Firms To Watch: Data protection, privacy and cybersecurity

Under the leadership of Bristol-based Andrew Dunlop, Burges Salmon LLP advises large corporate clients on a range on data protection and cybersecurity matters, including data breaches.
Freeths LLP handles both contentious and non-contentious data protection and cybersecurity matters, including breach work. The team is led by Luke Dixon, who recently joined from Addleshaw Goddard.
Kingsley Napley LLP fields ‘excellently resourced teams with expert knowledge’, which excel at ICO enforcement proceedings, reputation management issues, compliance work and FOIA requests. Emily Carter leads the practice.

Data protection, privacy and cybersecurity in London

Bird & Bird LLP

Bird & Bird LLP’s international offering is ‘very proactive and has high expertise in technology’. Its large integrated London team handles cross-border data protection mandates in the advertising, financial services, healthcare and technology sectors, often acting for leading household names. The team is co-led by Ruth Boardman, who is well versed in dealing with data protection authorities, including the European Data Protection Board; and James Mullock, whose broad expertise includes data privacy, cyber risk and freedom of information matters. Gabriel Voisin has ‘exceptional knowledge of the industry and an understanding of what companies need’ and is recommended alongside legal director Elizabeth Upton, who handles GDPR compliance and international data transfers. Guadalupe Sampedro left for Cooley (UK) LLP.

Practice head(s):

Ruth Boardman; James Mullock

Other key lawyers:

Gabriel Voisin; Elizabeth Upton


‘Provide very practical and business-oriented advice.’

‘Very modern approach which is very fitting for current in-house needs’.

‘Clients benefit from their incredible network of offices’.

‘Unlike some other firms that I have worked with, they have really high quality work with little to no revision necessary’.

‘Individuals are extremely positive and nice to work with, very inclusive as if they’re part of your team’.

‘Polite, open-minded and fun to work with’.

‘Ruth Boardman leads a great team of privacy and data protection professionals’.

‘Ruth Boardman has unrivalled knowledge and experience’. 

Key clients

Vivendi Group

Cathay Pacific


Tempur Sealy


The British Horseracing Authority


Work highlights

  • Advising Vivendi group and all its associated brands on all of its online advertising initiatives aimed at implementing a transversal data sharing strategy so as to segment and retarget users across platforms and universes.
  • Assisted Cathay Pacific with the roll out of urgent and multi-country on-boarding procedures permitting to process passengers’ health information ahead of departure.
  • Assisting Spotify with international privacy compliance issues.

Bristows LLP

The Bristows LLP team is ‘approachable, responsive and provides advice of the highest quality’, and acts for a slew of leading international technology companies on a broad range of data protection matters, including data breaches, regulatory matters and litigation. Recently, the firm has been advising on a number of Covid-19-related matters, including ‘track and trace’ projects. Practice head Mark Watts ‘very effectively combines expertise across law and technology’ and is well versed in global compliance projects. Robert Bond is a certified compliance and ethics professional, and has noted expertise in cyber-attacks and data incidents. Marc Dautlich is active in the financial services and fintech sectors, while Alex Keenlyside is recommended for data protection litigation. Senior associate Jamie Drucker is also singled out, alongside Hannah Crowther, who is ‘a very impressive associate who is going from strength to strength’.

Practice head(s):

Mark Watts

Other key lawyers:

Marc Dautlich; Robert Bond; Alex Keenlyside; Hannah Crowther; Jamie Drucker


‘Outstanding people and very efficient on costs’.

‘Mark Watts is the calm, wise voice whatever the crisis’.

‘Mark Watts has a huge intellect and experience in his field but always manages to explain it in the simplest of ways’.

‘Excellent data protection and privacy knowledge, combined with a pragmatic and risk-based approach’.

‘They offer professionalism with a strong people-centric culture’.

‘Jamie Drucker has assisted with several matters and has really impressed with the thoroughness and clarity of his advice’.

‘Mark Watts stands out across the industry; he’s pragmatic, precise, dynamic and clear’.                   

‘Marc Dautlich cuts through the legal complexity and provides absolutely first class, practical advice every time’.

Key clients

British Airways


Twitter, Inc.

ChargePoint, Inc.

Facebook, Inc.



WarnerMedia LLC (Warner Bros, HBO, CNN)

Discord, Inc.



Dixons Carphone Plc

Paysafe Group

Work highlights

  • Defended British Airways following the ICO’s decision to fine the company over £183m for a cyberattack; the penalty was reduced by 90%.
  • Represented Twitter in a pan-EU investigation by the Irish Data Protection Commission into a potential personal data breach.
  • Advising long-standing client Google on mission critical data protection compliance matters across its businesses and services, including Search, Maps, Cloud and Ads.


The privacy, security and information group at Fieldfisher is ‘extremely pragmatic, and business and solution orientated, which makes the firm a hugely valuable partner’. The team advises start-ups, growth companies and large multinationals in the financial services, retail and healthcare sectors. Hazel Grant heads up the practice and is recommended for data compliance projects, international data transfers, BCRs and data retention projects. Phil Lee advises cloud, social media and disruptive technology clients on European and international data privacy issues. Director Nuria Pastor is recommended for handling personal data security breaches and regulatory investigations. Judy Krieg left for the Serious Fraud Office at the start of 2021.

Practice head(s):

Hazel Grant

Other key lawyers:

Nuria Pastor; Rehman Noormohamed; Phil Lee; Kuan Hon


‘Hazel Grant leads this team brilliantly and it is clear that she instils her values across the board’.

‘The entire team is fast with responses and the work is done quickly and efficiently’.

‘The Fieldfisher team is very knowledgeable about our business which speeds up discussions and decisions’.

‘We have worked with a number of lawyers at this firm and found them all to be top-tier in their respective fields of practice’.      

‘Kuan Hon is an outstanding lawyer, with a PhD-level of technical knowledge of the products and services that our company develops and sells’.

‘Kuan Hon has provided a seasoned and subject-matter expert level of legal guidance’.

‘Hazel Grant and her associates are responsive, knowledgeable and pragmatic in their approach and advice’.

‘Hazel Grant and Nuria Pastor provide an excellent service and are overall nice people to work with’.

Key clients

dunnhumby Limited

Align Technology

Mitsubishi Pharma

Peloton Interactive, Inc.



Tyson Foods

Free Now

Hasbro, Inc

Work highlights

  • Advising Workday on its UK and EU privacy compliance.
  • Advising Hasbro Inc on its ongoing GDPR compliance.
  • Advising Peloton as a data protection officer (DPO) client as part of the firm’s external DPO offering.

Hogan Lovells International LLP

Hogan Lovells International LLP provides high-level advice to a range of clients and previously advised the European Commission on the drafting of the GDPR legislation. It is particularly experienced in BCRs and data transfers, and has deep relationships with policy makers and regulators. On the contentious side, the practice handles privacy, cybersecurity and data protection litigation. Team head Eduardo Ustaran is an ‘industry leader’, who is well versed in international data flows and advising on new cutting edge technologies, including AI. Nicola Fulford advises technology-rich businesses on compliance issues and data breaches.

Practice head(s):

Eduardo Ustaran

Other key lawyers:

Nicola Fulford


‘Hogan Lovells provides us with access to their global team of data protection professionals’.

‘They are always quick to respond to any inquiries that we, as a global business, may have’.

‘The roles and responsibilities for different jurisdictions are clearly defined and questions will always be answered by the expert in that area’.

‘They undoubtedly have a number of knowledgeable subject matter experts in privacy, particularly Eduardo Ustaran’.

‘A seamless offering for privacy disputes, capable of matching incisive litigation strategy and resources, with an excellent technical knowledge of privacy law’.

‘Eduardo Ustaran has a great knowledge of GDPR and provides very pragmatic, useful advice on how to approach complex compliance issues and regulatory interactions’.

Key clients




Work highlights

  • Acting for on the whole range of business critical issues relating to privacy and cybersecurity affecting its global operations. This has included assisting with the implementation of Processor BCR in the EU and the UK, advising on the strategic approach to compliance with Schrems II, devising new products and services in connection with the collection of data relating to Covid-19 and diversity and inclusion at a global scale.
  • Providing strategic data protection advice to Tapad, a leading online advertising technology company, on its compliance with the GDPR and the proposed ePrivacy Regulation. This has included advising on its engagement with data protection authorities in the EU and the UK, and influencing public policy positions.
  • Advised AmerisourceBergen Corporation on the data protection aspects of its $6.47bn acquisition and privacy integration of Walgreens Boots Alliance, Inc.’s Alliance Healthcare wholesale distribution business in Europe.

Hunton Andrews Kurth LLP

Hunton Andrews Kurth LLP advises large multinational businesses on a range of data protection and privacy issues globally. Its broad expertise includes advising on the compliance of new technologies with existing data protection laws, the development of multi-jurisdictional data protection compliance frameworks and cross-border cybersecurity incidents. Practice head Bridget Treacy is recommended for AI technologies, breach preparedness projects and incidents, and regulatory investigations. Aaron Simpson, who is primarily based in New York, is still deeply involved with the UK team and handles compliance and privacy matters. Senior consultant Rosemary Jay covers all areas of information law.

Practice head(s):

Bridget Treacy; Aaron Simpson

Other key lawyers:

Rosemary Jay


‘What I like best about working with Hunton is that they are very commercial and try to create solutions and plans that make sense for our organisation’.

‘The attorneys are approachable, responsive, relatable and engage in active discussion about the best way to solve privacy matters’.

‘They are exceptionally knowledgeable about the law and maintain a network of local counsel that they can tap into for local insights’.

‘They have effective relationships with regulators’.

‘We appreciate their ability to deliver advice over the phone, often immediately’.

‘Bridget Tracey provides effective advice’.

Key clients

Cybereason Inc.

e.l.f. Cosmetics, Inc.

News Corporation

Silver Lake Technology Management L.L.C.

Tiffany & Co.

TJX Companies, LLC/TK Maxx

TPG Global, LLC

Verisk Analytics, Inc.

Work highlights

  • Advised a global engineering company on the review and update of the company’s global data protection incident reporting procedure, including breach notification in accordance with the GDPR, global data breach laws, and training and other breach preparedness activities.
  • Providing global data protection and privacy advice to TJX Companies, Inc. / TK Maxx.
  • Providing substantial global privacy and data protection advice to a Global Engineering Company, including in the UK, advising on a range of strategic and compliance issues relating to the implementation of the group’s global privacy programme and data transfer issues.

Linklaters LLP

Linklaters LLP handles a range of contentious and non-contentious data protection matters, including GDPR work and ICO investigations. The practice is active in a range of sectors, including the digital health, adtech, fintech, insurtech and AI. Acting for clients internationally and domestically, the team has deep relationships with both European and UK regulators. Practice head Richard Cumbley is ‘a great relationship manager’, who has ‘been consistently excellent over many years’; he focuses on data security incidents, privacy litigation and subject access issues. Georgina Kon acts for public and private sector clients on information governance and privacy matters. Managing associate Alaister Johnson handles multi-jurisdictional privacy projects, and senior privacy counsel Peter Church is adept at dealing with cutting-edge matters which entail complex interactions between technology and the law.

Practice head(s):

Richard Cumbley

Other key lawyers:

Georgina Kon; Alaister Johnson; Peter Church


‘I feel in safe hands with Linklaters, as they make the effort to understand our business and advise based on the reality as opposed to the theory’.

‘Georgina Kon is responsive, helpful and an expert’.

‘Georgina Kon thinks outside the box and her depth and breadth of experience shows in her advice’.

‘Georgina Kon is great in front of the business people, and is able to draw out the information she needs and to instil them with a sense of confidence and assurance, delivering messages that land well’. 

‘Richard Cumbley’s team really knows their privacy related issues’.

‘They understand that we require a commercial solution and their risk-based approach is valued’.

‘Peter Church is excellent – exceptional on detail, very professional, worked very well with my team, and is passionate about his work’.

‘Very strong team across the board’.

Key clients

The Royal Free London NHS Foundation Trust

Work highlights

  • Advising The Royal Free London NHS Foundation Trust on the UK Information Commissioner’s investigation into, and audit of, the use of Google DeepMind’s artificial intelligence technology.
  • Advising a Chinese gaming developer and publishing company on a broad range of GDPR compliance issues, including in connection with privacy by design and age-appropriate design issues.
  • Advising a multinational investment bank and financial services group on a broad range of complex privacy matters in relation to the introduction of a range of new cybersecurity tools across its global footprint.

Allen & Overy LLP

The Allen & Overy LLP team has ‘fantastic expertise in privacy and data protection’, and is recommended for data breach and cybersecurity matters, regulatory investigations and litigation. Its client roster includes a host of multinational, data-rich companies in the technology, telecoms, media and sport, financial services and travel sectors, among others. Through its online legal subscription business aosphere, the firm recently launched Rulefinder Data Privacy, a tool that provides analysis of global data privacy obligations across key jurisdictions. Jane Finlayson-Brown co-heads the team alongside Nigel Parker; Finlayson-Brown handles all aspects of data protection and digitalisation work and issues around emerging technologies, while Parker deals with cybersecurity issues.

Practice head(s):

Jane Finlayson-Brown; Nigel Parker


‘They are highly knowledgeable and able to steer us in the best way to achieve compliance’. 

‘Jane Finlayson-Brown is superb and leads a formidable team’.                     

‘In particular, I want to commend them on their weekly data protection briefing which is my “go-to” update – it covers a good range of countries and regions and related topics in bite-size form’.

‘Jane Finlayson-Brown is responsive and a great relationship manager’.     

‘Nigel Parker was supportive and responsive, and the quality of work produced under pressure was excellent’.  

‘The risk advisory team is very knowledgeable’.

‘In addition to bringing a legal perspective, they also included on the team a former head of the regulatory body who understands best practices’.  

‘Most importantly, they are willing to provide advice on complex decisions based on their business judgment’.

Key clients


Four Seasons Hotels

Axis Bank


The Co-operative Group




News UK


Photobox / Moonpig

Rimini Street

Royal Bank of Canada

Royal Mail

IMI Precision Engineering


Incomm Payments

Columbia Threadneedle

Work highlights

  • Advising a multinational technology company on the data protection aspects of the rollout of a pioneering Covid-19 testing programme in the UK and EU.
  • Advising a global financial services provider in relation to a range of digital/data initiatives, including its use of cookies across Europe and its online behavioural advertising activities via real-time bidding (RTB).
  • Advising Four Seasons Hotels on a range of data privacy matters globally.

Baker McKenzie

Baker McKenzie provides seamless cross-border advice on multi-jurisdictional privacy compliance programmes and data protection matters. Its client base includes household names, which it advises on M&A deals and commercial transactions, breaches and investigations, cybersecurity work, employment issues and GDPR matters. The team is headed up by Paul Glass, who recently joined from Taylor Wessing LLP and is recommended for contentious data protection work and technology and IT disputes. Harry Small handles both contentious and non-contentious work, including international data protection programmes, and Julia Wilson is experienced in regulatory matters, data breaches, ICO investigations and enforcement issues.

Practice head(s):

Paul Glass

Other key lawyers:

Julia Wilson; Harry Small


‘Baker McKenzie is very strong on matters of EU data protection law’.

‘Their considerable tech industry experience means they’re able to deliver practical risk-based advice and market-calibrated solutions’.

‘Their strong global presence means they can quickly and seamlessly call on colleagues in other jurisdictions when the need arises’.

‘Paul Glass is an experienced and highly technical lawyer who will make himself available at all hours on short notice’.

‘The team at Baker McKenzie combines deep expertise with commercial application’.

‘We regularly reach out to them for a view on more complex, multi-jurisdictional matters and consistently receive clear and concise advice’.

Key clients




CMS fields a ‘very personable and professional’ team which provides global data protection advice and emergency support. It has considerable experience in global data transfers, compliance issues and ICO investigations, and also handles cybersecurity work including data breach response initiatives. The ‘knowledgeable and responsiveEmma Burnett heads up the team and is active in the financial services, consumer products and adtech sectors. The firm recently launched the CMS Breach Assistant, a tool that provides ready-to-access guidance on data loss in over 70 countries. Tristan Hall is a name to note for cyber breaches and follow-on claims, while Loretta Pugh is knowledgeable in the field of new technologies, including AI.

Practice head(s):

Emma Burnett

Other key lawyers:

Tristan Hall; Loretta Pugh


‘The team are responsive, have a good breadth of experience and are a safe pair of hands’.               

‘They were able to wade through the complexities of privacy regulations and present them to us in easily digestible bites of information’.

‘Emma Burnett never made me feel rushed or that my question was trivial’.

‘They provide comprehensive and very detailed advice’. 

‘Partners are very good at providing solutions on how to resource work and offer creative cost- minimising billing solutions’.

‘CMS are our “go-to” firm for data protection advice’.

‘We value the team’s subject matter expertise, understanding of who we are, cross-sector perspective and focus on innovation’.

‘The use of tech to support on complex data subject access requests has been a game changer for us’.

Covington & Burling LLP

Covington & Burling LLP handles regulatory, policy, data protection, consumer protection, AI and data security matters, and is active in the life sciences, media and financial services sectors. Key practitioner Daniel Cooper is experienced in representing clients before regulatory authorities in Europe and also advises on global compliance initiatives.

Practice head(s):

Daniel Cooper


Technically excellent on both the law and the technology’, Dentons takes the lead on global cybersecurity and data protection matters, providing cross-disciplinary advice in relation to data incidents and compliance work. The practice also handles regulatory investigations and litigation following data breaches, contentious data subject access requests and privacy activist complaints. Nick Graham leads the team and has recently been assisting businesses with the fallout from the Schrems II ruling. Simon Elliott provides international data advisory support, while Antonis Patrikios handles data privacy and cybersecurity matters. Martin Fanning, who is ’exceptionally strong on client relations’, is recommended for binding corporate rules and international data transfer projects, and counts financial institutions and large corporates among his clients.

Practice head(s):

Nick Graham

Other key lawyers:

Simon Elliott; Martin Fanning; Antonis Patrikios


‘This team is one of the strongest I’ve worked with in the field’.

‘They spent time getting to know our business inside out’.

‘They are commercial and experienced, and able to give strategic, risk-based advice’.

‘Martin Fanning picks up with positivity whatever challenge we take to him, is creative in problem solving, and very calm and constructive’.

‘They have demonstrated rich experience in data privacy laws to help our company expand our business in the EU’.

‘Antonis Patrikios has a deep understanding of adtech and his advice is always pragmatic and commercial’.     

‘Their reaction time and quality of deliverables and advice exceeds our expectations’.

‘One of the strengths that we value is its global network, which makes it possible to efficiently offer a one-stop service to a multinational enterprise like us’.

Key clients

Avis Budget Group


Essential Living

John Lewis Partnership

Virgin Atlantic

Worldwide Clinical Trials

Work highlights

  • Advising John Lewis on strategic data privacy projects and also on its operationalised implementation of GDPR.
  • Acting as Avis Budget Group’s ‘one stop’ for all data privacy issues on a global basis, including GDPR, CCPA and other emerging privacy laws.
  • Acting as the preferred GDPR advisors for a number of companies within the Virgin family, including Virgin Management (the Virgin TopCo), Virgin Atlantic, Virgin Voyages, Virgin Galactic and Virgin Hotels.

DLA Piper

DLA Piper is ‘exceptional in its ability to understand technically and operationally complex issues’. The practice acts for both private and public sector clients, including government departments and large international financial institutions, and handles a number of multi-jurisdictional data compliance programmes, cyber-attacks and litigation. Ross McKean co-heads the practice alongside Andrew Dyson; McKean is recommended for global data governance, information security and breach response issues, and Dyson handles advisory matters, engagements with regulators and cybersecurity mandates. David Cook, who joined as legal director from Eversheds Sutherland (International) LLP in March 2020, brings with him regulatory, civil and criminal litigation experience.

Practice head(s):

Ross McKean; Andrew Dyson

Other key lawyers:

David Cook


‘Clear, robust and pragmatic advice on the most serious events and issues’. 

‘Their thought leadership is recognised across the industry and the firm is sought out by leading financial institutions and leading cyber firms’.       

‘Ross McKean is a star lawyer and the first port of call if the challenge is large or complex’.

‘Andrew Dyson is unflappable, easy to deal with, commercial and pragmatic, well connected and always available’.

‘DLA have large teams covering a wide variety of legal matters with office locations across the globe providing great international reach’.

‘As a global business we have operations in many different countries and DLA’s breadth and depth of expertise means they are able to support us on a range of issues and cover all of our requirements for external legal support’.

‘DLA have a diverse client base and the team have a really good knowledge and understanding of many different industries and sectors, which is invaluable when it comes to navigating industry wide issues’.

‘Their lawyers are technically first class and their advice and guidance is always on point’.

Key clients

Chubb Insurance Group SE

NHS Test & Trace

Visa Europe Limited




Reckitt Benckiser

Marriott Vacations

Department for Digital Culture Media and Sport (DCMS)

The Hut Group

Work highlights

  • Advising the Department for Digital Culture Media and Sport (DCMS) on future data policy for the UK.
  • At the onset of Covid-19, advised NHS Test & Trace on privacy and data protection issues associated with the development of the Covid-19 contact tracing mobile application.
  • Advising the global privacy office within Reckitt Benckiser, the British multinational producer of health and hygiene products, on the implementation of its global privacy compliance project.

Eversheds Sutherland (International) LLP

The ‘very practical and pragmatic’ team at Eversheds Sutherland (International) LLP handles a range of data protection and cybersecurity matters, and leans on its international network to provide a joined up approach on cross-border mandates. Paula Barrett heads up the team and is supported by Liz Fitzsimons, who has ‘excellent knowledge of data protection law and its development at an international level’. Philip James joined from Sheridans and Dave Hughes was promoted to partner.

Practice head(s):

Paula Barrett; Liz Fitzsimons

Other key lawyers:

Philip James; Dave Hughes


‘The practice covers comprehensively a number of areas of law and enables a very good coverage of our needs’.

‘The ability to pull together and coordinate efficiently a team of lawyers covering different areas for a project is really a great asset’.

‘Liz Fitzsimons has a very pragmatic approach in responding to queries’.

‘The clarity of communication was excellent’.

‘The team have strong insight into the sector having engaged with industry in various ways’.

‘The team is top notch in terms of expertise, commercial acumen and client care’.

‘They are always quick to respond to urgent matters and provide very pragmatic advice’.

‘They have good links with other experts, and having a global presence makes their insight more invaluable’.

Key clients





Thames Water


DWR Cymru Welsh Water

Heathrow Airport


Eastman Chemicals

Kering Group


National Grid


ADP (Automatic Data Processing) Inc

Work highlights

  • Acting for Thames Water under an ongoing retainer, acting as sole data protection and EIR adviser.
  • Acting as sole cybersecurity and privacy counsel for a global chemicals company.
  • Advised an American multinational on its Brexit-readiness program.

Latham & Watkins

Latham & Watkins acts for a range companies, from start-ups to large multinationals, on a wide variety of privacy and security matters. The practice is well versed in advising on the data protection aspects of corporate deals, and also handles compliance issues, investigations, regulatory matters and litigation. On the cybersecurity side, the team is recommended for crisis responses following serious data leaks and cyberattacks. Gail Crawford heads up the practice and is well regarded for cross-border data privacy compliance work, with a focus on the technology, financial services, asset management, media and healthcare sectors. Fiona Maclean handles cloud and outsourcing matters, and Ian Felstead is a name to note for litigation and regulatory disputes.

Practice head(s):

Gail Crawford

Other key lawyers:

Fiona Maclean; Ian Felstead; James Lloyd


‘James Lloyd is very sharp, easy to work with and provides careful but practical advice’.

‘James Lloyd is a very impressive partner who knows the law, and technology, on cybersecurity security breaches inside out’.

Key clients

Facebook, Inc.

Ernst & Young


Citi Ventures, Inc.

Pipedrive, Inc.

Silver Lake Partners

ironSource Ltd.

Sony Pictures Entertainment

ReCor Medical


Work highlights

  • Representing Facebook in over a dozen major complex, global regulatory enforcement matters, including regulatory proceedings stemming from Facebook’s September 2018 data breach.
  • Acting as the trusted adviser to EY Global Services on global data privacy issues.
  • Advised Intuit, Inc., a global technology platform and financial software company, on cross-border data privacy matters in connection with a number of its strategic acquisitions.  

Norton Rose Fulbright

Norton Rose Fulbright has ‘a depth of knowledge and strong international team which can handle multi-jurisdictional issues seamlessly, and with great expertise’. With a strong focus on cybersecurity work, the practice handles a large number of high-profile data breaches and is well versed in cyber incident responses. On the data protection side, the team advises large corporate and government clients on global compliance policies and procedures. Practice co-head Marcus Evans is experienced in large cross-border privacy projects and outsourcing matters. Fellow co-head Ffion Flockhart is recommended for cyber risk management work and Lara White handles privacy issues for financial services, insurance and technology companies.

Practice head(s):

Marcus Evans; Ffion Flockhart

Other key lawyers:

Lara White; Janine Regan


‘Working with each member of the team and the team as a whole has been a positive experience’.

‘They are all highly motivated, friendly, hard-working and produce work to a high standard’.

‘When considering Norton Rose Fulbright alongside other law firms, my general sense is that they are more professional and more experienced’.

‘Ffion Flockhart leads by example with respect to extremely high levels of professionalism, which manifests itself as demanding extremely high quality work from all those around her’.

‘The Norton Rose Fulbright team has been extraordinarily understanding in shaping guidance to our needs in addition to of course providing sound legal judgment’.

‘Marcus Evans is extremely knowledgeable but also extremely collegial’.

‘Lara White is one of the most knowledgeable legal counsel I have ever worked with; her advice is incredibly well reasoned and well supported’.

‘Norton Rose is the only firm I’ve worked with that consistently presents a cogent, practical and synthesised response to questions I pose’. 

Key clients


Bank of Montreal


Cathay Pacific

Chicago Metal Exchange

CNA Hardy


Guy Carpenter




Legal Utopia

Lucozade Ribena Suntory

Marsh McLennan

Mitsubishi Electric





Qantas Airways


T Rowe Price


Pinsent Masons LLP

Pinsent Masons LLP is ‘very responsive and provides great detailed, technical, and yet pragmatic and practical advice in complex matters’. Cybersecurity and privacy litigation are key areas of focus for the practice, which also handles general data protection compliance work. Drawing on strength from its international network, the firm is well placed to handle international data transfers and other cross-border matters. Claire Edwards is global head of information law and ‘understands complex legal issues very quickly’. David Barker is a name to note for disputes and handles a range of contentious data protection litigation, while David McIlwaine brings experience in cybersecurity matters, with a focus on cyber-attacks and ransomware issues. In April 2020, Jonathan Kirsop joined from Stephenson Harwood and Ian Birdsey left for Clyde & Co LLP.

Practice head(s):

Claire Edwards; David Barker ; David McIlwaine

Other key lawyers:

Jonathan Kirsop


‘The team has a solid understanding of data protection laws as well as digital privacy and ad tech laws’.

‘They understand the limitations that a business may have, and work with the business to come up with a practical and compliant solution’.

‘The Pinsent Masons team worked well with a range of client stakeholders to deliver accessible advice that could be operationalised’.

‘Claire Edwards has been fantastic at providing practical legal advice in our very specific context, rather than just rolling out generic, theoretical advice’.

‘Compared to other firms, Pinsent Masons’ data protection team is keen to investigate matters in depth in order to provide recommendations tailored to the matter at hand’.

‘True depth in expertise, with the ability to apply their knowledge in sector specific scenarios’.

‘A very well-rounded practice with detailed industry knowledge’.

‘Pinsent Masons delivers commercially pragmatic advice and solutions to all our data protection matters’.

Key clients

Google LLC

Tesco Stores Ltd


Honda Motor Europe Ltd

Dixons Carphone plc

Open Data Institute


Liberty Mutual

Visa Europe

Post Office

Tesco Bank

Barclays Bank


World Athletics

The Body Shop International

JD Wetherspoons

LK Bennett

The Jockey Club

AO Limited


Work highlights

  • Assisting Honda Motor Europe Ltd with data protection and electronic privacy issues relating to its connected car services.
  • Advising Google LLC on Richard Lloyd v Google, a landmark £3bn+ case in the field of data privacy class actions.
  • Advising Dixons Carphone plc. in relation to its 2018 data security incident and various related matters including a regulatory investigation and ongoing appeal of the ICO’s Monetary Penalty Notice.

Taylor Wessing LLP

Taylor Wessing LLP focuses on the technology and healthcare sectors, with notable experience in emerging technologies, including AI, blockchain, biometrics and adtech. Acting for early stage companies as well as large international businesses, the practice handles GDPR, data and cyber risk issues. Vinod Bange is head of the UK data protection practice and acts as privacy counsel to a number of companies, providing strategic boardroom support. Chris Jeffery handles international data privacy matters, including compliance and operational issues. Paul Glass left for Baker McKenzie in October 2020.

Practice head(s):

Vinod Bange

Other key lawyers:

Chris Jeffery; Graham Hann


‘They provide pragmatic and useful advice calibrated to your line of business and risk tolerance’. 

‘They are technically very savvy and really understand cloud computing and the needs of cloud providers’.

‘Very responsive, with a wide network of attorneys globally’.

‘Chris Jeffrey always goes above and beyond with pragmatic solutions to very difficult problems and issues’. 

‘Chris Jeffrey and his team have never failed us’. 

‘Strong data protection knowledge and healthcare sector expertise with an international perspective’.

‘Advice is always commercial and pragmatic with a deep understanding of the healthcare and life sciences implications’.   

Key clients



Live Nation


Work highlights

  • Advised SEGA on the impact of the Children’s Code on its main catalogue titles and games in development and increasing awareness across its key stakeholders’ groups across its UK, European and US studios.
  • Advising LiveNation Entertainment on a range of multijurisdictional GDPR and e-privacy matters.
  • Advised Burberry in relation to ongoing GDPR challenges and in particular in relation to Brexit readiness.

Clifford Chance LLP

Clifford Chance LLP’s data privacy and cybersecurity practice was recently bolstered by the arrival of Simon Persoff, who joined from DLA Piper and brings a wealth of experience in cyber security and banking secrecy matters. Jonathan Kewley heads up the team and handles data protection issues for technology, data and IP-heavy businesses, while Kate Scott is a name to note for disputes and litigation, and has particular expertise in the AI and crypto-asset arenas. The team, which provides ‘clear, accurate and commercial advice’ is known for its international and cross-practice expertise, which includes handling data and cyber breaches.

Practice head(s):

Jonathan Kewley

Other key lawyers:

Samantha Ward; Kate Scott; Simon Persoff


‘Very responsive team, that gave very clear advice’.          

‘They take extra effort to understand their clients and the operational environment that their client’s face, which is so important’.

‘Simon Persoff is extremely responsive and provides clear, practical, commercially sensitive advice’.

‘Jonathan Kewley is a superstar of the tech law and policy world’.

‘Jonathan Kewley combines strong technical knowledge with excellent attention to clients’ commercial interests.’

‘Simon Persoff is a technical expert with a deep understanding of the GDPR and other data protection regulation’.

‘Simon Persoff is incredibly hard working and committed to giving clients a high quality service’.

‘Kate Scott is a new partner who is carving out a real niche in technology disputes’.

Key clients

News Group


Work highlights

  • Advising a private equity client on maturing its global data protection compliance programme, including conducting a detailed data mapping inventory of personal data processing, drafting privacy notices, conducting data protection impact assessments, advising on use of data analytics in its portfolio companies and managing risks associated with the transfer of personal data to third countries.
  • Advising a major global financial institution on assessing the key legal risks and opportunities linked to its five-year technology strategy, which covered a range of topics including the future of international data transfers, the outlook for Big Tech, inclusive tech, innovation and the choice of build vs. buy. vs. compete, and the reassertion of individual ownership over data.
  • Advising a multinational insurance sector client on its response to a cyber incident involving data exfiltration and a ransomware attack, including issues surrounding demand for crypto-currency ransom, jurisdictional analysis, notifications and engagement with supervisory authorities.


In January 2020, Stewart Room joined DWF to co-head the team alongside James Drury-Smith and JP Buckley; later in 2020, a number of Room’s previous team at PwC LLP also joined the practice. Room brings a wealth of global data protection and cybersecurity expertise to the practice, which is already renowned for handling the contentious aspects of high-profile data breaches. Drury-Smith is recommended for compliance matters and the implementation of privacy governance models, while Buckley handles strategic and operational compliance matters.

Practice head(s):

Stewart Room; James Drury-Smith; JP Buckley


‘They have exceptional experience in data protection and privacy in the retail sector’.

‘It is a pleasure to work with the team’.  

‘James Drury-Smith is extremely competent and experienced’.

‘James Drury-Smith is very responsive and always available to provide clear and concise advice’.

‘JP Buckley is a rare lawyer – the type who can deliver rock solid legal work and opinions that go to the heart of what a company requires’.

‘Stewart Room is a high energy, deep subject matter expert’. 

‘Stewart Room is disciplined, pragmatic, and focused on excellent client service’.

‘Impressive technical and legal knowledge, a focus on excellent client service and a determination to deliver an agile response’.

Key clients

Visa Europe Limited

Virgin Media Limited

Centrica plc

Missguided Limited

Ocado Retail Limited

Tysers Insurance Brokers Limited

Hard Rock Cafe International (USA), Inc.

Flixmedia Limited

NHS Digital

Swissport GB Limited

Yum Restaurant Services Group LLC

WM Morrisons Supermarkets Plc

British Airways plc

BT Group plc

Markerstudy Insurance Services Limited

Liverpool Victoria Financial Services Limited

Comparison Technologies Limited

Johnson Matthey plc

Pet Health Inc.

Yopa Property Limited

Reckitt Benckiser Group plc

Equiti Capital UK Limited

Severn Trent Water Limited

Greater Manchester Travelcard Limited

Work highlights

  • Appointed to Virgin Media’s legal panel in 2020, providing support on all aspects of data protection and cyber security, such as international data transfers, directing marketing and Data Subject rights.
  • Successfully represented Morrisons in landmark litigation relating to the employer’s vicarious liability for the data breaches caused by an employee.
  • Developed models for the legal delivery of cookies and other online tracking technologies for a global adtech service provider.

Herbert Smith Freehills LLP

Herbert Smith Freehills LLP combines ‘strong legal technical skills with commercial pragmatism’, and has noted experience in data protection, privacy and cyber security issues internationally. Fielding a cross-practice, cross-sector and cross-border team, the practice is well equipped to handle global compliance issues, investigations, transactions and cyber incident response work. Andrew Moir is a key name for breaches of personal data, ransomware attacks and other cyber issues. Miriam Everett handles the full life-cycle of data protection issues, while Christine Young is recommended for data subject rights matters and litigation.

Practice head(s):

Miriam Everett; Andrew Moir; Christine Young


‘Responsible and reliable input to any legal query’.

‘Deal with novel topics in a creative and innovative manner’.

‘Miriam Everett is a subject matter specialist on privacy and has excellent availability and reactivity’.

‘The consistent quality of individuals within the team across all geographies ensures that advice is consistently reliable, prompt, business focused and solution orientated’.

‘Miriam Everett is an exceptionally talented privacy lawyer’.

‘Andrew Moir provides excellent knowledge and a very calm demeanour – exactly what you need in a crisis’.

‘Andrew Moir is thorough and forensic in his approach, with excellent communication and client management skills’.

‘Excellent technical knowledge of the law and of the technology often used in the processing of data by malicious actors’.

Key clients


Royal Mail

Hays plc

e-Mersion Media

KodyPay Limited

Willis Towers Watson





Work highlights

  • Advised KodyPay on a range of contractual and data privacy compliance related documents to support the launch of the new KodyPay App being launched on the campus of the University of York.
  • Advised e-Mersion Media on the complete data lifecycle of data protection compliance, including a deep-dive into its privacy practices and customer journey in relation to its digital launch and partnerships with magazine publishers.
  • Advised Hays on a multitude of privacy-related challenges, including industry-wide sector-focused compliance audits initiated by two European regulators and a multi-jurisdictional refresh of its policies and practices.

Mishcon de Reya LLP

Mishcon de Reya LLP has recently bolstered its team with the arrival of Mark Deem from Cooley (UK) LLP in late 2020, and Ben Lasserson and Ashley Winton in early 2021 from FisherBroyles and McDermott Will & Emery UK LLP, respectively. Praised as ‘charming and knowledgeable in equal measuresAdam Rose heads up the team with over 25 years of experience in data protection and freedom of information law. Senior data protection specialist Jon Baines is recommended for both contentious and non-contentious GDPR matters. The team acts for a range of high-profile multinationals and public sector clients on compliance matters and data protection litigation.

Practice head(s):

Adam Rose

Other key lawyers:

Jon Baines; Mark Deem; Ben Lasserson; Ashley Winton; Joe Hancock; Stuart McMaster


‘The Data protection, privacy and cybersecurity team with Mishcon provides a very practical and client oriented approach. It’s especially valuable when you have a threatened litigation as the team understands the need to engage a barrister at very early stages.’

‘An expert team able to dial in experience from across the firm quickly whatever the sector overlaps. Often to be found in the most innovative work but active for both claimants and defendants which gives them a strong base of experience.’

‘Adam Rose is an excellent leader of the team. Knows the area inside out. Works very hard and has good instincts. Hiring Jon Baines was an excellent move, creating a team really able to add value and service clients at all levels.’

Key clients

Jenny, The Accidental American


Entain (formerly GVC)


Betting & Gaming Council

Work highlights

  • Acting for Jenny, The Accidental American, in a claim that, in breach of GDPR, personal data relating to her is being systematically transferred to the US, as a result of the application of FATCA and the Common Reporting Standard (or CRS).
  • Advised the Betting & Gaming Council on the proposed launch of a multi-operator data sharing scheme (the “single customer view” scheme), including advice on data protection and gambling regulatory compliance.
  • Acting for a number of International Baccalaureate students and families in relation to the algorithm which made automated decisions about student grades.

Orrick, Herrington & Sutcliffe (UK) LLP

Orrick, Herrington & Sutcliffe (UK) LLP provides ‘an excellent global perspective through a geographically and culturally diverse team’. The practice, which is strong on both contentious and non-contentious cyber and data protection matters, is led by Keily Blair, who is recommended for data privacy work and pre- and post-data breach counselling. Faraaz Samadi joined from Milbank in August 2020.

Practice head(s):

Keily Blair

Other key lawyers:

Faraaz Samadi


‘With their sound advice and expert counsel, everything went just as we expected or even better’.

‘Their professionalism in this field we believe is excellent and worth every dollar we spent’.

‘They provided us with around-the-clock service during those tough Covid-19 quarantine times and arranged teleconferences for us anytime we needed’.

‘Keily Blair has an outstanding command of the international legal landscape relating to data and security breach requirements’.

‘Keily Blair has exceptional business acumen and leadership strengths’.

‘Strong attention to collaboration with partner firms in jurisdictions where they do not have offices’. 

Key clients

Baidu, Inc


Workday, Inc.

Deltek, Inc.

Juniper Networks

Technologies of Voice Interface Limited

Work highlights

  • Assisted Baidu with the launch of its social and wellbeing apps in Europe and the UK, providing advice that balanced the complexities of offering a global, cutting-edge, data-heavy consumer product in a heavily regulated EU market, as well as the growing issue of international transfers of personal data outside the EEA.
  • Providing privacy and cybersecurity advice to a multi-billion dollar, international e-commerce company.
  • Advising an online mobile multiplayer competition platform that is integrated into a number of iOS and Android games on the review and uplift of its privacy practices to meet its general compliance with EU, UK and US data protection law including compliance with new iOS 14 privacy requirements.

Osborne Clarke LLP

Osborne Clarke LLP is particularly strong for cyber breach work and general data protection matters; it handles both contentious and non-contentious issues, such as cybersecurity mandates, GDPR advisory work, information law issues and litigation. Practice head Mark Taylor is experienced in the financial services and digital business sectors, and has ancillary expertise in fintech, digital payment, encryption and electronic signature mandates. Ashley Hurst advises multinationals on cyber incident responses.

Practice head(s):

Mark Taylor

Other key lawyers:

Ashley Hurst

Key clients




Western Power Distribution


Verizon Media (also known as Yahoo! EMEA)



Wirecard Group

Virgin Experience Days

UK Power Networks

Beiersdorf (Nivea)


Automattic (WordPress)

Work highlights

  • Acting for LexisNexis and World Compliance in respect of three separate data protection claims initiated against LexisNexis in the Courts of England & Wales by three high-net-worth (and high-profile) individuals.
  • Advised the European Commission H2020 project, known as MyCorridor, on developing and piloting an EU cross-border “Mobility as a Service” mobile app.
  • Advised Wirecard Group on a variety of complex data protection issues relating to its transaction and payment processing delivery models, and in particular supported on the data protection aspects of its restructuring and divestment of various businesses.

Paul Hastings LLP

Paul Hastings LLP’s data privacy and cybersecurity practice advises both domestic and international clients on regulatory compliance issues, investigations, data breaches and litigation. It has recently been advising clients on the implications of Brexit and the CJEU’s Schrems II ruling. The team, which works closely with its counterpart in the US, is particularly active in the financial services, fintech and AI sectors. Sarah Pearce leads the practice and has a broad client roster, ranging from fast-growth start-ups to public sector organisations to large multinational businesses.

Practice head(s):

Sarah Pearce 


‘The attention and follow up they have provided through the whole assessment has been really great, we work in different time zones and their response has always been speedy and accurate’.

‘Sarah Pearce personalises the experience and does everything so that the assessment she gives meets with our expectations and facilitates our decision making’.

‘Sarah Pearce is extremely professional and a great human being’.

‘Sarah Pearce is not only a very well established subject matter expert in this space but she has the added benefit of being very pragmatic and engaging’.

‘Sarah Pearce can talk the talk and walk the walk, instead of just providing theoretical counsel’.

‘Paul Hastings has productised their offering in this space; this enables them to both provide bespoke advice to clients who prefer the more traditional approach, but also cost-effectively service clients of varying sizes and sophistication who can pick and choose from pre-developed packages’.

Reed Smith LLP

The ‘available, responsive, pragmatic and thorough’ team at Reed Smith LLP offers ‘excellent attention to detail’; advising on a range of data protection and cybersecurity matters. The firm leans on its international network for support and is active in the life sciences, energy, media and entertainment, and financial services sectors. The team is headed up by Cynthia O’Donoghue and Elle Todd.

Practice head(s):

Cynthia O’Donoghue; Elle Todd

Other key lawyers:

Philip Thomas


‘Clear and thoughtful legal analysis’.

‘Highly dependable matter management’.

‘The team was outstanding, really helpful and readily available when needed’.        

‘This team have been generous with their time’.  

‘Philip Thomas understood our requirements and patiently took time to help us communicate the complexities of the documentation to our organisation’.

‘The Reed Smith team has been a huge support for our company’. 

‘Whenever issues may arise, Philip Thomas, our direct point of contact, is very responsive with great solutions’. 

‘Philip Thomas has great attention to detail and understands the client’s needs’.


The RPC team ‘straddles the media and technology departments, and as such is able to offer its defendant clients expertise across these related fields’. It is well versed in GDPR compliance issues, SARs, data sharing work, data breaches and international data transfers. Jon BartleyRichard Breavington and David Cran jointly head up the team.

Practice head(s):

Jon Bartley; Richard Breavington; David Cran


‘They have a great and deserved reputation for this work in the industry’.

‘Specialists in data protection claims with a clear strength in strategy and clear, concise language’.

‘Richard Breavington is very strong in data protection litigation matters’.

‘Clear and concise in their strategic advice and assistance’.            

‘Jon Bartley is approachable, pragmatic and very knowledgeable both with respect to data privacy and the technology sector’.          

Key clients

Facebook Inc.

MGN Limited

Board Intelligence

McArthurGlen Group

Bloomberg LP

Hachette UK Limited

MGN Limited

Frasers Group

Work highlights

  • Acted for techUK in its role as intervening party in the Supreme Court case of Richard Lloyd v Google LLC (on appeal from the Court of Appeal).
  • Acted for ANL, publisher of the Mail on Sunday and MailOnline, in the litigation brought by the Duchess of Sussex following publication of extracts of a letter she wrote to her father shortly after her wedding to Prince Harry in 2018.
  • Advised longstanding technology client and the world’s largest social network, Facebook, on the setting up of its much-anticipated Oversight Board, to hear appeals and issue binding decisions about content moderation on Facebook’s platforms.

Simmons & Simmons

Praised as ‘an approachable firm, with a broad range of talents’, Simmons & Simmons has a focus on the financial services, healthcare and technology, media and telecoms sectors; its multidisciplinary team draws on strength from IT, employment and dispute resolution experts. As well as acting for large multinational clients on international data protection compliance projects, the firm also deals with international data breaches. Alexander Brown heads up the practice; he is experienced in providing data protection advice around the deployment of digital technologies.

Practice head(s):

Alexander Brown

Other key lawyers:

Lawrence Brown


‘They are always willing to help and firmly understand the needs of an organisation through their unique ability to look at the bigger picture’.

‘Alexander Brown is an exceptional lawyer’.

‘Alexander Brown has a unique ability to simplify complex issues and focus on what matters’.

‘I have been impressed with Alexander Brown, he is able to provide practical guidance which is commercially pragmatic taking regulatory risk into account’. 

‘Excellent in data related matters, with practical advice and solutions’. 

‘Attentive and turned around deliverables in reasonable time-frames’. 

‘Excellent service on both large, document heavy project and smaller, bespoke queries’.

Key clients


Telefonica UK (O2) / giffgaff



North of South Capital


Pacific Investment Management Company, LLC (PIMCO)







Work highlights

  • Advised Huawei on data protection and security matters including in relation to 5G security related legislation.
  • Acting as O2’s lead advisers on data protection compliance matters.
  • Advised GSK on a major study of the privacy governance processes used in its consumer healthcare division.

White & Case LLP

The London-based White & Case LLP team works closely with offices in other jurisdictions to provide a joined up service in relation to contentious and non-contentious data protection and cybersecurity matters. Tim Hickman, who is dual-qualified in England and Wales and the Republic of Ireland, handles a broad range of compliance matters for large multinationals.

Practice head(s):

Tim Hickman


‘The White and Case practice is exceptionally knowledgeable about the laws in this area and seem to be on the forefront of how to interpret the laws’.

‘They help us remain complaint with the law while implementing appropriate safeguards for our users and clients’.

‘Tim Hickman has a strong grasp of the relevant laws’.

‘The team provides a breadth of knowledge and skill set across all areas of data privacy’.   

‘Tim Hickman knows everything about data privacy’. 

‘The White & Case LLP team is very responsive and pragmatic in relation to their advice’.

‘They have a business orientated mind-set and always tried to find the best solution for their client, taking into account the applicable laws’.

Key clients



Deutsche Bank AG (London Branch)



Argus Media


Centerbridge Partners

LINE Corporation

Piper Jaffray


Inflexion Private Equity

Softbank Vision Fund II

ION Acquisition Corp. 1 Ltd

Novator Partners


Kobalt Music Group Limited

Goldman Sachs & Co. LLC, Morgan Stanley & Co. LLC and Allen & Company LLC

Work highlights

  • Representing Facebook in major international litigation matters and class actions on privacy and data protection matters.
  • Advising Nestlé on a global scale, including on specific GDPR compliance, e-Privacy compliance, and related regulatory matters and in direct interactions with EU Data Protection Authorities.
  • Providing Deutsche Bank AG (London Branch) with extensive legal support to ensure that data protection compliance priorities can be addressed with minimal business disruption.

Womble Bond Dickinson (UK) LLP

Womble Bond Dickinson (UK) LLP is ‘always helpful and quick to respond to requests’, and acts for a range of clients, including large corporations and government departments. The firm is active in international mandates and often works closely with its US counterparts to provide a joined-up service. The team handles contentious and non-contentious matters, including data security incidents, cross-border data transfers, outsourcing arrangements, SARs and general data protection and freedom of information compliance issues. Andrew Kimble leads the practice.

Practice head(s):

Andrew Kimble

Other key lawyers:

Peter Given


‘Womble Bond Dickinson helpfully supported our team during a difficult and busy year’.

‘Andrew Kimble is the client contact partner and has been very helpful’.

‘Proactive, commercially aware and very willing to engage with the business’.

‘The team brings in other resources to help on ad-hoc questions that crop up without it materially impacting costs’.

Key clients


NHS Digital

B&Q/Kingfisher plc

Liverpool Victoria (LV= Life Insurance)

Quilter (formerly Old Mutual Wealth)

Department for Transport

Post Office Limited

Work highlights

  • Responsible for AIG’s compliance with data protection and privacy law across the EMEA region – a region which spans approximately 40 countries for AIG.
  • Advising on a broad range of data protection matters for B&Q, including projects of strategic significance.

Addleshaw Goddard

The ‘proactive, responsive and practicalAddleshaw Goddard advises international blue-chip clients on data protection, privacy and cybersecurity matters. The team, which is headed up by Helena Brown, was recently bolstered by the arrival of Nathalie Moreno from Lewis Silkin LLP in March 2020. The practice handles both contentious and non-contentious work, domestically and internationally.

Practice head(s):

Helena Brown

Other key lawyers:

Nathalie Moreno; Ross McKenzie


‘Nathalie Moreno goes that extra mile to make sure she is aware of what her client’s need’.

‘Great team strength, expertise in all of the relevant areas and great ability to translate the law in to pragmatic commercially driven advice’.

‘Helena Brown has the ability to balance legal requirements and business needs and the ability to become a valued business partner to in-house counsel’.

‘Trusted and reliable’.

‘Ross McKenzie is fantastic – always enthusiastic and pragmatic in his advice’.

‘Their knowledge base is huge – a wide range of experts’.

‘Ross McKenzie is legally very knowledgeable but also has a good knowledge of business operations’.

‘Absolutely excellent and utterly reliable’.

Key clients


Global Generali Assistance

NFU Mutual

Ernst & Young

Vision Express


Ted Baker


British Land

Bestway Group

Work highlights

  • Advised a consortium of banks on data protection compliance, data sharing and data hosting arrangements in a ground breaking, high-profile project to establish the Business Banking Resolution Service.
  • Advised BooHoo on a range of strategically important data protection matters relating to customer data and digital strategy, including management of changes following purchase of Oasis and Warehouse.
  • Advising Generali Global Assistance Inc on a large-scale audit and compliance project across 90 jurisdictions relating to the rollout of identity theft monitoring solutions for Mastercard.


The data and information practice at Ashurst is particularly active in the technology space, advising large international corporate clients on AI, adtech, blockchain and other fintech issues. It has recently been advising clients on a number of Covid-19-related matters, Brexit work, international data transfers and cybersecurity issues. David Futter heads up the team, which includes Rhiannon Webster, who joined from DAC Beachcroft LLP. Counsel Gita Shivarattan left for Ernst & Young LLP.

Practice head(s):

David Futter

Other key lawyers:

Hiroyuki Iwamura; Rhiannon Webster

Key clients

Aya Technologies


Commonwealth Bank of Australia


GAIN Capital

General Atlantic

Goldman Sachs Bank

HM Treasury and British Business Bank

Intermediate Capital Group plc

JPI Media (Johnston Press)

McLaren Automotive

Oak Hill Capital Management

Peel Hunt

SVS Securities plc

Thomas Cook (in administration), KPMG and Alix Partners, Insolvency Service (as special managers to the administration)

Virgin Trains

Work highlights

  • Providing HM Treasury and British Business Bank with strategic advice on the data protection aspects on the design of the Future Fund platform and compliance requirements of all of the Coronavirus loan schemes (Future Fund, CBILS, CLBILS, CBILS 2.0).
  • Advising Santander in relation to data protection considerations and impact as a result of Brexit and specifically obligations to appoint an authorised representative in Europe.
  • Advising Keolis Amey on compliance with data protection requirements for its websites and online ticketing portal and data sharing arrangements with local government and intragroup data sharing arrangements.

BCL Solicitors LLP

Boutique firm BCL Solicitors LLP focuses on data protection-related investigations and regulatory work. Former legal director of GCHQ Michael Drury heads up the team, bringing unique expertise in relation to investigatory powers and cybersecurity, including breach work and data protection issues. The practice is particularly experienced in dealing with data access demands instigated by intelligence agencies, law enforcement and other public authorities.

Practice head(s):

Michael Drury

Other key lawyers:

Julian Hayes


‘Julian Hayes is not just easy to work with but the heart of the team’.

‘Julian Hayes will outwork anyone’.

‘A very strong all round team, led by the very experienced Julian Hayes’.

‘The team knows the regulatory landscape better than most firms and is ideally placed to advise when enforcement activity is anticipated’.

‘Julian Hayes has a keen mind and is passionate about the topic’. 

‘BCL have unique practitioner insight on a range of national security and law enforcement powers and are not afraid to take the hard cases’. 

‘Their expertise goes further than knowledge of law and regulations and extends into the praxis of the use of State power and how to counter its abuse’. 

‘A firm with a well deserved reputation for quality’.

Bryan Cave Leighton Paisner LLP

The ‘very professional and knowledgeable’ group at Bryan Cave Leighton Paisner LLP handles a large number of international data protection compliance and data transfer matters. The London team is integrated into the firm’s wider international network, making it well placed to handles cross-border data privacy and cybersecurity matters. Kate Brimsted heads up the team, which includes Geraldine Scali, who joined in September 2020 from Sidley Austin LLP.

Practice head(s):

Kate Brimsted

Other key lawyers:

Oran Gelb; Geraldine Scali


‘Easy going manner but great professionalism behind it’.

‘Excellent team players’.

‘Personable, honest and straightforward’.

‘Geraldine Scali is professional, knowledgeable and importantly, practical in her approach to the data privacy issues we have referred to her’.

‘The team is strong on data protection and freedom of information regulations’.

‘Kate Brimsted is an expert in the field of data protection and has helped me with a number of issues’.

‘Kate Brimstead’s advice is clear and commercial’.

‘My interactions with all of the attorneys at BCLP are always helpful and informative’.

Key clients

Apto Payments



Heathrow Airport

London Stock Exchange

Royal Mail plc

Singapore Press Holdings Ltd

Stifel Financial


World Gold Council (UK)

Work highlights

  • Advising a developer and operator of luxury accommodation for seniors with built-in domiciliary care, on the collection and management of health information in conjunction with the third party regulated care provider.
  • Advising various multinational organisations from financial services to a media and digital marketing communications company on the data protection implications of the design and launch of diversity and inclusivity initiatives including multi-jurisdictional employee surveys.
  • Conducting GDPR compliance assessment and refresh exercises for overseas-headquartered financial institutions, including a Taiwanese bank, with a particular focus on the impact of Brexit and recent EU case law on international data flows.

Charles Russell Speechlys LLP

Charles Russell Speechlys LLP's data protection practice sits within the firm’s wider commercial department, and has broad expertise across international compliance issues, data transfers and data breaches. The practice draws on strength from its colleagues in the employment, litigation and pensions teams, among others. Jonathan McDonald heads up the team.

Practice head(s):

Jonathan McDonald


‘They are team players, understand the business and people very well and collaborate easily’.

‘Friendly and knowledgeable’.     

‘Quick availability’.

‘Good knowledge of GDPR and data protection’.

‘Clear in the scope of work and advice’.

‘Knowledgeable, friendly and flexible’.

Key clients

Ericson Ltd

Caffé Nero

Oncam Global Ltd


The International Tennis Federation

Work highlights

  • Advising Ericsson Ltd and its Swedish parent on its application for UK binding corporate rules (BCRs).
  • Providing Caffe Nero with comprehensive advice on how to respond to a number of data subject access requests, including searching and collecting personal data, redacting third party information and complying with the regulatory obligations to respond to a request.
  • Advising on the data protection aspects of Nike’s commercial and tech agreements, including in relation to the integration of AI and augmented reality into the consumer journey.

DAC Beachcroft LLP

DAC Beachcroft LLP’s information law practice is ‘very responsive, proactive and great to work with’. Jade Kowalski has notable experience in data protection matters in the insurance industry, while Hans Allnutt is a key name to note for cybersecurity issues and advises on cyber and data breach incidents and litigation. Rhiannon Webster left for Ashurst.

Practice head(s):

Hans Allnutt; Jade Kowalski


‘DAC Beachcroft have taken the time to understand our business and its unique operational complexity’.

‘Their concise advice, engagement with other specialist firms and their willingness to roll their sleeves up with you on the practicalities of implementing that advice make this a very special team indeed’.

‘They have both been calm, patient and exceptionally prompt, but always thorough, in their advice and guidance’. 

‘When you are facing your most desperate situation it is so reassuring to be able to talk to experts who completely understand the situation and that your worst nightmare is their business as usual’.

‘Hans Allnutt leads a team that has excellent experience in handling cyber incidents’.

‘Jade Kowalski demonstrates a unique, in-depth understanding of both data protection and insurance, which drives pragmatic advice and solutions for insurance market participants’.

‘Rhiannon Webster took the time to get to know us as a business and her experience of advising on data protection is extremely valuable to us’.

‘They have the benefit of understanding cyber insurance, data privacy and the wider incident response priorities’.

Key clients

Sage Plc

NHS Test and Trace

National Data Guardian

Notting Hill Genesis

The Information Commissioner’s Office

Ecclesiastical Insurance



NHS England


Work highlights

  • Advising NHS Test and Trace on all aspects of data protection compliance across all aspects and levels of the Test and Trace programme.
  • Continuing to receive a range of instructions from the ICO including assisting with its regulatory sandbox and also its public law functions and powers.
  • Instructed by Notting Hill Genesis in relation to an ex-employee who had left his employment and threatened to leak thousands of personal data records into the public domain.

Deloitte Legal

In early 2021, Deloitte Legal acquired Kemp Little LLP and its data protection team, which acts for a range of clients from start-ups to large multinationals on data protection compliance and cybersecurity matters. The team is co-headed by Anita Bapat and Emma Wright; Bapat is recommended for data protection and privacy matters, and Wright handles cyber matters, with a focus on the telecoms sector.

Practice head(s):

Anita Bapat; Emma Wright

Other key lawyers:

Marta Dunphy-Moriel


‘The service and advice received from the team is second to none’.

‘They are attentive and always take their time to understand the problem before advice is given’.

‘The most refreshing part of any advice given is that it is not buried in legalese’.

‘Always pragmatic and easy to understand’.

‘Personable, professional, down to earth and approachable’.

‘Highly responsive and competent, incredibly knowledgeable and capable of distilling a complex area of law into easily understandable advice’.

‘They are absolutely stellar!’

Key clients


4D pharma



Knight Frank

Shark Ninja

Veeva Systems

Equal Experts

Princess Yachts

LORCA and its cohort members

Work highlights

  • Providing strategic data protection advice to Dentsu Aegis Network.
  • Appointed as the sole panel firm supporting on privacy and data protection for the Knight Frank group, providing support on the whole range of privacy issues, including data sharing, international transfers, marketing and supplier due diligence issues.
  • Providing DPO services to Flux Systems, acting as point of contact with EU residents, supervisory authorities and internal teams.

Harbottle & Lewis LLP

Harbottle & Lewis LLP has a niche focus on the technology, media and entertainment sectors and has considerable experience in the adtech sphere. Its expertise includes data compliance work, international data transfer issues, data breaches and SARs. The cross-departmental team handles both contentious and non-contentious matters under the leadership of Sacha Wilson, who is head of the firm’s advertising group. Gerrard Tyrrell advises high-profile individuals and institutions on data protection work and reputation management issues, while John Kelly is a name to note for ICO matters and cybersecurity work. Daniel Tozer left for Keystone Law in December 2020.

Practice head(s):

Sacha Wilson

Other key lawyers:

Gerrard Tyrrell; John Kelly

Key clients

Take Two Interactive

Diageo Plc

De Beers Group

Havas Media Group


The Ozone Project

Nimax Theatre

Sargent-Disc Ltd

WhiteHat Jr

Hunter Boots

Primer API



Work highlights

  • Advised Havas Media Group on complex data privacy issues in relation to its agencies digital advertising activities.
  • Advised Citywire on its multi-territory GDPR compliance work.
  • Advised Sargent Disc on its data processing agreements.

Mayer Brown International LLP

The team at Mayer Brown International LLP is ‘exceptional at providing astute, intelligent legal advice’. The group has particular experience in the financial services and private equity sectors and handles international data protection compliance matters, as well as high-profile cybersecurity incidents and breaches for large multinationals. Mark Prinsley heads up the team.

Practice head(s):

Mark Prinsley

Other key lawyers:

Oliver Yaros


‘Quick and efficient and well explained’.

‘Oliver Yaros is an excellent lawyer with excellent in depth legal knowledge of this sector’.

‘Aside from being savvy about tech matters, they are extremely responsive and deliver a product that is of actual use for the client’.

‘They become like an extension of the in-house team’.

‘We appreciate the depth of knowledge displayed by this firm, and its ability to marshal a mixed team which incorporates expertise in the various disciplines required by a specific client situation’.

‘All communicate very well, and Mark Prinsley in particular is able to breathe an air of calm authority which the client found both impressive and reassuring’. 

‘The firm is impressively adaptable to meet client needs’.

Key clients


Lear Corporation




Wolters Kluwer

Mandarin Oriental Hotel Group

Andersen Tax

CDK Global


Work highlights

  • Advising Previse on the legal construct, IP and data privacy rights that support its innovative business model.
  • Advising Andersen Tax on GDPR compliance issues.
  • Advising PRI on its GDPR compliance programme, including internal policies and procedures with respect to personal data, its fair processing notices for employees and subscribers; and the agreements in place with its group companies, subscribers and contractors.

Morrison Foerster

Morrison Foerster’s privacy and data security practice handles a broad range of work encompassing data protection, data privacy and cybersecurity matters including incident responses. The firm, which often works on a cross-office basis, handles both non-contentious and contentious matters, including multi-jurisdictional litigation. Annabel Gillham heads up the London team.

Practice head(s):

Annabel Gillham


‘A very capable, pragmatic and knowledgeable team’.

‘Annabel Gillham is detail-focused and client-minded’.

Key clients

Marriott Hotels International



SoftBank Group Corp.

ON Semiconductor



Work highlights

  • Representing a global tech company and defending it against a class action brought in the English High Court for alleged breaches of data protection law in relation to real time advertising. The claimants are seeking damages in excess of £10bn.
  • Advising one of the world’s leading international reinsurers, on all aspects of data privacy in connection with its reinsurance deals with UK-based pension schemes.
  • Advising a major international hospitality organisation on its response to multiple enquiries from the UK data protection regulator relating to its privacy policy, privacy practices, and individual rights process.


PwC LLP advises on strategic, compliance and operational matters, and acts for public and private sector clients across a range of sectors. Key areas of focus include cross -border data transfers, e-privacy issues and policy reviews. The team is headed up by directors Fedelma Good and Polly Ralph. Jane Wainwright left for an in-house role at Osney Capital.

Practice head(s):

Fedelma Good; Polly Ralph


‘The team is highly professional, very responsive and very knowledgeable’.

‘I have found them to be well informed, not just on privacy law and regulation but also on aligned issues and trends’.

‘The data protection, privacy and cybersecurity practice is a delight to work with’. 

‘Each person is well educated and knowledgeable in the subject matter but also very interested in learning the about the peculiarities of my industry and business’.

‘They are quick to grasp the nuances of compliance as it applies in each scenario’.

‘I have found the flexibility and open mindedness of the team both refreshing and of enormous value’.

Ropes & Gray LLP

Ropes & Gray LLP works closely with its counterparts in the US to provide a cohesive transatlantic service for international data protection compliance matters. The ‘knowledgeable, attentive, approachable, responsive, pragmatic, collaborative and available’ team is headed up by Rohan Massey, who advises a number of clients in the financial services and healthcare sectors.

Practice head(s):

Rohan Massey

Other key lawyers:

Clare Sellars


‘Rohan Massey is very personable, knowledgeable and demonstrates clear expertise’.

‘Collaboration between the UK and US teams has been fantastic and very seamless’.

‘In addition to a wealth of technical and practical advice, guidance and support, the team at Ropes & Gray are attentive and really get to know the organisation’.

‘They have a breadth of experience in their field, across many sectors’.

‘Through their commitment to social impact, we benefit from their expertise and knowledge of what is happening in risk, data protection, privacy and cybersecurity’.

‘The team were able to conduct more thorough reviews, produce more pragmatic and commercial advice, and were available to respond to queries and provide advice quicker than previous firms used’.      

‘I have worked with many law firms and legal partners over many years, and I would always go back to Rohan Massey and his team for any matters relating to risk’.

Key clients

GHO Capital Partners

Sales Performance International

Monster Energy US LLC

Invesco Ltd.

The Carlyle Group, L.P.

Audley Travel Group Limited

Mitsubishi UFJ Trust & Banking Corporation

Sandbridge Acquisition Corp.

Pfizer Inc.

Bain Capital

Hologic, Inc.

Atairos Management, L.P.

Ardian Group

LionTree LLC

BDT Capital Partners

Sixth Street Partners, LLC

The Follicular Lymphoma Foundation

Work highlights

  • Advising Carlyle Investment Management LLC in respect of its global data compliance program, most recently in the context of a complex internal technology restructuring and international data migration project.
  • Represented Sandbridge Acquisition Corporation, a special purpose acquisition company, on its definitive business combination agreement with Owlet Baby Care Inc, including providing advice on UK and EU Data protection due diligence issues and the UK and EU aspects of transaction documentation.
  • Advised multiple clients in respect of a number of multi-jurisdictional cyber and ransomware attacks and other data breaches, providing incident and crisis response advice and liaising with forensic experts as well as data protection regulators in Europe, including the UK’s ICO and FCA, as well as international regulators and US attorneys general in order to remediate the relevant breaches and successfully avoid enforcement action.

Shoosmiths LLP

As ‘a robust firm with good expertise’, Shoosmiths LLP’s large privacy and data team has considerable experience in GDPR and BCRs, and handles a range of international mandates, including data breaches. The team, which is jointly headed up by Nick Holland and Anastasia Fowle, also handles data and privacy litigation and technology disputes.

Practice head(s):

Nick Holland; Anastasia Fowle


‘They are unique in providing a practical and workable way forwards’.

‘Their expertise and technical skills are good, not to mention their understanding of our business and culture’.

‘They are very commercially minded and go out of their way to find commercial solutions to any problems that may arise’.

‘They do not focus on the black letter law’.

‘Anastasia Fowle is very easy to talk to and very quick at providing feedback’.

‘Anastasia Fowle is very good at understanding the business needs and ensures that her advice is neatly aligned with those business needs’.

‘You always feel at ease knowing that they are just one phone call way’.        

‘One of the team’s greatest strengths is its practical advice, together with a business focused and solution driven approach’.

Key clients

Reinsurance Group of America Inc

Estée Lauder Companies (ELC)

Belden Inc

Grass Valley Inc

Fair Isaac Cooperation

WeWork International Limited

British American Tobacco

Electrolux Limited

Groupe Renault

Volkswagen Group UK (VWG)

Cignpost Diagnostics Limited

Ultralinq Healthcare Solutions Limited

Belbin Associates

Nissan Motor Company (HQ)

Dignity plc

Santander Consumer Finance

Condé Nast International

Crowdfunder Limited

Work highlights

  • Advised Reinsurance Group of America on the world’s first GDPR  controller and processor binding corporate rules.
  • Instructed to advise Estée Lauder Companies on its global procurement of its customer engagement platform with one of the world’s leading providers.
  • Advising Belden on a global data incident.

Sidley Austin LLP

Sidley Austin LLP fields a team of ‘well-rounded data privacy experts’ who are ‘extremely well prepared every time’. With William Long at the helm, the practice continues to handle a broad range of international data protection, privacy and cybersecurity work, including international data transfers and cyber breaches.

Practice head(s):

William Long

Other key lawyers:

John Casanova; Francesca Blythe


‘The firm is very attentive to the client and able to maintain and nurture a solid relationship over the years’.          

‘William Long is an international top expert in the field of privacy and data protection: he combines his great expertise with a very friendly approach in dealing with clients, which is very important for a positive relationship’.

‘The attorneys in this practice group are extremely knowledgeable in the data privacy area’.

‘They provide business-practical advice that is tailored to the risk tolerance of the company, and even the functional groups within the company’.

‘The attorneys have a good view of the emerging laws and best practices, and provide sound advice’.

‘Highly business-orientated and excellent collaboration, which makes the team very efficient and fast – much more so than other legal practices’.

‘Highly aware of business necessities and adept at finding a good path forward that allows for lean processes, with high compliance’.

‘Sidley provides a collaborative approach to guide and advise us on our roles and responsibilities related to GDPR’.

Key clients




Jazz Pharmaceuticals

Game Analytics

Nektar Pharmaceuticals

Magnetar Capital

Dicerna Pharmaceuticals

Miller Tanner

Monument Group

Work highlights

  • Advising Mallinckrodt, a global pharmaceuticals company, on an international privacy program.
  • Advising Accelerant, an international insurance company, on Brexit and data transfer requirements.
  • Advising Game Analytics, an international technology company, on UK data privacy issues.

Stephenson Harwood

The ‘incredibly responsive, personable and efficientStephenson Harwood handles the full gamut of data protection and information law issues. As well as day-to-day regulatory and compliance work, the practice has recently been handling Covid-19-related matters, advice around the impact of the Schrems II judgment, and defending class action suits relating to data breaches. Katie Hewson, who was promoted to partner in May 2021, now heads up the team alongside Naomi Leach and Ben Sigler. Jonathan Kirsop left for Pinsent Masons LLP in April 2020.

Practice head(s):

Katie Hewson; Naomi Leach; Ben Sigler


‘Katie Hewson is outstanding’.

‘Katie Hewson’s legal advice is always incredibly commercially minded and her understanding of the technical aspects of privacy is unparalleled’.  

‘Katie Hewson was clear in her advice and provided timely and clear responses to questions’.              

‘Katie Hewson listened closely to what we were trying to achieve, and produced a practical approach which was precisely tailored to our objectives’.

‘The Stephenson Harwood team are responsive, collaborative and thorough yet practical and pragmatic, attributes that were key to our handling a data breach issue efficiently and successfully’.

‘Katie Hewson and Ben Sigler felt like part of our team when we worked with them on an issue that arose’.

‘Katie Hewson and Ben Sigler seem attuned to “real world” dynamics rather than merely advising on what the legal framework is for a particular situation’.

Key clients

Mizuho Bank Limited

Deloitte LLP

Trident Trust

S&P Global Inc.

Neuberger Berman Europe Limited

Moet Hennessy Europe


Trenitalia c2c

Civica Group

Work highlights

  • Advised Civica UK on data protection risks and issues arising in relation to the acquisition of a payroll outsourcing and software specialist company.
  • Advised a leading life sciences company on data protection and privacy issues arising in its arrangements with third parties.
  • Advised an international financial services company on the implementation and use of cutting-edge AI tools.

Travers Smith LLP

Travers Smith LLP fields ‘a valuable team with a wealth of knowledge and resource’. It acts for a broad range of large international corporates on data protection compliance matters, and has recently been advising a number of business on Covid-19-related data protection matters and counts technology, online retail and financial services companies among its clients. Dan Reavill leads the team and is well regarded for commercial matters, technology implementations and cybersecurity mandates.

Practice head(s):

Dan Reavill

Other key lawyers:

Louisa Chambers; James Longster


‘Super knowledgeable about GDPR, data and the law regarding our business’.

‘Risk advisory advice from Travers is consistently of a high standard’.

‘For in-house lawyers, their practice provides vital flexibility (when it comes to billing options) and responsive team members’.

‘We came to Travers Smith with a very specific niche request in a fast moving regulating industry and we were supported through the entire process at multiple levels in the organisation’.

‘They help simplify a complex area of law and apply it to our business in a measured and practical way’.

‘James Longster is extremely smart, responsive and commercial’.

‘A valuable team with a wealth of knowledge and resources’.

‘The team, led by Dan Reavill, is extremely knowledgeable in a constantly evolving space, delivering clear concise and practical advice’.

Key clients

Micro Focus International plc

De La Rue


Selfridges Retail Limited

The Access Group

Unilever UK Pension Fund

Forest Holidays

SSP Group




Bain Capital LP

TCI Fund Services

Land Securities Group plc

Foxtons Limited


Ambassador Theatre Group



Work highlights

  • Advising De La Rue plc on a detailed GDPR compliance project.
  • Advising Selfridges on its day to day data protection matters, in particular in relation to compliance issues arising from new digital marketing strategies.
  • Advising SSP Group on a number of matters including an in-depth GDPR compliance project and updating its privacy and data protection policies.

Wiggin LLP

Wiggin LLP’s broad practice covers the full range of data issues from compliance work to ICO investigations, cybersecurity matters and data breaches. The ‘responsive, flexible and cost-effective’ team is active in the TV and film, computer game, gambling and betting industries. David Naylor leads the practice and is experienced in cross-border transactions and projects. Julian Darrall joined in September 2020 from an in-house role at Associated Newspapers.

Practice head(s):

David Naylor

Other key lawyers:

Alexander Ross; Caroline Kean; Patrick O’Connell; Julian Darrall


‘The team at Wiggin are experts in their field which results in outstanding knowledge and support for our company’.

‘I know the advice and support we receive is well thought through with a full understanding of our business and I greatly value the input they provide’. 

‘Whilst not physically part of our team we do see our Wiggin team as an integral part of our company’.          

‘Patrick O’Connell not only ensures we have all the relevant GDPR compliance in place, he supports us in our day to day operation, often dealing directly with our more challenging DP contacts’. 

‘Wiggin have an excellent understanding of our industry, so their advice always takes account of the practical realities of whatever matter they are working on’.    

‘Patrick O’Connell is a fantastic asset for the firm – very knowledgeable, with a pragmatic approach and easy manner’.

‘We have found Wiggin to be highly collaborative in supporting our relatively small internal legal team’.  

‘Patrick O’Connell in particular has been invaluable in supporting our group’s data protection officer’.

Key clients

The Stars Group t/a Pokerstars (TSG Interactive Services Limited)

National Online Self Exclusion Scheme Limited t/a GAMSTOP

Transaction Services Group Limited

Mediatonic Limited

Starz Entertainment, LLC

DataCore Inc.

Tessian Limited Limited

The Codemasters Software Company Limited

Centaur Media PLC

Duedil Limited

HBO Inc (New York)

Perform Content Services Limited

RMG Operations Limited

DAZN Media Services Limited

Work highlights

  • Overseeing all data protection matters for The Stars Group.
  • Providing TSG and its Group companies with the full range of data protection support.
  • Advising Wargaming Worldwide on the use of children’s data and the implementation of the ICO’s children’s code.

Bates Wells

Bates Wells provides a ‘first-class service’ to a range of clients, with particular experience in advising public sector bodies and charity organisations. It is well versed in compliance issues, international data transfers, FOIA matters and has recently been handling Covid-19-related data protection issues. Victoria Hordern heads up the practice.

Practice head(s):

Victoria Hordern

Other key lawyers:

Melanie Carter; Hannah Lyons


‘I am consistently impressed with Bates Wells’.

‘They provide thorough and risk-based advice, and are able to work to urgent timelines where needed’.

‘Victoria Hordern is excellent to work with – she provides timely and clear advice which takes our business needs into consideration as well as all relevant laws’.

‘I find the firm’s advice to be practical and delivered in a way that is understandable by the recipient’.

‘Victoria Hordern is top notch’.                                                                    

‘Victoria Hordern, in the privacy law area, provides easily digestible, practical advice in an efficient manner’.           

‘Hannah Lyons work has been fantastic’.

‘Hannah Lyons is our go to person if we need clarity on any data protection aspect’.

Key clients

World Animal Protection

The Trussell Trust


Creative Lynx

Canal and River Trust

Architects Registration Board

National Audit Office

Independent Parliamentary Standards Authority, Compliance Officer

Work highlights

  • Advising World Animal Protection on the lawfulness of its intra-group international data transfers.
  • Advised the Trussell Trust on a request for disclosure of personal data received from a third party and the implications under UK data protection law, including the available arguments to withhold personal data and the related impact on food banks.
  • Worked closely with C40 on a number of its campaign initiatives, in particular on the development of its youth initiative.

Farrer & Co

Under the leadership of Henry Sainty, Farrer & Co continues to handle a wide range of contentious and non-contentious matters; Sainty is experienced in the data-rich media, sport, education, online and retail sectors. The group often handles large international data protection projects for global corporates and institutions. Owen O’Rorke and Alan Baker were recently promoted to the partnership.

Practice head(s):

Henry Sainty

Other key lawyers:

Ian De Freitas; Owen O’Rorke; Alan Baker


‘Owen O’Rorke is a subject matter expert of high capability’.

‘The team really know their stuff and have a broad range of experience – which means there aren’t many situations which they haven’t encountered before’. 

‘They are very responsive and provide practical and commercial advice’. 

‘They know when to go in all guns blazing and when to use the back door, which is key’. 

‘Ian de Freitas is top notch for anything data privacy or cyber related’.

‘Partner-led approach and efficient staffing’.

‘High personal engagement for all clients’.

‘The team provide thoughtful and clear advice on a very complex, and rapidly developing area’.

Key clients

Telegraph Media Group

University of Cambridge

Japan House

Imperial College London

J.P. Boden & Co. Limited

UK Athletics (UKA)


Nord Anglia Education

England & Wales Cricket Board Limited (ECB)

Lawn Tennis Association (LTA)

Independent Schools Bursars Association (ISBA)

The Economist Newspaper

Vistra Group Limited



Eton College

Westpac Banking Corporation

Church Army

Marylebone Cricket Club

Rhodes Trust

Work highlights

  • Advised University of Cambridge on the data protection and privacy implications of the University’s two Covid-19 testing programmes.
  • Advised England & Wales Cricket Board Limited (ECB) on the ‘return to cricket’, Covid-secure environments, and other data protection issues.
  • Providing data protection advice to Eton College, including handling major SARs.

Lewis Silkin LLP

Lewis Silkin LLP fields ‘a mix of highly skilled individuals able to work as one to meet the client’s requirements’. It focuses on data protection compliance work and also handles data breaches, and has recently seen an uptick in instructions relating to adtech. The firm is active in the advertising and marketing, technology, financial services, and retail and hospitality sectors. Alexander Milner-Smith and Bryony Long head up the team.

Practice head(s):

Alexander Milner-Smith; Bryony Long


‘Very strong team priding themselves on their pragmatism and commercial approach to data protection and privacy issues’.

‘Alexander Milner-Smith cuts through the complexity of the law to give you practical solutions’.

‘The team is incredibly responsive, alert to what matters to the business and provides expert knowledge across multiple areas and jurisdictions’.

‘They have long standing experience and deep seated knowledge in media and advertising, including adtech’.

‘A dedicated, highly experienced team that draws upon their depth of experience in their specialist field and is able to respond quickly and provide focused advice and representation’.

‘They are able to provide excellent value for money, which is an essential point for clients these days’.

‘They are friendly and I have always appreciated how keen they are to understand the commercials behind our request to ensure they get us the business outcome we’re after’.

‘Bryony Long’s background coupled with her sharp mind allows her to focus on clients’ issues and provide solutions that are both sensible and cost effective’.

Key clients

Omnicom Group


Daily Mail & General Trust (DMGT)



Harvey Nichols


World Travellers Limited

London Borough of Hammersmith and Fulham

Work highlights

  • Advised OMG on the renegotiation of adtech vendor agreements and assisted with Omnicom’s response to Schrems II and the revised regulatory guidance.
  • Advising a global fashion search platform on various data protection, e-privacy and competition issues, including in relation to the use of cookies and other tracking technologies.
  • Acting for World Travellers Limited t/a Magic Breaks as Disneyland Paris leading specialist agent in relation to requests under the Freedom of Information Act to obtain information from the Civil Aviation Authority related to the Thomas Cook collapse.

Mills & Reeve LLP

Mills & Reeve LLP’s data protection offering was recently bolstered by the arrival of Jagvinder Singh Kang from Codified Legal in May 2020, who now heads up the team alongside Gary Attle and Peter Wainman. The practice acts for a number of high-profile clients in the healthcare and education sectors, and handles a large amount of compliance work.

Practice head(s):

Jagvinder Singh Kang; Gary Attle; Peter Wainman


‘Very commercial and pragmatic, very knowledgeable in the fields of data privacy generally.’

‘Jagvinder Singh Kang is very approachable, gives cost-effective advice, and has turned complex contract negotiations around for us in incredibly tight timescales.’

‘Jagvinder Singh Kang is very experienced in his field, is very technically adept and has great client facing skills.’

Key clients

Caesars Entertainment



Siemens Healthcare

Financial Conduct Authority

Adam HTT

Chartered Banker Institute

British Council

Information Commissioner’s Office

Department of Health & Social Care

Odeon Cinemas Group

Domino Printing

Cleveland Clinic

Greene King

Genting Casinos

Work highlights

  • Advised on data protection considerations for the FIFA Clearing House and FIFA Connect ID on the application of data protection law to its proposed reforms of the football transfer system and creation of a Player Passport for individuals playing organised football.
  • Advised a NASDAQ-listed client on GDPR and Data Protection Act 2018 requirements in the context of advanced IT biometrics deployment using Artificial Intelligence based on neural network technology.
  • Advised a blockchain crypto-exchange and currency provider on its global data protection compliance arrangements, including GDPR and Data Protection Act 2018 requirements.

Morgan, Lewis & Bockius UK LLP

Morgan, Lewis & Bockius UK LLP handles a range of international data protection matters, including data transfers for large multinational corporates. It also handles cybersecurity matters, including data breach incidents, and works closely with its counterparts in the employment department to provide a joined up service in relation to employee data. Pulina Whitaker and Matthew Howse lead the team.

Practice head(s):

Pulina Whitaker; Matthew Howse


‘Morgan Lewis has the rare ability to combine data protection & privacy expertise with deep commercial application expertise in financial technology and regulation’. 

‘Pulina Whitaker of Morgan Lewis is head and shoulders above the data protection and privacy pack on her command of law, requirements and implementation’.

Key clients

Mitek Systems

Urban Outfitters

Total System Services (TSYS)


Kraft Group



Casting Networks


Work highlights

  • Advised a global technology company on all international and US aspects of its businesses including commercial processing agreements, data transfer agreements, compliance.
  • Advised Mitek Systems on complex privacy issues relating to the use of data, including biometric and hashed data, for commercial purposes and on customer agreements and data transfer requirements.
  • Advised Mitek Systems on complex privacy issues relating to the use of data, including biometric and hashed data, for commercial purposes and on customer agreements and data transfer requirements.

Pillsbury Winthrop Shaw Pittman LLP

Pillsbury Winthrop Shaw Pittman LLP’s team is praised as ‘exceptionally professional, thorough and accessible’. Rafi Azim-Khan, who splits his time between London and Silicon Valley, heads up the practice and focuses on data, internet and e-commerce matters. Steven Farmer is recommended for data breach work and GDPR mandates.

Practice head(s):

Rafi Azim-Khan

Other key lawyers:

Steven Farmer


‘We completely trust their advice as experts in their field and they have helped our business to confidently navigate a transition to a best-in-class firm from a data protection/cybersecurity standpoint’.

‘Steven Farmer has established himself as a key trusted advisor to our firm.’

‘Steven Farmer’s seemingly endless knowledge regarding data protection has been invaluable’.

‘The professionals involved in this practice have considerable experience and familiarity with government officials who make privacy and data security policy’.

‘Always responsive and clear in their advice’.

‘The lawyers have exceptional backgrounds and excellent knowledge’.

‘Steve Farmer is knowledgeable, personable and understands the in-house dynamic to respond in a timely and pragmatic manner’.

‘Rafi Azim-Kahn is very professional, with a deep understanding of GDPR reach and interaction with contract and employment law’.

Key clients

Victaulic Company

Sinclair Broadcast

CSC (Corporation Service Company)

Upland Software, Inc.



Decision Logic

State Street Corporation

HM Electronics, Inc.

G.Network Communications

Institute of International Finance

Instil Bio, Inc.

Work highlights

  • Advising Victaulic’s on its global data protection compliance project.
  • Advising Sinclair Broadcast Group on its global compliance project.
  • Advising CSC on data protection and cybersecurity matters.

Pritchetts Law

Pritchetts Law is ‘a specialist law firm that is technically excellent, professional, pragmatic and commercially minded’. Under the leadership of Stephanie Pritchett and Ben Wootton, the team handles a large number of data protection compliance projects for businesses in the finance, technology, utilities, retail, travel, healthcare and public sectors.

Practice head(s):

Stephanie Pritchett; Ben Wootton


‘Stephanie Pritchett is very friendly and approachable, while also being on top of her game’.

‘The team at Pritchett’s are each highly skilled practitioners in their own fields’. 

‘They are each hugely experienced and able to offer sensible, pragmatic and thorough advice as a result of their time in a wide variety of roles and industries’.       

‘Stephanie Pritchett is a real leader in her field; hugely knowledgeable and thorough’.

‘They have been invaluable in helping us as a small business get set up with the correct data protection and privacy policies, commercial contracts and compliance procedures’.

‘They worked to a very tight timescale and provided an exceptional service’. 

‘With Stephanie Pritchett and Ben Wootton, what they say is as reliable as Gospel’.

‘They offer practical solutions in dealing with data protection compliance issues and make what seems very daunting actually very straightforward’.

Key clients

The UPP group of companies

Northumbrian Water Limited

The AXA group of companies


The Ceuta group of companies

Link Maker Systems Limited

The National Foundation for Educational Research

Symmetry Limited

1HQ Limited

Ralutech Limited

Scammell & Nyland Limited

DataRobot UK Limited

Work highlights

  • Advising UPP on a large GDPR compliance programme across its complex corporate group structure.
  • Advised The Ceuta group of companies on its contractual arrangements with numerous business partners, as well as in relation to data protection compliance across its entire group of companies.
  • Advised Ralutech Limited on its app (known as The Island).


Sheridans acts for a range of high-profile clients on their domestic and international data protection and data privacy needs. It has recently been handling matters in the digital health, digital identity, e-sports, blockchain, digital, adtech and e-commerce spheres. Eitan Jankelewitz heads up the team; Philip James left for Eversheds Sutherland (International) LLP in April 2020.

Practice head(s):

Eitan Jankelewitz


‘Commercially-minded, professional and creative solutions that really assist with finding common ground with negotiation counterparties’.

‘Individuals that really understand what’s needed from a business perspective, while always ensuring the legal basis is sound’.

Key clients

Sport England

The Economist




Goat Solutions Limited

Lockwood Publishing

Face It Limited

Internet Advertising Bureau

Cognism Group

AETN UK (Sky History television network)

Lead Forensics


KYU Collective

Bricks & Logic (trading name of Urban Markets Limited)

Teens in AI

Work highlights

  • Advised Awin on a number of unique and challenging data protection issues, alongside assisting with drafting and negotiating privacy documentation, supporting on due diligence exercises in connection with its corporate activity and leading its data protection compliance programme.
  • Advised Sport England on all manner of privacy advice, including metrics on sporting engagement by community, facial recognition and other biometric data, and racial and diversity data in order to encourage and promote diversity and inclusivity in the sports sector.
  • Advised Face It Limited in relation to its overall data protection compliance programme, and in relation to specific cybersecurity issues.

Stevens & Bolton LLP

With the ‘extremely knowledgeableBeverly Flynn at the helm, Stevens & Bolton LLP continues to handle a range of data protection and outsourcing matters for domestic and global clients. It has recently been handling data incidents and compensation claims, SARs, Brexit transition issues and medtech-related matters. Charles Maurice was promoted to partner.

Practice head(s):

Beverly Flynn

Other key lawyers:

Gary Parnell; Nicola Broadhurst; Charles Maurice


‘The collaborative spirit, pragmatism and overall people culture at this firm is definitely a key strength in building long term client relationships’.             

‘Beverley Flynn is very knowledgeable and is able to share her expertise in a very hands on and understandable manner’.

‘Beverley Flynn is always aware of the latest developments’.

‘The team are all very knowledgeable – and bring in experts from other fields to assist with queries’. 

‘The team is well regarded, organised and personable’.

Key clients

Belron International Limited


VX Fiber

Papa John’s (GB) Ltd

Diebold Nixdorf

Kia Motors

Brightstarr Group t/a Unily

Penhaligons Limited

Asahi UK Ltd

RBB Economics LLP


Hamilton Grant

Crystal Childcare/Three Little Birds Nursery

Cartwright Group Limited


British Medical Journal

Club Logistics

Foodient Limited t/a Whisk

Bakkavor Group

Kuoni/Der Turistik

Zest Technologies

FGX Europe Limited


Atkey Solutions Limited

Work highlights

  • Advised long-standing client Belron in connection with a number of data privacy requirements.
  • Assisting Diebold Nixdorf’s Data Protection Officer with various data protection matters including reviewing and negotiating data processing schedules on Diebold Nixdorf’s behalf, undertaking DPIAs, preparing an intra-group data transfer agreement for the Diebold Nixdorf group, assessing data protection implications of new products and offerings.
  • Advising Kia Motors United Kingdom on data protection and privacy issues.


TLT provides an ‘extremely professional service’ with ‘knowledgeable lawyers at the top of their game’. Recently, the practice has been advising clients on a number of key topics in the data protection market, including Covid-19-related matters, Brexit issues and the fallout from the Schrems II decision. Gareth Oldale heads up the team.

Practice head(s):

Gareth Oldale


‘TLT has real strength in depth’.

‘Gareth Oldale knows our business in detail and understands our priorities and our issues’.

‘Extremely supportive, with a wide range of specialisms that can be called upon at short notice and very willing to work not only at pace but with pressure’.

‘The range of knowledge and ability to understand complex areas quickly has been invaluable’.

‘I have dealt with TLT LLP for data privacy matters and found the team to be really helpful and able to clearly articulate complex legal matters in a way for the client to understand and to put into practice’.    

‘Gareth Oldale provides lots of practical experience and is able to provide pragmatic solutions’.

‘They were very flexible in their approach and accommodating to the needs of a number of organisations, ensuring the end product satisfied all parties involved’.

Key clients

Department for Digital, Culture, Media and Sport

Metropolitan Police

Police ICT Company

NatWest Group Plc

Lloyds Banking Group

TSB Bank Plc

UK Finance


Payment Systems Regulator

National Police Chiefs Council

Department for Business, Energy & Industrial Strategy

Imperial Brands plc

Government Legal Department

University College London

Kent Police & Essex Police


BGL Group Limited (CompareTheMarket)

ManPower Group

Unite Students

Softbank Robotics


Work highlights

  • Advising one of the UK’s largest banks on a number of strategically important fintech collaborations and projects, including bringing a new digital pension product to market and a digital receipts proposition.
  • Advising Lloyds Bank in connection with a high-profile case.
  • Advising the Department for Digital, Culture, Media and Sport’s (DCMS)  International (Data) Transfer Regime team on a number of complex projects relating to the UK’s exit from the EU.