me

HubSpot, Inc.

Thomson Reuters Corporation

HIBio, Inc



Audio Analytic Limited

Meta Platforms, Inc.

SilkRoad Technology, Inc.

Work highlights

  • Assisted Luka, Inc. (dba Replika) in addressing the concerns raised by the Italian Data Protection Authority (“Garante”) and in implementing the necessary changes to comply with the order.
  • Advised Wayfair’s on centralising its approach to privacy, and strategically positioning itself to ensure compliance supports its business objectives around data and advertising its products.
  • Advised Transmit Security on building and developing its GDPR compliance (including advising on its data protection classification – either a processor or controller in relation to each aspect of its products) following its expansion into the EU and UK markets.

Lewis Silkin

Advising across the spectrum of data compliance, risk management, and regulatory matters, Lewis Silkin regularly acts for clients in the retail, media, and publishing sectors. ‘Remarkable, accurate and available‘ practice co-head Alexander Milner-Smith advises leading multinationals on global privacy strategies, employment-related data protection and privacy matters, while co-head Bryony Long has a broad data practice with a particular focus on the adtech industry. The ‘laser-focusedAli Vaziri is a key name for regulatory issues and contentious matters, while managing associate Benjamin Favaro is recommended for his compliance and employment expertise. Managing associate Tom Ford is a key name for multijurisdictional projects.

Practice head(s):

Alexander Milner-Smith; Bryony Long

Other key lawyers:

Ali Vaziri; Benjamin Favaro; Tom Ford


‘The Lewis Silkin team is always very business-oriented, very pragmatic and offers solutions that work from an operational point of view. The team always works very efficiently, respecting the deadlines that are requested.’

‘Alexander Milner-Smith is the one I work with the most in the team. He works enormously, always responds efficiently, pragmatically and quickly to the questions/files that we submit to him. He is remarkable, accurate and available. He never loses sight of the client’s best interests.’

‘Bryony Long has a commercial & consumer background coupled with her sharp mind when coming to GDPR issues. She knows how to advise clients remarkably when it comes to complex questions related to marketing issues, use and reuse of client data, for example.’

‘Ali Vaziri and Ben Favaro are both excellent lawyers, very specialized in the advice they provide to our clients. They are both hard workers.’

‘To me, the quality of work, attention to detail, and holistic industrial knowledge were essential for providing better solutions at every point.’

‘Ali Vaziri considers all the angles when delivering practical advice which takes into account the wider legal and regulatory context making the advice very effective. Ali is laser-focused on the detail but never loses sight of the bigger picture. When it comes to navigating tricky issues, he is my first port of call – especially for strategy and tactics.’

‘Advice is very practical and risk-profile orientated. The team have developed a really good understanding of our business and how we like to consume their advice.’

‘Ben Favaro led on the updating of our company’s group data privacy agreement with the new Standard Contract Clauses. The advice was based on a good understanding of our risk profile and needs. The advice was delivered timely, practically and expertly. I have high confidence in using the Lewis Silkin team for future data privacy-related projects.’

Key clients

Omnicom Group


Daily Mail & General Trust (Associated Newspapers)



Harvey Nichols


Work highlights

  • Advising a tech company on specific aspects of the Networks & Information Systems (NIS) Directives and recommendations for its cybersecurity strategy and compliance programmes across the EU, the UK and globally.
  • Advised a luxury retailer on the development and global deployment of an AI tool that would analyse customer data to generate insights related to their experiences.
  • Advised a technology business on complex data sharing agreements with advertisers, publishers and other advertising technology companies.

Mills & Reeve LLP

Jointly headed by Jagvinder Singh Kang and Gary Attle, the data protection, information, and cyber law practice at Mills & Reeve LLP is well-placed to advise tech, healthcare, and charity sector clients on GDPR compliance, emerging technologies, and international personal data transfers. Attle is the key contact for freedom of information and contentious matters, while Singh Kang handles technology transactions and global compliance projects, benefiting from his software engineering background. ‘Calm and highly intelligent operatorPaul Knight is also recommended.

Practice head(s):

Jagvinder Singh Kang; Gary Attle

Other key lawyers:

Paul Knight


‘What’s impressed us is the depth of knowledge and professionalism of every single Mills & Reeve team member.  No matter what we’ve asked for they’ve delivered by when we need it.’

‘Law firms stand or fall on the quality of their personnel. Working with Paul Knight, as the lead Mills & Reeve partner, means that every Mills & Reeve interaction has the hallmark of quality. Paul is a calm and highly intelligent operator. He’s someone at great pains to really understand where his client is coming from and where they are looking to get to.’

Key clients

Macmillan Cancer Support

Chartered Institute of Personnel and Development (CIPD)



Miles Partnership

Beauty Bay


Indicia Worldwide

Otsuka Pharmaceutical Europe


Work highlights

  • Advised a USA based global hospitality service provider in respect of a cyber breach affecting its global bookings platform.
  • Advised a multi-billion-pound global pharmaceutical company listed on the New York Stock Exchange, on its intra-company global data protection arrangements.
  • Advised Cleveland Clinic on data protection issues relating to its new London hospital.

Morgan, Lewis & Bockius UK LLP

Working closely with its US offices, the data privacy and cybersecurity team at Morgan, Lewis & Bockius UK LLP advises UK, European, and global companies in relation to transactional data privacy matters, data breaches, regulatory investigations, and data sharing arrangements. Key names to note include Matthew Howse, who advises corporations on EU privacy and cybersecurity compliance. Vishnu Shankar joined the firm from the Information Commissioner’s Office in October 2023, while former practice head Pulina Whitaker left in August 2023.

Other key lawyers:

Matthew Howse; Vishnu Shankar

Key clients

Mitek Systems

Sabre Corporation



Premise Data

Work highlights

  • Advised Mitek Systems on complex privacy issues relating to the use of data, including biometric and hashed data, for commercial purposes and on customer agreements and data transfer requirements.
  • Advised Sabre Corporation on all international and US aspects of their businesses including commercial processing agreements, data transfer agreements, compliance with regulatory notices, and mandates from governments for customer data to be provided for contact tracing purposes as well as security incident management.
  • Advised Richemont on numerous matters where privacy and employment intersect, including cross-border projects involving employee and customer personal data.

Pillsbury Winthrop Shaw Pittman LLP

Pillsbury Winthrop Shaw Pittman LLP advises clients across the finance, electronics, and tech sectors on the full range of data privacy, protection, and cybersecurity matters, with notable strength in the drafting of binding corporate rules, data transfer agreements, and EU and UK GDPR compliance. Rafi Azim-Khan oversees the team and splits his time between London and Silicon Valley, while Steven Farmer, noted for his ‘in-depth understanding of complex privacy issues,’ advises start-ups and leading tech multinationals on global compliance issues.

Practice head(s):

Rafi Azim-Khan

Other key lawyers:

Steven Farmer


‘Rafi Azim-Khan is my key contact, and he always takes care of what we need. Even in suddenly urgent situations, he works night and day, across time zones, to deliver.’

‘The team has a deep understanding of the various privacy and data protection rules both in the UK and EU. They are well connected with individual regulators from whom they can obtain informal guidance, which is quite useful.’

‘Steven Farmer is the person I principally work with. His judgement is sound and his advice is practical. I value his knowledge and his responsiveness. First rate in all regards.’

‘The Pillsbury team was extremely knowledgeable and responsive in assisting our company with establishing a UK presence and understanding our data protection and privacy obligations.’

‘Pillsbury has as a team of highly skilled attorneys who have extensive knowledge of European data protection laws, including the General Data Protection Regulation (GDPR), LED and ePrivacy Directive.’

‘As someone who has worked closely with Steven Farmer, I can attest to his exceptional professionalism and out-of-the-box thinking as well as in-depth understanding of complex privacy issues.’

‘We have been working with this team for many years. They are consistent, responsive and able to provide practical advice and guidance for our business. They helped us create a global privacy policies that covers close to 30 countries, and it is digestible and comprehensive all at the same time.’

‘Steven Farmer is our main partner contact. Steve does an excellent job of taking the legal requirements and making them approachable.’

Key clients

G.Network Communications



Morgan Stanley

Bass Pro

PNC Bank

State Street Bank

Institute of International Finance


HM Electronics



PwC LLP benefits from the firm’s large international network and has particular strength in cross-border matters, advising on international data transfers, data protection impact assessments, and global data projects for a diverse roster of clients from the public, automotive, manufacturing, and logistics sectors. The team is jointly led by ‘true professionals’ Chris Cartmell, a cybersecurity specialist, and Fedelma Good, who is noted for her ePrivacy and direct marketing expertise. Associate Stephanie Baker is also recommended for her experience advising on multijurisdictional privacy mandates.

Practice head(s):

Chris Cartmell; Fedelma Good

Other key lawyers:

Stephanie Baker


‘The Privacy team at PwC, led by Fedelma Good, are an exceptional team of individuals with great credentials and a can-do attitude. The team comes from industry and regulator backgrounds and works hard to really understand the challenges a client faces in a globalised market, while having to adhere to localised regulatory requirements.’

‘Fedelma Good has a wealth of experience, and her understanding of compliance requirements is broad and deep. Fedelma makes people feel at ease, and speaks their language, to quickly get to the heart of the issues, and then goes on to instil confidence in the ability of all involved to get the job done in a practical and pragmatic way.’

‘The team really work as a team. All are always up to date about the status of the project. As the team consists of lawyers as well as technical people, the solutions brought to the table are more than just the legal answer to your question. They are genuine solutions that can be implemented. I love the diverse background of the team.’

‘Fedelma Good and Chris Cartmell co-head this team of true professionals. They are really complementary to each other because of their different backgrounds. They are extremely knowledgeable, pragmatic, available and patient. Always enthusiastic and treating you as if you are the only client. An extraordinary level of customer service.’

‘The multi-disciplinary nature of this practice helps to ensure the delivery of practical and well-rounded advice. A flexible approach to billing and their ability to leverage their global network has also been a welcome benefit of instructing this firm and has given them an advantage over the other firms we’ve previously worked with.’

‘Chris Cartmell and Stephanie Baker have demonstrated exceptional client care skills. I’ve heard nothing but praise from the individuals across our business with whom they’ve interacted. In twenty years of working with large/medium size law firms this has been the most responsive and courteous client care I’ve experienced.’

‘Excellent client relationship management skills, pragmatic approach, robust technical skills.’

Key clients

Department for Digital, Culture, Media & Sport (now the Department for Science, Innovation & Technology)

Link Group Service Company Limited

Mott MacDonald Limited

Sainsbury’s Supermarkets Ltd


Aspiring Solicitors

Work highlights

  • Advised Mott MacDonald Limited on numerous data protection matters, including advising on data protection obligations in China, Thailand, Australia and South Africa; 27 data protection impact assessments for its key global systems; and a major project to implement a new intra-group data processing and international transfer agreement to apply across the global business.
  • Advised Australia-based global investment management firm, Link Group, to put in place a market leading solution to assess their international data transfers.
  • Assisted NASDAQ-listed Axon on data protection and privacy issues in connection with its development and deployment of automatic licence plate recognition systems in the UK, Brazil, New Zealand, Australia, France, Germany, Italy, Spain, Netherlands and Belgium.

Stevens & Bolton LLP

Stevens & Bolton LLP’s cross-practice data protection team combines the firm’s commercial, technology, employment, and litigation capabilities, advising clients across the life sciences, insurance, tech, and retail sectors. The ‘razor sharp’ Beverley Flynn leads the team and has significant experience advising on international data transfers, data protection policies, and subject access requests. Key names in the team include Charles Maurice, who handles commercial data protection issues, and Gary Parnell, recommended for his outsourcing, digital tech, and e-commerce expertise.

Practice head(s):

Beverley Flynn

Other key lawyers:

Charles Maurice; Gary Parnell


‘Very clever, approachable team, responsive and full of easy-to-deal-with people. We really rate them.’

‘Standout operators, top lawyers and personable and unstuffy to deal with. Beverley is razor sharp, quick and friendly, with deep subject matter knowledge.’

‘Beverley Flynn – exceptional knowledge and application. Goes beyond the role requirements to support and mentor.’

‘The team is very professional, but also great to work with and able to explain complex issues in plain language. They are also very pragmatic.’

‘Charles Maurice is a skilled data protection expert, always providing hands-on and to-the-point advice. He is also very responsive.’

‘Their unrivalled know-how is reflected in being able to advise the ABPI as well as pharma businesses.’

‘Beverley Flynn has expanded her incomparable know-how. Her combination of technical knowledge & commercial & communication skills are unsurpassed in my experience. Beverley finds solutions that no other lawyers have identified.’

Key clients

DeafKidz International

Kia UK Ltd

Penhaligon’s Ltd

Lit Fibre Group Ltd

Hope into Action

DER Touristik UK Ltd (Kuoni)

Foodient Ltd (t/a Whisk)

BrightStarr Ltd (t/a Unily)

RBB Economics LLP

G&J Distillers (t/a Quintessential)

Work highlights

  • Advising Lit Fibre, the ultrafast fibre home broadband provider, on data protection issues associated with its business as a fibre optic telecoms provider including arrangements with businesses and consumers.
  • Advising Kia UK Ltd on all data protection advice including on telematics for vehicles as well as on the appointment of processes in its marketing arrangements and adtech as well as transfers outside the UK.
  • Advising DTUK, the owner of Kuoni as well as other upmarket travel brands in the UK and overseas, on all arrangements from a data protection perspective including agreements with agencies and providers at travel destinations globally.

Harbottle & Lewis LLP

With significant industry focus on the marketing, adtech, and digital media sectors, Harbottle & Lewis LLP is regularly instructed on mandates relating to the data aspects of advertising campaigns, data breaches, and compliance issues. The team is jointly led by Anita Bapat, who takes point on data protection and privacy matters, and Emma Wright, who leads on the cybersecurity front. Also in the core team is Sacha Wilson, who is recommended for adtech vendor arrangements and digital marketing projects.

Practice head(s):

Anita Bapat; Emma Wright

Other key lawyers:

Sacha Wilson


‘A talented, diverse, down to earth, solution focused and knowledgeable team.’

‘Anita Bapat is a pleasure to work with.’

‘Expertise and current knowledge are hugely beneficial. Consistently thoughtful about the risks to our business and how to balance good practice with the realities of our business model. Always has an option and solution no matter what we throw at them. Calm, thoughtful and totally positive to deal with.’

‘Anita Bapat is brilliant; practical, knowledgable and wonderful.’

‘You expect knowledge and expertise what adds value is practical insights and pleasant working manner.’

‘Sacha Wilson and Anita Babat both combine a depth of knowledge of the field with practical application and a realisation of what will work within companies. Yet they do not shy away from explaining the regulatory or legislative reality. They’re also fun to work with.’

Key clients

The Ozone Project

Havas Media Group

Equal Experts

Knight Frank


De Beers Group

Princess Yachts Limited


MyBuilder (part of the HomeAdvisor group)

Work highlights

  • Advising the Ozone Project, a cutting-edge digital advertising platform owned by major news publishers, including the Guardian, News UK and the Telegraph, on a number of data privacy matters including advising on policies and vendor contracts from a data privacy perspective.
  • Advising SEGA on data protection for the first time on strategically important data protection and technology and projects.
  • Assisted De Beers with the launch of their Tracr platform (which is the world’s only distributed diamond blockchain that starts at the source and provides tamper-proof source assurance at scale) as they launch to various participants on the supply chain; assisted with data protection advice in relation to making the Tracr Platform available to consumers.

Kingsley Napley LLP

Jointly led by Emily Carter and Adam Chapman, the team at Kingsley Napley LLP has a notable specialisation in advising on the data protection and cybersecurity aspects of criminal matters, investigations, and enforcement proceedings. Helen Morris acts for claimants in cases concerning unlawful disclosure of personal data, while Andrew Solomon advises corporate and commercial clients on compliance and international data transfer agreements. Associate Ellie Fayle has particular expertise in tackling right-to-be-forgotten cases.

Practice head(s):

Emily Carter; Adam Chapman

Other key lawyers:

Andrew Solomon; Helen Morris; Ellie Fayle


‘The data protection team provides very practical advice and focuses on implementation rather than over-analysis. We are a small business but operate in multiple jurisdictions which complicates data protection obligations. The team catered to our specific requirements very well.’

‘Emily Carter was very knowledgeable, professional and attuned to client requirements. Andrew Solomon was an excellent responsive associate who provided precise, practical and useful policies and agreements on time and in budget.’

‘They have a very experienced specialist data privacy team.’

‘Helen Morris is a specialist in data privacy who is a partner and great team player. Ellie Faye is a bright and talented associate in data privacy.’

‘This was a collaborative team – they were not just working as lone lawyers, but they complemented each other’s skills. There was regular, reliable, and very personal contact, even beyond usual working hours.’

Pritchetts Law

Bristol-based data privacy and protection boutique Pritchetts Law acts for clients from a diverse range of sectors, including local government, healthcare, travel, and education. Co-head Stephanie Pritchett is noted for her ‘dedication, pre-eminent knowledge and expertise in all data matters,’ working alongside co-head Ben Wootton, who splits his time between London and Bristol and has a broad practice that spans data processing and sharing agreements, compliance, and direct marketing matters.

Practice head(s):

Stephanie Pritchett; Ben Wootton


‘They are truly boutique. Though small in numbers, they deservedly command a presence in the company of other ‘general practice’ firms. Many of their peers are nationally or globally known names who would aspire to be retained by the longstanding clients Pritchetts deliver for.’

‘Stephanie Pritchett stands out for her dedication, pre-eminent knowledge and expertise in all data matters. She is perfectly complemented by Ben Wootton who adds his commercial experience and savoir-faire. Together their advice surpasses that of others I know for its precision, simplification of complex issues and value. It makes them trusted advisers beyond compare.’

‘Pritchett’s are incredibly knowledgeable about their area of practice, easy to get along with, and fun to work with.’

Key clients

Yeo Valley Farms (Production) Limited

The Ceuta Group

Northumbrian Water Limited

The DataRobot Group

National Foundation for Educational Research

Voice and Script International Limited

Link Maker Systems Limited

Symmetry Limited

Mathys & Squire LLP

Sable International Group Limited

PDP Companies Limited

Breast Cancer Now

CFH Docmail Limited



AXA Health

Work highlights

  • Advised Yeo Valley on its data protection audit, drafting detailed privacy notices, responding to data subject access requests and implementing new processes to manage future individual rights requests.
  • Advised VSI, a global provider of translation and post-production services in the broadcasting industry, on compliant use of individual actors’ personal data and voice recordings; international data sharing with its numerous group companies; TV and movie production contracts; and arrangements with international business partners such as Amazon and Netflix.
  • Advised NFER, a leading UK-based educational research organisation, on the expansion of its existing school assessment system. NFER’s aim was to perform longitudinal data analysis outside schools to establish, among other things, the impact of Covid-19 on students’ education.


With strength in emerging technologies, media, e-sports, and the video games sectors, Sheridans benefits from the team’s industry and technical expertise to provide a specialised offering across these industries. The team is overseen by the ‘thoughtful and pragmatic’ Eitan Jankelewitz, and also includes Antonia Gold, who splits her time between the firm’s London and Berlin offices, and Stefano Debolini, who advises well-known tech companies, consumer brands, and investors on the data aspects of novel and emerging technologies, as well as data breaches and regulatory matters.

Practice head(s):

Eitan Jankelewitz

Other key lawyers:

Antonia Gold; Stefano Debolini


‘Very responsive and pragmatic team who tailor solutions to the business making implementation easy. Excellent with both contentious and non-contentious issues and have the ability to navigate complex/unique situations with ease.’

‘Antonia Gold – Excellent partner who displays exemplary professionalism in all aspects of advice. Having such a well-rounded lawyer on board has helped us develop creative solutions to stand out in a competitive environment.’

‘Great team, always a pleasure to work with.’

Key clients


Cognism Limited


Live Nation Entertainment (aka Ticketmaster)

Fédération Internationale des Associations de Footballeurs Professionnels (FIFPro)

Internet Advising Bureau UK (IAB)

Virgin Media


Sumo Digital Limited

The Body Coach


Stainless Games

Build a Rocket Boy

Stink Studios

Work highlights

  • Advised FIFPro on use of player data for support and representation of footballers and in commercial initiatives to help support lower and developing leagues.
  • Advised ESL FACEIT Group on regulatory strategy for data analytics, addressing esports cheating, and cross border data flows.
  • Advised AETN UK on launch of a new Crime+Investigation Play SVOD channel.