Leading Associates

Firms To Watch: Data protection, privacy and cybersecurity

Jonathan Armstrong, a May 2024 arrival from Cordery, leads Punter Southall Law‘s cybersecurity practice, which is well-positioned to advise on compliance mandates and high-stakes data breaches.
Briony Pollard, a February 2024 arrival from Weil, Gotshal & Manges (London) LLP, is heading up the growing data protection practice at Willkie Farr & Gallagher (UK) LLP, which is proving to be particularly proficient in corporate support work, regulatory due diligence and legislative compliance matters.

Data protection, privacy and cybersecurity in London

Bird & Bird LLP

Bird & Bird LLP covers a wide array of data protection and cybersecurity issues related to the tech, sport, retail and healthcare sectors. Department head Ruth Boardman forms the bedrock of the practice and advises clients on a range of matters, from GDPR to recent AI legislation ratified by the European Union. Gabriel Voisin combines significant experience in regulatory investigations with multi-jurisdictional knowledge of the food and beverage, consumer goods and financial services industries. Alex Dixie has built a strong track record in the ad tech space, while Elizabeth Upton is well-versed in various domestic and international legislative regimes. Alex Jameson is noted for his specialisation in generative artificial intelligence matters.

Responsables de la pratique:

Ruth Boardman


Autres avocats clés:

Gabriel Voisin; Alex Dixie; Elizabeth Upton; Alex Jameson


Les références

‘The team is always available, provides the right feedback with professionalism and within the timeline. They also share best practices and trends on the market. ’

‘Bird & Bird has an excellent reputation for its data protection practice. What makes them unique – they attract companies, especially in the tech sector, be it start-ups or Fortune 500, to use their services. I believe their client acquisition is down to excellent marketing through seminars and events showcasing the legal talent at their disposal.’

‘From the minute they received the brief, they knew what I was looking for and knew how to execute it.’

‘The team has great depth of expertise and experience in the healthcare and life science sectors, and is well-connected with the key thought leaders and stakeholders, which makes them well-placed to support us.’

‘Ruth Boardman is outstanding; she is highly responsive and pragmatic, with exceptional depth of expertise in healthcare and life sciences.’

‘They have consistently demonstrated deep expertise, responsiveness, and a pragmatic approach to complex regulatory challenges.’

‘Even if it is a large law firm, we have a team of lawyers who are always available for us.’

‘The professionalism shown by the team is impressive.’

Principaux clients

Nespresso


Discord


Cohere


English Football League


Football Association


International Tennis Federation


Arsenal FC


Legends International


Tennis Data Innovations


Principaux dossiers


  • Advised Nespresso and its Swiss HQ office on all its privacy & data protection-related questions across the globe.
  • Supported Cohere (a large Generative AI provider) in navigating complex data protection frameworks across Europe, the Middle East and APAC.
  • Advised Discord on a range of UK and EU data protection and online safety related questions.

Bristows LLP

Bristows LLP represents international market-leading tech corporations and life sciences companies and is equipped to handle the full gamut of the work in the sector. Under the supervision of Marc Dautlich, the practice is adept at handling AI governance matters, contentious multi-jurisdictional data protection litigation and broader compliance advice. Dautlich is particularly well known for his knowledge of the financial services industry and is experienced at providing both security and regulatory assistance. Mark Watts is renowned for his disputes expertise, while Hannah Crowther regularly advises clients on ICO investigations. Jamie Drucker has experience in both a tribunal and advisory setting, while Faye Harrison focuses on data breaches and compliance projects.

Responsables de la pratique:

Marc Dautlich


Autres avocats clés:

Mark Watts; Hannah Crowther; Jamie Drucker; Faye Harrison


Les références

‘‘Bristows has a very personalised approach which feels very community-focused.’

‘The data privacy and protection team are all highly skilled and knowledgeable, and deliver their support in a less formal way, which is particularly welcome.’

‘Hannah Crowther is excellent. Simple as that. She is reliable, demonstrates the above characteristics of legal expertise, combined with an understanding of our business and its commercial objectives.’

Principaux clients

OpenAI


Google


TikTok


Google DeepMind


Twitter/X


Xandr (Microsoft Advertising)


Nationwide Building Society


Warner Bros Discovery


Direct Marketing Association


Meta


Principaux dossiers


  • Advising OpenAI, the makers of ChatGPT, in connection with all aspects of data protection compliance.
  • Continuing to advise global media conglomerate, Warner Bros Discovery (WBD), on a broad range of data protection matters, including implementation of AI technologies, processing of biometric data and the roll out of the MAX streaming service.
  • Provided EU-wide and UK data protection compliance support to Twitter/X on a range of matters over the last 12 months, including advice in relation to its generative AI product known as Grok.

Latham & Watkins

The privacy and cyber practice at Latham & Watkins consists of ‘brilliant people with in-depth expertise and experience in what they do’, led by Gail Crawford. The team boasts a particularly strong track record in the tech, artificial intelligence, media and financial services sectors across multiple jurisdictions. Crawford is well-versed in completing regulatory due diligence, offering commercial transaction support and drafting privacy policies. Ian Felstead forms the bedrock of the firm’s contentious data protection offering and has recently worked with the Information Commissioner’s Office on GDPR infringement issues. Fiona Maclean is recognised for her abilities in crisis management and day-to-day cybersecurity support. James Lloyd and Danielle van der Merwe are two key names who add additional strength to the roster. In February 2025, Sophie Goossens joined the team from Reed Smith LLP.

Responsables de la pratique:

Gail Crawford


Autres avocats clés:

Ian Felstead; Fiona Maclean; James Lloyd; Danielle Van Der Merwe


Les références

‘The team is excellent. It is able to provide a full service within this field of law.’

‘A responsive and excellent cyber and data practice, all members I’ve come across are impressive.’

‘Excellence, efficiency and speed are hallmarks.’

Principaux clients

Meta Platforms, Inc. and Meta Platforms Ireland Limited


AllianceBernstein


Entrust Corporation


Skydance Media


Interactive Brokers Group


Intuit, Inc.


Mimecast


Qualtrics Labs


Perplexity AI


SAP SE


Yum! Brands


Principaux dossiers


  • Advising Meta as lead counsel in relation to a number of highly complex and multijurisdictional regulatory investigations and inquiries regarding alleged data breaches and compliance with data protection laws generally, and related litigation, as well as AI-related matters.
  • Advised Entrust Corporation, a financial security company, on range of complex issues involving tech, IP, data protection, and artificial intelligence, in connection with its acquisition of Onfido, a global ID verification business.
  • Advised Skydance Media, an international media company, and an Investor Group on the IT, data privacy and security, digital assets and IP aspects of their US$8 billion strategic merger with Paramount Global and acquisition of National Amusements, Inc., forming « New Paramount ».

Linklaters LLP

Linklaters LLP is home to a team of data protection specialists who are adept at handling advisory and contentious matters in multiple jurisdictions. The practice advises international companies, public authorities and financial services firms on matters ranging from data protection impact assessments (DPIA) to regulatory enforcement cases. At the helm of the practice, Richard Cumbley offers clients support after cyber attacks and assistance with investigations governed by the Information Commissioner’s Office (ICO). Georgina Kon is building a reputation in artificial intelligence matters and provides clients with governance and compliance advice. Greg Palmer is well-versed in media law-related matters and forms a key part of the practice’s litigation offering.

Responsables de la pratique:

Richard Cumbley


Autres avocats clés:

Georgina Kon; Julian Cunninham-Day; Greg Palmer


Les références

‘The team at Linklaters provides insights about how the industry, and most importantly, regulators, are thinking about data protection.’

‘Georgina Kon is eminently practical, reassuring and always finds the sweet spot on legal risk v business need.’

‘The individuals are confident in offering their perspectives on key priorities, where discretion is possible, and broader market trends. Their insights help shape informed decisions by balancing commercial awareness with practical considerations.’

Principaux clients

Experian


UK Finance


BP


Royal Free NHS Trust


Principaux dossiers


  • Advising The Royal Free Hospital in relation to its arrangements with Google DeepMind, including an audit of the Streams App, which gave the app a clean bill of health and was accepted by the ICO.
  • Advising Experian on one of the most significant data protection challenges in the UK market to date.
  • Advising on a collaboration between some of the major financial leaders globally, including Barclays, HSBC, Lloyds, Mastercard, NatWest, and VISA, which can deliver novel capabilities for payments.

A&O Shearman

A&O Shearman boasts industry-leading tech, pharma, telecoms and financial services companies, under the joint supervision of Jane Finlayson-Brown and Ffion Flockhart. The practice frequently assists clients with cyber legal risk management, regulatory data protection matters and subject access requirements. Finlayson-Brown advises on international data transfers and artificial intelligence governance matters, while Flockhart excels in the investigations space, showcasing skill in both crisis management and group litigation. Nigel Parker is noted for his knowledge of Binding Corporate Rules.

Responsables de la pratique:

Jane Finlayson-Brown; Ffion Flockhart


Autres avocats clés:

Nigel Parker; Charlie Weston-Simons; Steve Woods; Muneeb Gill


Les références

‘Unique combination of top experts in the field. Deep knowledge of the law and market practice.’

‘Nigel Parker stands out as an excellent advisor to big businesses. He has deep knowledge of law and is able to find the right balance between compliance and business needs.’

‘The team is responsive and has taken the time to learn about and get to know our business.’

Principaux clients

Nokia


Nikon


Sage


Samsung


Avast


Ness Software


IMI Precision Engineering


InComm


Ferrari


Anker


FDM


1GLOBAL


Manchester United


PIF


News UK


BBC


Macquarie


Nomura


Columbia Threadneedle


Experian


IG


Man Group


QBE


Virgin Media


O2


Booking.com


Four Seasons Hotels


Royal Mail


Haleon


Reckitt


Monin


Froneri


El Corte Ingles


Mundipharma


Almac


BHP Billiton


Principaux dossiers


Baker McKenzie

Baker McKenzie is recognised for its broad data protection and cybersecurity offering, demonstrating particular proficiency in matters involving Digital Services Act compliance, self-identification projects and responses to complex cyber threats. The practice is active in the tech, artificial intelligence, banking, retail and transportation sectors. Department head Vinod Bange has recently led on investigations and enforcements brought forward by the Information Commissioner’s Office, but is equipped to handle Digital Subject Access Requests. In his practice, John McGovern utilises deep knowledge of relevant legislation in multiple jurisdictions.

Responsables de la pratique:

Vinod Bange


Autres avocats clés:

John McGovern


Les références

‘Great practical advice.’

‘Risk thoughtful.’

‘Vinod Bange is a great data privacy lawyer; good practical advice and is risk thoughtful.’

Principaux clients

Snap Inc.


Principaux dossiers


  • Advised Snap in responding to an initial investigation and subsequent preliminary enforcement notice (« PEN »), issued by the Information Commissioner’s Office (the “ICO”), in relation to alleged infringements of the UK GDPR.

CMS

CMS leaves international tech corporations, international banks and market-leading companies ‘in safe hands’ under the supervision of Emma Burnett. The practice frequently advises on the creation of internal data security policies, multi-jurisdictional legislative compliance and legal risk management. Burnett is renowned for her knowledge of artificial intelligence regulation, but her experience extends to regulatory investigations and enforcement notices. Based in Edinburgh, Duncan Turner focuses on multi-party transfer agreements, Data Subject Access Requests and ensuring that clients remain compliant with the Information Commissioner's Office. In October 2024, Loretta Pugh left the team.

Responsables de la pratique:

Emma Burnett


Autres avocats clés:

Duncan Turner; Laura Clarkson; Joanna Willems


Les références

‘Very good service. The team has a deep understanding of the subject and has the appropriate resources to handle different aspects of the assignment. I felt like I was in good hands.’

‘Good understanding of the process we needed to work on. Good, sound advice was offered reflecting their experience on wider issues to consider.’

‘Strong team, great knowledge of the market. Ready to help with whatever issue.’

Principaux dossiers


DAC Beachcroft LLP

The data protection team at DAC Beachcroft LLP is described by clients as ‘clear, approachable and down to earth’, and is very adept at managing the responses to damaging cyber incidents or ransomware attacks. The team is particularly well respected in the real estate and insurance sectors, but has experience which extends to the tech, education and healthcare industries. The team is jointly led by the ‘practical and immensely knowledgeable’ Jade Kowalski, who is involved in a lot of artificial intelligence governance matters, and the ‘first class’ Hans Allnutt, who spearheads the team’s contentious offering, having been involved in the response to several high-profile cyber attacks. In May 2024, Peter Given joined the team from EY Law and was followed by Andy Lucas from Dentons in November.

Responsables de la pratique:

Jade Kowalsk; Hans Allnutt


Autres avocats clés:

Charlotte Halford; Darryn Hale


Les références

‘DAC Beachcroft has a reputation as being the first call in responding to cyber incidents and data breach matters. Their deep technical expertise combined with practical incident management is unmatched. In my view, they are simply the best in this area.’

‘Hans Allnutt is simply superb: clear, calm, and strategically innovative in complex cyber litigation.’

‘The people are clear, approachable, and down to earth. Easy to brainstorm with.’

Principaux clients

National Data Guardian


NHS England


Avis


Simplyhealth


Turner and Townsend


Hiscox


Ecclesiastical Insurance


Mental Health First Aid England


University College Union


Post Office Limited


British Property Federation


Personal Investment Management & Financial Advice Association


Tameside College


Principaux dossiers


  • Advising UCU in relation to a ransomware attack that occurred towards the end of 2024.
  • Advising PIMFA,  a UK trade association for firms that provide wealth management and financial advice to everyone from individuals and families to charities, pension funds, trusts and companies.

Dentons

Dentons has a renowned data protection advisory practice, noted for the assistance it provides to retail brands, social media corporations, financial institutions and multi-national conglomerates. Department lead Simon Elliott has a wealth of regulatory expertise and has experience introducing robust measures to respond to and prevent cyber breaches. Antonis Patrikios leverages sector-specific AI and adtech knowledge, representing market-leading American tech companies. Tatiana Kruse offers a multijurisdictional angle in her practice due to her intellectual property background. She is building a strong track record in dealing with privacy-related matters.

Responsables de la pratique:

Simon Elliott


Autres avocats clés:

Antonis Patrikios; Tatiana Kruse


Les références

‘Excellent depth of knowledge and skills combined with strong understanding of our industry and challenges.’

‘Simon Elliot leads a dynamic team of high-functioning individuals, providing ongoing cost transparency combined with pragmatic advice and a high standard of delivery.’

‘‘Antonis Patrikios is very knowledgeable and pragmatic.’

Principaux clients

Avis Budget Group


Virgin Atlantic


John Lewis Partnership


Meta Platforms


Bazaarvoice Inc.


Docebo Inc.


Ziprecruiter


Sky UK


Frasers Group


SITA


Artificial Intelligence Security Institute (AISI)


Principaux dossiers


  • Advising Meta on data protection matters, providing significant levels of advice and support concerning a number of data privacy matters and compliance measures.
  • Continuing to provide Avis Budget Group with support on a wide range of strategic data challenges including, amongst other matters, providing comprehensive advice to Avis on the utilisation of data collected from connected car technologies for an array of innovative use cases.
  • Acting as an advisor to Virgin Atlantic, supporting it on strategic risks and projects including key digital transformation projects. This has included providing specialist data privacy support on key enterprise-wide technology procurements and transformations.

Hogan Lovells International LLP

Hogan Lovells International LLP deals with a variety of matters, ranging from the drafting of data agreements and legislative regimes to advising on compliance issues and potential cyber breaches. The practice is particularly well known in financial, cryptocurrency, artificial intelligence and tech sectors. Eduardo Ustaran spearheads the team and is well-regarded for his knowledge of and his ability to implement Binding Corporate Rules. Nicola Fulford is a key contact for a number of international banks and is noted for her deep knowledge of FCA regulations. Katie McMullan is a key part of the team and is equipped to advise on the full gamut of matters.

Responsables de la pratique:

Eduardo Ustaran


Autres avocats clés:

Nicola Fulford; Katie McMullan; Dan Whitehead


Les références

‘The team is experienced and highly informed of all the ins and outs of the matters. Data protection is such a moving target, and it simply is reassuring to work with a team who always has their finger on the pulse.’

‘Eduardo Ustaran is a data protection star. His wisdom and knowledge are unique, and we always go to him with strategic or difficult cases.’

‘Vast experience in managing cyber incidents and reporting to supervisory authorities and individuals.’

‘Nicola Fulford is extremely pragmatic and provides solid advice with excellent technical competence and experience in dealing with demanding cyber security incidents and reporting timelines.’

Principaux clients

BNY Mellon


AMEX GTB


Chanel


Fluor


Illumina


Santander


Salesforce


Principaux dossiers


  • Currently engaged in drafting a comprehensive data processing agreement tailored to facilitate the provision of a customer experience management platform for BNY Mellon. This agreement outlines the rights, responsibilities, and obligations of both parties concerning the processing of personal data.
  • Supporting over 20 companies across industry sectors in connection with the successful adoption, authorisation and implementation of BCR. This includes managing the approval process and engaging with regulatory authorities in the UK and throughout the EU.
  • Advising NCS Pearson, a US-based company that develops and markets enterprise application software, providing strategic and operational advisory work, including the use of biometrics, AI and the worldwide roll-out of palm vein technology, for identification purposes in the context of professional examinations.

Norton Rose Fulbright

The data protection, privacy and cybersecurity team at Norton Rose Fulbright has ‘a broad range of specialisms’ ranging from high-stakes breach support work to broader legislative compliance. The team is jointly led by Marcus Evans, Jonathan Ball and Tim Jones. The ‘highly commended’ Jones is noted for his capabilities in the aviation sector, having assisted clients with personal data breach claims and cybersecurity investigations. Evans has significant experience in multiple jurisdictions and is especially useful with financial services clients who aim to remain compliant with evolving international legislative regimes. Ball frequently assists high-profile entities in the aftermath of significant ransomware attacks.

Responsables de la pratique:

Marcus Evans; Jonathan Ball; Tim Jones


Autres avocats clés:

Shiv Daddar; Alexander McGuire


Les références

‘The cyber and data practice at Norton Rose Fulbright has a broad range of specialisms within it. They have experience of incident response management around the globe, but critically, can offer clients a full service offering when it comes to follow-on third-party exposures and regulatory issues. They are a go-to specialist firm for clients with complex requirements and exposures in this area.’

‘Tim Jones is highly commended, very supportive to clients and deeply knowledgeable across a broad landscape of topics relevant to cyber and data privacy issues.’

Principaux dossiers


Pinsent Masons LLP

Pinsent Masons LLP houses a strong data protection team, boasting expertise in both advisory and contentious matters, which is used to assist clients in the retail, tech and automotive sectors. Jonathan Kirsop is recognised for his knowledge of the financial services space and is often focused on ensuring that international companies remain compliant with competing pieces of legislation. David McIlwaine is a cyber specialist who is a key contact for companies looking to recover after a ransomware attack. The team’s disputes offering is bolstered by David Barker, who has been involved in multiple class actions this year. Together, they form the practice’s leadership structure. Paul Hinton joined the team from Deloitte Legal in April 2024.

Responsables de la pratique:

Jonathan Kirsop; David McIlwaine; David Barker


Autres avocats clés:

Kathryn Wynn; Laura Favo; Caroline Henzell


Les références

‘David Barker is a collaborative, longstanding adviser.’

Principaux clients

Dixons Carphone Warehouse


Google Group


DeepMind Technologies Limited


UK Finance


Barclays Bank plc


Tesco plc


Corporation Service Company (CSC)


Zurich Insurance plc


Cabinet Office


Pomvom UK Limited


Currys Retail Limited (formerly DSG Retail Ltd)


Morgan Sindall Group PLC


Government Digital ServicesDow Jones & Co, Inc. (Wall Street Journal)


Principaux dossiers


  • Advising DeepMind Technologies Limited & Google UK Limited in a representative action brought by Andrew Prismall on behalf of a purported class of around 1.6million individuals whose medical records were sent by the Royal Free London NHS Foundation Trust (RFL) to DeepMind in connection with DeepMind’s provision of a service called Streams.
  • Advising Currys in relation to a group action brought on behalf of 711 individuals seeking to recover damages for distress they claim to have suffered after their personal data was allegedly compromised during a cyber-attack suffered by Currys in 2018.
  • Providing Barclays Bank with data protection advice on a retainer basis.

RPC

RPC has ‘an excellent and well-deserved reputation’ in the data protection market, exhibiting strength in both contentious and advisory matters. The department is jointly led by Jon Bartley, Richard Breavington and Rupert Cowper-Coles. Bartley is recognised as an authority in ad tech and artificial intelligence matters and is well-versed in various digital regulations. Breavington has a background in insurance law and is frequently called upon to respond to major cybersecurity incidents. Cowper-Coles is a disputes specialist and recently successfully argued a case against the HMRC.

Responsables de la pratique:

Jon Bartley; Richard Breavington; Rupert Cowper-Coles


Les références

‘RPC has an excellent and well-deserved reputation as one of the leading firms for anything data related. They combine deep knowledge of the law with excellent client handling and a laser focus on achieving the client’s goals.’

‘Rupert Cowper-Coles is an excellent partner. He is unwaveringly focused on the client’s objectives. Extremely likeable and a real favourite of clients and barristers alike.’

‘The team provides excellent, high-quality advice that ensures clients can navigate complex situations and incidents. The team does a fantastic job of really understanding the client and their business.’

Principaux clients

Meta (including Facebook, Instagram, WhatsApp)


Google


News UK


BBC


Frasers Group


Associated Newspapers


Times Newspapers Limited


Reach (formerly Mirror Group)


Womens’ Super League Football Limited


Hiscox


QBE


CNA Hardy


Chubb


Warner Music Group


Principaux dossiers


  • Instructed by the founder of Frasers Group, Mike Ashley, in his successful subject access claim against HMRC.
  • Acting for ANL, the publisher of the Daily Mail, in the GDPR claim brought by Dale Vince over an article published on 9 June 2023 entitled « Labour repays £100,000 to sex harassment donor », after successfully striking out his libel claim in respect of the same article in July 2024.

Ashurst

The data privacy and cybersecurity practice at Ashurst stands out for ‘ its blend of expertise, innovative approach and commitment to client service’, and is especially experienced in the insurance, tech and banking sectors. The ‘experienced, commercial and solutions-oriented’ Rhiannon Webster leads the team and covers the entire scope of the area, advising on matters ranging from drafting data protection impact assessments and privacy policies to conducting internal data protection reviews and developing cyber attack response protocols. Shehana Cameron-Perera is a key part of the team.

Responsables de la pratique:

Rhiannon Webster


Autres avocats clés:

Shehana Cameron-Perera


Les références

‘Rhiannon and her team have a real sense of what their clients need and the markets that they are in.’

‘Rhiannon Webster is experienced, commercial and solutions-oriented.’

‘The Ashurst team has been fundamental to our work on privacy connected to the insurance sector. In particular, we have done extensive work on our privacy policy/ROPA/legal basis record and vulnerable customer advice.’

Principaux clients

Meta


esure


McLaren Automotive


Pirum Systems Ltd.


East West Rail


Jefferies


VM02


ANZ


Shawbrook Bank


Quantium


Principaux dossiers


  • Advising Meta’s EU and UK Data Protection Legal Team for Reality Labs since May 2023 on a wide range of complex and strategic data protection matters.
  • Advised on a series of corporate acquisitions and financings over the past 12 months relating to data-rich businesses operating in sectors including healthcare, cybersecurity and insurance.
  • Working with esure, a direct-to-consumer insurance company, on a number of data protection workstreams, including relaunching and completely uplifting its customer-facing privacy notices.

Clifford Chance LLP

Clifford Chance LLP has a ‘highly motivated and knowledgeable’ data protection and cybersecurity team, which is led by Jonathan Kewley. The team boasts an international client base and stands out for its work in the financial services, tech and mining sectors. Kewley boasts significant knowledge of artificial intelligence regulations and has recently assisted an international company with AI legislative compliance across the UK and EU. The team’s offering is strengthened by the ‘very knowledgeable’ Oscar Tang and Laia Bertran Manye. Arnav Joshi impresses with his knowledge of global privacy and cybersecurity developments. Simon Persoff left the firm in March 2024.

Responsables de la pratique:

Jonathan Kewley


Autres avocats clés:

Laia Bertran Manye; Oscar Tang; Adam Hunter; Arnav Joshi


Les références

‘The team is willing to invest time to understand their clients, be challenged and work on pragmatic solutions. They are also willing to accommodate to different billing structures, specific needs, and support secondments.’

‘The team consists of some high-profile team members who have an incredible amount of experience and knowledge in the privacy and cybersecurity space.’

‘They come across very passionate and willing to help in any way possible.’

Principaux dossiers


  • Continuing to advise a global e-commerce company on the development and launch of various digital products and services in the UK, including generative AI-powered tools and ad-tech technologies.
  • Advised a global OEM on the implementation of data protection, privacy, artificial intelligence and connectivity laws (including in global markets such as eSwatini, Vietnam, Morocco, China, the U.S. and Europe).
  • Advising a US-headquartered tech major in its global security law and governance efforts, from information/cyber security to AI security.

DLA Piper

DLA Piper ‘consistently demonstrates exceptional responsiveness and availability’, advising public bodies, banks, tech manufacturers and life sciences companies. The practice is involved in responding to cyber incidents, analysing international data protection legislative regimes and offering clients internal training on cyber safety best practice. The ‘exceptionally helpful’ Ross McKean forms the bedrock of the practice and excels in matters involving international data compliance and crisis management post-cyber attack. Simon Persoff, a September 2024 arrival from Clifford Chance LLP, stands out for his in-depth legislative knowledge ranging from the Digital Operational Resilience Act and the Digital Services Act. In March 2025, James Clark left the team.

Responsables de la pratique:

Ross McKean


Autres avocats clés:

Shervin Nahid; Simon Persoff; David Cook


Les références

‘DLA’s data protection and cyber security practice is distinguished by the experience of its senior practitioners.’

‘These practitioners have an exceptional grasp of the legal and technical complexities.’

‘The data protection team at DLA Piper consistently demonstrates exceptional responsiveness and availability.’

‘Ross McKean was exceptionally helpful.’

‘All members of the team are friendly, approachable and always on hand at all hours to provide targeted advice when requested, even in a time-sensitive situation.’

‘Their advice is not only timely but also grounded in real-world practicality, making complex regulatory challenges easier to navigate. Their ability to translate legal requirements into actionable guidance is a standout strength.’

‘The thing that sets them apart is that you do not get a textbook answer; you get a practical solution that you can then deploy in the business. This is invaluable.’

‘DLA Piper has helped our organisation with sourcing new technology to assist us in our day-to-day role.’

Principaux clients

CrowdStrike


UNHCR


3M Company


Information Commissioner’s Office


Independent Parliamentary Standards Authority


Principaux dossiers


  • Advising Pearson on the data protection and AI aspects of two long-term strategic partnerships with both AWS and Microsoft, worth over USD1 billion and finalised in December 2024.
  • Advising the Department for Science, Innovation and Technology (DSIT) on evaluating the adequacy of personal data protection in jurisdictions currently benefitting from an « adequacy decision » under Article 45 of the UK GDPR.

DWF

DWF boasts ‘deep knowledge of data privacy law’ and is particularly active in the telecoms, fintech and retail sectors across multiple jurisdictions. The practice is jointly led by the ‘phenomenal’ Stewart Room, James Drury-Smith and JP Buckley. Room brings experience as both a solicitor and a barrister and is well versed in regulatory investigations and proceedings. Drury-Smith has recently assisted international corporations with the development of internal artificial intelligence policies. Buckley has a strong track record with sports clients and has advised them on internal policy reviews and data protection investigations.

Responsables de la pratique:

Stewart Room; James Drury-Smith; JP Buckley


Autres avocats clés:

Tughan Thuraisingham; Jamie Taylor


Les références

‘World-class knowledge, subject matter experts, industry knowledge. Professional, excellent client care. Excellent collaboration spending a day on-site with us to help develop a data protection framework.’

‘The lead partner on data protection and cyber security matters, Stewart Room, combines exceptional knowledge and technical skill with a client-focused, highly commercial and strategic outlook to deliver a work product that frequently provides new ways of tackling an issue. Stewart is the core reason why DWF is on our panel.’

‘The team at DWF stands out for its high-quality, commercially focused advice, deep expertise in UK data privacy law, and responsiveness.’

Principaux clients

Information Commissioner’s Office (ICO)


Meta


Visa Europe


PepsiCo


Manchester United


Giffgaff


Bolt


AS Watson


Tesco Mobile


Centrica


JD Sports


Financial Times


Norges Bank Investment Management


World Federation of Advertisers (WFA)


Canopius


GSM Association


Checkout


StoneX Financial


Severn Trent Water


South Staffordshire Water


Y Corporation


Principaux dossiers


  • Providing advice to and representing the Information Commissioner’s Office (ICO) in relation to a number of regulatory enforcement cases.
  • Providing a global fintech company with data protection advice and recommendations on the use of third-party Artificial Intelligence (AI) technology to enhance the client’s fraud prevention capabilities in the context of real time payments.
  • Supporting two separate mobile telecommunications operators with their respective responses to the Information Commissioner’s audit and investigation into PAC and SIM frauds in the mobile telecommunication sector, resulting in both clients receiving a high assurance rating from the ICO.

Eversheds Sutherland (International) LLP

Eversheds Sutherland (International) LLP is a ‘brilliant firm’ with a comprehensive data protection offering which advises international tech conglomerates, public authorities and healthcare sector companies. Under the supervision of Paula Barrett, the team is particularly strong on the advisory side, assisting clients with legislative compliance, privacy policy construction and data protection risk assessments. Barrett leverages a wealth of multi-jurisdictional experience in her practice and is often consulted as lead cybersecurity counsel for domestic and international commercial entities. Liz Fitzsimons ‘always goes above and beyond’, particularly in freedom of information and data transfer matters. Gayle McFarlane left the team in September 2024.

Responsables de la pratique:

Paula Barrett


Autres avocats clés:

Liz Fitzimmons; Dave Hughes


Les références

‘A practice with lots of quality and depth across its offices.’

‘Leading experience in managing global privacy compliance projects.’

‘Paula Barrett is very responsive and provides clients with practical, actionable advice. She excels at bringing value and by working within budget parameters.’

Principaux clients

Specsavers


MicroStrategy


National Grid


Kering Group


 


Principaux dossiers


Fieldfisher

Fieldfisher is particularly well known for the assistance it provides to healthcare tech clients, but possesses expertise in the financial services, retail and tech sectors. The tech and data practice is geared to support companies with privacy compliance, data subject access requests and GDPR issues. Department head Hazel Grant is praised by clients for her ‘outstanding client care skills’ and is noted for her capabilities in the artificial intelligence space. Leonie Power is noted for her capabilities in international data transfers, transfer impact assessments and she recently helped an international corporation remain compliant with new EU legislation. Nuria Pastor adds additional strength to the bench.

Responsables de la pratique:

Hazel Grant


Autres avocats clés:

Leonie Power; Kirsten Whitfield; Lorna Cropper; Nuria Pastor


Les références

‘Hazel Grant is a star, always focusing on pragmatic legal solutions. She has outstanding client care skills, and takes time to really understand her client’s objectives.’

‘Fieldfisher is a truly supportive law firm with a welcoming and friendly team. Their collaborative approach and deep industry expertise make them a pleasure to work with. We’ve particularly valued their understanding of the health tech sector and their ability to provide clear, commercial advice across complex areas of law.’

‘A solutions-focused approach that cuts out legal jargon and helps the client focus on the practical steps required to achieve their desired outcomes. The team is also incredibly approachable and friendly!’

Principaux clients

Hasbro Inc. and Wizards of the Coast LLC


Mott McDonald


Ancestry Ireland Unlimited Company


Intuit Inc


Intuit Limited (Quickbooks)


Rocket Science Group LLC (Mailchimp)


Deltatre Limited


TikTok/Bytedance


Citigroup


eDreams International Network S.L.


Taboola, Inc.


ConnectWise


Principaux dossiers


  • Advising global engineering consultancy Mott Macdonald on privacy compliance issues.
  • Providing external DPO services to Taboola, a content discovery and native advertising platform.
  • Advising Citigroup on various data protection matters, including in relation to international transfers and, in particular, the conversion of its binding corporate rules into a structure using the ICO’s new UK Addendum to EU BCRs and on the maintenance of its portfolio of 65 transfer impact assessments.

Herbert Smith Freehills Kramer LLP

Herbert Smith Freehills Kramer LLP is recognised in the data protection market for ‘its exceptional blend of legal expertise and commercial acumen’, under the joint leadership of Miriam Everett, Andrew Moir and Christine Young. Moir is recognised for his ability to assist clients who look to respond to artificial intelligence developments and cyber attacks. Everett is praised by clients for her ‘solutions-focused approach’ and is particularly well known for her expertise in the financial services and several consumer-facing sectors.

Responsables de la pratique:

Miriam Everett; Andrew Moir; Christine Young


Autres avocats clés:

Duc Tran; Peter Dalton


Les références

‘Herbert Smith Freehills stands out for its exceptional blend of legal expertise and commercial acumen, consistently delivering advice that is both technically sound and highly practical.’

‘The team is notably responsive and business-oriented, making them a trusted partner for navigating complex regulatory landscapes.’

‘Compared to other firms, HSF’s collaborative and accessible approach fosters strong client relationships.’

Principaux clients

UK Finance


Hays plc


e-Mersion Media


Chevron


Jefferies


KodyPay Limited


Willis Towers Watson


Goodnotes


KPMG


bp


Invesco


GenesisCare


British American Tobacco


Zellis


Principaux dossiers


Mishcon de Reya LLP

Considered a go-to firm for clients in the artificial intelligence, gaming and software sectors, Mishcon de Reya LLP is equipped to advise on a wide array of matters, under the supervision of newly appointed department head James Boyle. Boyle is particularly impressive in data sharing projects and multi-jurisdictional compliance matters. Adam Rose is often called upon to assist with investigations brought forward by the Information Commissioner’s Office (ICO). In July 2024, Robert Griffiths joined the team from Deloitte Legal, and Ashley Winton left the firm in the following September.

Responsables de la pratique:

James Boyle


Autres avocats clés:

Adam Rose; Filippo Noseda; Robert Griffiths


Les références

‘What really stands out is how well they understand the nuances of working in the charity and health research space.’

‘Their support has spanned a wide range of areas — from data sharing and DPIAs, to complex contract reviews and navigating regulatory risks.’

‘There’s a real sense of collaboration with the team. They listen carefully, are incredibly responsive, and always make time to talk things through when needed.’

Principaux clients

AccurX Ltd


Alzheimer’s Research


Localised, Inc.


Sapia.ai


Epic Games, Inc.


Playtika Ltd.


RealVNC


Wayve Technologies Ltd


Principaux dossiers


  • Acting for an individual in complaints against HMRC relating to breach of her data protection rights in relation to the UK FATCA regime.
  • Advising patient communication service provider AccurX on data protection issues including through appointment as Data Protection Officer
  • Advising Alzheimer’s Research in connection with its EDoN project, a large global data sharing initiative with the objective of improving early detection of neurodegenerative disease.

Morrison Foerster

Morrison Foerster leverages an international network to advise large tech corporations, financial services companies and large commercial entities on a host of multijurisdictional data protection and cybersecurity matters. Annabel Gillham leads the team and is equipped to assist with compliance projects, subject access requests, cybersecurity incidents and proceedings brought forward by the Information Commissioner’s Office. The team benefits from the additional expertise provided by Michelle Luo and Dan Alam.

Responsables de la pratique:

Annabel Gillham


Autres avocats clés:

Dan Alam; Michelle Luo


Les références

‘Knowledgeable but very pragmatic and client solution focused.’

‘The team has strong knowledge in the area of digital marketing and associated technologies, and works seamlessly across borders with other members of their team.’

‘Their advice is pragmatic, risk-based and hands-on.’

Principaux clients

Alpine Investors


Amazon


Arm


Capital One


Fujitsu


Kyowa Kirin


Marriott


OpenAI


Oracle


Paine Schwarz Partners


Pfizer


Prudential


SoftBank


Twitch


Uber Technologies, Inc.


Unisys


Visa, Inc


Principaux dossiers


Osborne Clarke LLP

Praised by clients for ‘combining a profound technical expertise with a pragmatic approach and strong business acumen’, the data protection and cybersecurity practice at Osborne Clarke LLP is renowned for its strength in multi-jurisdictional compliance matters and in managing the data protection aspects of major e-commerce projects. The ‘very responsive’ Mark Taylor spearheads the practice and is active in international data transfers and contentious data subject access requests. Other key names in the team include Jonathan McDonald and Georgina Graham, who is hailed as an ‘excellent communicator’.

Responsables de la pratique:

Mark Taylor


Autres avocats clés:

Ashley Hurst; Georgina Graham; Jonathan McDonald


Les références

‘The team is combining a profound technical expertise with a pragmatic approach and strong business acumen. Additionally, they are all defined by high standards of professionalism.’

‘They are very knowledgeable and technically skilled. They understand our needs and are very agile and understanding of our culture and priorities. They are proactive and client-focused. They are always available when needed.’

‘Fantastic privacy and data protection team. Great at handling complex matters. Understands the need to find pragmatic solutions to even the thorniest of problems.’

‘Mark Taylor is our ‘go-to’ lawyer for knotty privacy data protection matters. He is proactive, pragmatic, and very responsive. He is able to distill complex matters very effectively.’

‘The practice offers comprehensive advice on all data protection matters/privacy matters in the jurisdiction.’

‘The legal advice has also been up-to-date in a space like privacy, which is in constant change.’

‘OC has also been able to coordinate work with other major jurisdictions on our behalf in the field of data transfer impact assessments so that they have acted as a single point of contact for us.’

‘Georgina Graham has been our point of contact. She is an excellent communicator, having a grasp of the subject matter as well as the admin side.’

Principaux dossiers


Reed Smith LLP

Reed Smith LLP houses a ‘brilliant team that demonstrates exceptional efficiency and deep knowledge’ and is particularly impressive in multi-jurisdiction data protection projects across an array of sectors. Philip Thomas conducts privacy impact assessments and ensures that clients remain compliant with various international legislative regimes. He leads the team alongside Cynthia O’Donoghue, who has recently impressed with her expertise in matters relating to the Data Act. Elle Todd offers an ‘expert and comprehensive perspective’ and is particularly knowledgeable of GDPR regulations.

Responsables de la pratique:

Philip Thomas; Cynthia O’Donoghue


Autres avocats clés:

Elle Todd; Tom Gates


Les références

‘Their expertise and willingness to help foreign businesses like ourselves.’

‘A brilliant team that demonstrates exceptional efficiency and deep expertise. Furthermore, the team’s ability to consistently cover all areas of law, not only data protection legislation, thereby ensuring 360-degree advisory services.’

‘The London data protection team has a high level of knowledge and expertise in legal requirements and industry practices. Can be highly trusted for quality of advice.’

Principaux dossiers


Shoosmiths LLP

Shoosmiths LLP leverages a wealth of expertise to offer solutions to multinational corporations, tech companies and retail brands. Department head Sherif Malak has a strong track record in the automotive and adtech markets, advising on multi-jurisdictional compliance matters and intra-group data transfers. Nick Holland helps clients navigate the evolving data protection market, with his knowledge of the EU Artificial Intelligence Act and the Digital Operational Resilience Act. Kate Brimstead, a September 2024 arrival from Bryan Cave Leighton Paisner, is noted for her capabilities in the financial services sector.

Responsables de la pratique:

Sherif Malak


Autres avocats clés:

Nick Holland; Kate Brimsted


Les références

‘We highly recommend Shoosmiths as a trusted and reputable legal partner. The team consistently demonstrates responsiveness and delivers pragmatic, solutions-focused advice, particularly when navigating complex matters.’

‘Kate Brimsted has supported our data governance and privacy work. Rather than simply advise on privacy issues, she has taken the time to engage with the wider work of our organisation and to set our work in context. This means she is able to provide practical and relevant advice, which is always sufficiently detailed and easy to understand.’

‘The team has a very wide knowledge of the market field, how competitors, customers or partners are handling similar legal tasks or projects, and that has been a real added value for our relationship with them.’

Principaux clients

Jamf Holding Corp


Hilton Grand Vacations Inc


Belden Inc


Fanatics


McAfee


Lenovo


Nissan Motor Co.


British American Tobacco


Volkswagen Group UK


Global Switch


Principaux dossiers


  • Advised FOSROC on data protection matters in relation to its sale to Saint-Gobain for $1.025 billion
  • Appointed by McAfee as lead privacy counsel on global matters
  • Prepared Lenovo for the impact of DORA on its business operations in Europe

Simmons & Simmons

Simmons & Simmons is a go-to firm for market-leading online retailers, tech companies, AI corporations and international banks, assisting with the full gamut of the sector. Heading up the team, Lawrence Brown is noted for his capabilities in UK and EU compliance matters as well as in the facilitation of international data transfers. In 2024, Rich Folsom, Andrew Joint and Calum Murray all joined from Deloitte Legal, in January, June and May, respectively. Hayley Davis joined from Goodwin in May 2024.

Responsables de la pratique:

Lawrence Brown


Autres avocats clés:

Alex Brown; Natasha Sheppard; Rich Folsom, Andrew Joint; Calum Murray; Hayley Davis


Les références

‘We have worked with Simmons & Simmons for a number of years and value its collaboration and pragmatic, problem-solving approach in working with our organisation. They have a good understanding of how our complex organisation operates in a challenging, regulatory environment. They have been particularly impressive in handling matters involving new technologies.’

‘Alex Brown consistently makes himself available at short notice and in urgent circumstances. This is always appreciated.’

Principaux clients

Huawei


Virgin Media O2


GSK


Analog


Stripe Payments


NVIDIA


Alipay / World First


Temu


Amadeus


Marshall Wace


Principaux dossiers


Stephenson Harwood

Stephenson Harwood houses a ‘pragmatic’ data protection team which maintains a strong position in the tech, financial services and transportation sectors. Department head Katie Hewson is a ‘true expert in her field’, proving especially useful in artificial intelligence matters and data subject access requests. In May 2024, Joanne Elieli moved from Cooley (UK) LLP and was joined by Sally Samadi from Clifford Chance in September. Michael Bywell and Jenna Franklin left the team in January and February 2025, respectively.

Responsables de la pratique:

Katie Hewson


Autres avocats clés:

Joanne Elieli; Sarah O’Brien; Sally Samadi


Les références

‘I have had the pleasure of working with Joanne Elieli, and I must say that she stands out as an exceptional individual. Joanne’s exceptional communication skills, attention to detail, and ability to think critically have been instrumental in driving project success.’

‘Great friendly, approachable team. Extremely efficient in coming back with their work. Very practical, business-friendly advice.’

‘Katie Hewson is an excellent partner, provides sound, practical business advice.’

Principaux clients

On A.G.


Interpath Limited


Principaux dossiers


  • Advised the Association of British Investigators on the first code of conduct to ever be approved under the UK GDPR for the private investigations sector.
  • Advised a leading cyber security and corporate intelligence consultancy on integrating AI into its client services.

TLT

At TLT, the ‘bright and engaged’ data, privacy and cybersecurity team is recognised for its multijurisdictional expertise, varied clientele and deep legislative knowledge. Department head Gareth Oldale is equipped to handle the full gamut of the sector, from dictating responses to cyber attacks to supporting clients with data protection impact assessments. The team stands out for its comprehensive understanding of the Information Commissioner’s Office and its procedures. Other key team members include Louisa Williams, who leverages extensive public sector expertise in her practice, and Chris Elwell-Sutton, who clients praise for his ‘expertise and attention to detail’.

Responsables de la pratique:

Gareth Oldale


Autres avocats clés:

Chris Elwell-Sutton; Louisa Williams


Les références

‘The TLT team is bright and engaged. They were attentive and helped our business manage a tricky transition by providing privacy expertise for our UK and EU initiatives.’

‘TLT has clearly invested in its people. They have put together a team of people with a breadth of expertise who complement each other and have a skillset beyond pure technical strength and capability.’

‘TLT see the bigger picture, weigh up the pros and cons, help us achieve our goals and deliver results. Fast turnaround times and quality advice.’

Principaux clients

Department for Science, Innovation and Technology


Information Commissioner’s Office


Police Digital Service


Metropolitan Police Service


Government Legal Department


TSB Bank Plc


NatWest Group Plc


Monzo Bank


Financial Reporting Council


Canadian Imperial Bank of Commerce


American Express


UK Health Security Agency (UKHSA)


Zencity Technologies Limited


University College London


University of Warwick


Sainsbury’s


BGL Group Limited (CompareTheMarket)


Imperial Brands plc


Kent Police & Essex Police


Savills


Financial Conduct Authority


Data.org


Santander


Principaux dossiers


  • Engaged by UCL to provide ongoing support to its data protection and freedom of information team, including providing support in relation to ad hoc data protection and freedom of information queries, advising on interactions with the Information Commissioner’s Office, assisting with data protection contracts and data breaches, undertaking freedom of information internal reviews, assisting with freedom of information appeals to the First Tier Tribunal, and advising on repapering any contracts which require updates to the provisions in relation to international data sharing.
  • Providing outsourced DPO services to the FRC (the regulator for accountants, actuaries and auditors in the UK).
  • Currently partnered with data.org for several data and AI governance exercises.

White & Case LLP

White & Case LLP  is home to a team of data protection lawyers that demonstrates competency in contentious privacy disputes and broader compliance advice. The team is led by Tim Hickman, who impresses clients with his ‘attention to detail and clear communication’. He has considerable knowledge of EU human rights legislation, GDPR requirements and Digital Service Act provisions. John Timmons impresses in high-stakes privacy disputes and was recently involved in a major case related to a personal data breach by a major international tech conglomerate.

Responsables de la pratique:

Tim Hickman


Autres avocats clés:

Jenna Rennie; John Timmons


Les références

‘John Timmons is an outstanding, smart, and profound expert on the tech impact on data protection and security in the digital edge industry.’

‘Tim Hickman with his legal expertise, attention to detail, and clear communication, has been invaluable.’

‘John Timmons, Partner, is an excellent practitioner and a top communicator. He is available day and night and always has practical solutions and is a top operator.’

‘Responsiveness and depth of knowledge.’

‘We would describe the W&C cyber team as the industry leaders/best in class. It is expected that all of our legal service providers will be up to speed on current and evolving matters in the cyber and privacy space, but the difference with W&C is that they immediately understand why these issues are important to us and how they could affect our business.’

‘They are always available, usually at short notice, and their advice is crisp, clear and practical.’

‘They don’t shy away from giving advice that may not be what we wanted to hear, but this is always accompanied by options and other routes forward.’

‘Tim Hickman knows the law, always has a commercial eye on what advice we need and why. Very practical and hands-on.’

Principaux dossiers


Wiggin LLP

Under the leadership of the ‘approachable and knowledgeable’ Patrick Rennie, the data privacy practice at Wiggin LLP has an established presence in the media and entertainment industries, and has also recently been building upon its position in the sport sector. Rennie is well known in the market for the legislative compliance advice he offers, but he has recently assisted with data subject access requests, privacy notice drafting and intra-group transfers. The team, which also includes Christina Henry and Siobhan Lewis, has strong litigation capabilities as well, having recently acted in a landmark case relating to data held by betting companies.

Responsables de la pratique:

Patrick Rennie


Autres avocats clés:

Christina Henry; Siobhan Lewis


Les références

‘The team is very knowledgeable and commercially focused and has done a great job for us.’

‘Patrick Rennie and Christina Henry are the definition of trusted advisors. They are commercial and have taken the time to understand the business and its data strategy. They are highly focused on solving problems and providing advice in a practical and digestible way, which is not simple in a practice area that is increasingly complex and ever-changing.’

‘The team is always on hand to help and we couldn’t do without them.’

Principaux clients

Sky Betting and Gaming


LeoVegas


Evoke


10bet


Bally’s


Playtech


Warner Bros Discover


Paramount


Sony


Skydance


Hartswood


Aardman


DAZN


PRS for Music


The Telegraph


Centaur


Penguin Random House


Not on the High Street


FIFA


Burnley FC


Southampton FC


Leeds United FC


Principaux dossiers


  • Advising Centaur Media PLC (and its group of companies) on strategic data protection advice across all of its businesses, including The Lawyer, as well as how data protection operates within journalism.
  • Advising Warner Bros Discovery (including HBO), on how data protection intersects with the unique challenges of production.
  • Representing Bonne Terre Ltd and Hestview Ltd in defending a High Court action brought by a former customer who claims unlawful processing of his personal data to maximise the value of his deposits and target him with marketing materials.

Bates Wells

Bates Wells has strong capabilities as data protection advisors to clients in the charity, artificial intelligence and public sectors, under the stewardship of Eleonor Duhs. Duhs uses her prior experience in government to advise on GDPR compliance and other legislative matters. Her expertise also extends to data protection impact assessments and data subject access requests. Rayhaan Vankalwala  impresses with his ability ‘to understand the wider non-legal commercial, press and reputational issues involved’.

Responsables de la pratique:

Eleonor Duhs


Autres avocats clés:

Rayhaan Vankalwala


Les références

‘Eleonor and her team have deep insight into the data protection landscape in the UK, having been involved in its creation and implementation. They provide expert advice tailored to the commercial needs of their clients, so a practical solution is landed on.’

‘Deep technical insight blended with the right commercial instincts. They quickly hone in on what really matters.’

‘Deep expertise in privacy laws, including legal, policy, and drafting intent and translating that into actionable, practical and operational advice.

Principaux clients

SOAS – Influencing the Corridors of Power Project


The Times Newspapers


Oxfam


Principaux dossiers


  • Continued to provide briefings to SOAS, University of London, in relation to its ambitious ICOP (Influencing the Corridors of Power) project, and provided briefings for MPs and Peers on the Data Protection and Digital Information Bill and the Data (Use and Access) Bill.
  • Advising Oxfam on several data protection-related matters in connection with its fundraising campaigns.

BCL Solicitors LLP

BCL Solicitors LLP is knowledgeable about data protection legislation and is actively involved in the legal development of the sector. The team is jointly led by Michael Drury CMG and Julian Hayes, who are regularly instructed to advise on multijurisdictional matters for large tech corporations, government entities and high-net-worth clients. Drury is a cybersecurity expert, while Hayes is noted for his capabilities in ransomware investigations and crisis management.

Responsables de la pratique:

Julian Hayes; Michael Drury CMG


Autres avocats clés:

Jenna Gayle


Les références

‘Michael Drury is the best in this field.’

‘BCL can combine expertise in criminal law with expertise in data law.’

‘Michael Drury is outstanding. He has years of experience.’

Principaux dossiers


Bryan Cave Leighton Paisner

Bryan Cave Leighton Paisner draws on the firm’s wider international presence to offer clients assistance with an array of data protection matters across multiple jurisdictions and markets. The team is particularly well-versed in aviation matters, ranging from regulatory mapping to advising clients on protocols that ensure their legislative compliance. The team is spearheaded by Geraldine Scali, who is equipped to advise on digital subject requests, risk management and Information Commissioner’s Office procedures. In October 2024, Kate Brimstead left the firm.

Responsables de la pratique:

Geraldine Scali


Autres avocats clés:

Olivia Wint


Les références

‘Geraldine and her team have the expertise we need and the understanding of our business, so we always get tailored, efficient and balanced legal advice.’

‘Geraldine Scali is always on hand to assist us in this area. She gives fast, tailored and sound legal advice with a very good understanding of our business and appetite for risk.’

Principaux clients

Heathrow Airport


London Stock Exchange Group


Tesco


URW (owners of Westfield)


Estee Lauder


Lumen Technologies


AI Software LLC


Ness USA Inc


The Foschini Group Limited (Phase Eight, Hobbs, Whistles)


Phonographic Performance Limited


PRS for Music


Principaux dossiers


Charles Russell Speechlys LLP

Charles Russell Speechlys LLP  is trusted by both domestic and international clients on a broad range of data protection and cybersecurity matters. Under the leadership of Janine Regan, the team has a strong advisory offering and can advise on subject access requests and legislative compliance. Regan is noted for her capabilities in international data transfers. Rachael Muldoon, a January 2025 arrival from Maitland Chambers, bolsters the team’s contentious capabilities.

Responsables de la pratique:

Janine Regan


Autres avocats clés:

Racheal Muldoon; Victor Mound


Principaux clients

Marshmallow Financial Services


Conferma Limited


Maybourne Group


Impact Holdings Limited


Oncam Global Limited


Gulf Air


Principaux dossiers


Clyde & Co

Mark Williamson, Ian Birdsey and Helen Bourne jointly chair the ‘extremely conscientious and laser-focused’ data protection practice at Clyde & Co, considered a point of reference in the sporting and manufacturing sectors. Williamson ‘really knows and understands the law’ and is able to assist clients with ICO compliance and intra-group data sharing agreements. Birdsey is respected in the market for his contentious cybersecurity expertise, having advised in the aftermath of several ransomware attacks. Bourne is an experienced litigator and is able to assist clients with the entire lifecycle of a cyber investigation.

Responsables de la pratique:

Mark Williamson; Ian Birdsey; Helen Bourne


Autres avocats clés:

Rosehana Amin; Seaton Gordon


Les références

‘This team stands out from other law firms due to its solution-oriented approach, clear and concise interpretation of complex legal and regulatory frameworks, and commitment to understanding broader business needs.’

‘The Clyde team is extremely conscientious and laser-focused on protecting their clients.’

‘Mark Williamson really knows and understands the law.’

Principaux clients

UCL


B&Q


Principaux dossiers


  • Advising University College London on some of its most significant and complex technology- and data-related arrangements.
  • Advising B&Q on a range of technology contracts, including product supply deals with manufacturers and distributors providing smart products, as well as on services that have a heavy reliance on technology solutions.

Hunton Andrews Kurth LLP

Hunton Andrews Kurth LLP  has ‘great strength in depth for all things data privacy and cybersecurity across the UK and US’, demonstrating particularly proficiency in GDPR compliance matters, privacy programme development, and corporate transactional support. The team is led by the ‘responsive’ Sarah Pearce, who excels in regulatory investigations. James Henderson is particularly knowledgeable about Southeast Asian jurisdictions, while Jonathan Wright has repeatedly constructed global compliance programs for international market-leading commercial entities. Rosemary Jay impresses in ICO investigations and negotiations.

Responsables de la pratique:

Sarah Pearce


Autres avocats clés:

James Henderson; Jonathan Wright; Rosemary Jay


Les références

‘Great strength in depth for all things data privacy and cybersecurity across the UK and US.’

‘We particularly recommend Sarah Pearce, who is very responsive and can arrange a team to assist with critical matters at extremely short notice.’

‘Sarah Pearce, Rosemary Jay and Jonathan Wright have guided us faultlessly through highly complex decisions since 2019. They are always available, respond instantly and offer thorough, clear expert advice at all times.’

Principaux clients

Brand Industrial Services, Inc.


Cybereason Inc.


Paramount Global


Silver Lake Technology Management


Technology Coalition, Inc.


Tiffany & Co.


TJX Companies, Inc. / TK Maxx


TPG Global, LLC


Principaux dossiers


  • Providing a wide range of privacy and data security advice to Paramount Global.
  • Providing global data protection and privacy advice to a well-known retail and consumer products company, including on GDPR compliance.
  • Providing global privacy and data protection advice to a global provider of industrial and infrastructure services, including EU and UK privacy compliance.

Lewis Silkin

Lewis Silkin houses a ‘brilliant group’ that is able to advise on a wide array of data protection and cybersecurity issues for American headquartered tech companies, publishing houses and retail entities. Under the joint supervision of Bryony Long and Alexander Milner-Smith, the team has multijurisdictional policy and regulatory knowledge. Long regularly works on online advertising matters and has experience with the preparation of privacy notices and digital subject access requests. Milner-Smith’s multidisciplinary approach proves useful in cases involving employee data breaches and he is also well-versed in artificial intelligence development matters.

Responsables de la pratique:

Bryony Long; Alexander Milner-Smith


Autres avocats clés:

Ali Vaziri; Benjamin Favaro


Les références

‘The team at Lewis Silkin has its finger on the pulse of emerging privacy issues in ad tech, AI or other important areas for clients.’

‘The team is a brilliant group – super responsive, helpful and thoughtful in approach, responsive and fun to work with. Really great culture across the team, which shows in their approach to work. It makes them genuinely fun and easy to work with.’

‘What really sets the team apart is the quality and practicality of their advice. They strike the right balance between legal rigour and commercial realism, which is invaluable when working in a fast-moving, consumer-facing business.’

Principaux clients

Royal Albert Hall


Omnicom Group


Paramount Global


Daily Mail & General Trust (Associated Newspapers)


Britvic


Yahoo


Harvey Nichols


Lyst


Indeed


Fremantle


Principaux dossiers


  • Advising an AI tech organisation on obligations under DORA and the Cyber Resilience Act, including strategy and compliance.
  • Assisting a global hedge fund on international data privacy advice, including AI governance, DSAR responses, and complex commercial negotiations.
  • Advising an international publisher on confidential breach mitigation, consent or pay mechanism implementation, and compliance with the Digital Services Act.

Mayer Brown International LLP

Mayer Brown International LLP  ‘has an excellent team of experts’ who are adept at handling AI regulatory compliance, responding to cyber attacks and engaging with Information Commissioner’s Office investigations. Department head Oliver Yaros is praised as ‘an exceptional lawyer’ and is noted for his capabilities on both the advisory and contentious side of data protection work. He is supported by Mark Prinsley, who is especially active in the manufacturing and tech sectors. Reece Randall uses his intellectual property background to adopt a multidisciplinary approach in his practice.

Responsables de la pratique:

Oliver Yaros


Autres avocats clés:

Mark Prinsley; Reece Randall


Les références

‘Oliver Yaros is an exceptional lawyer balancing excellent legal skills and knowledge with an instinctive understanding of our charity’s issues.’

‘The team is able to understand our growing and changing business and provide the advice and work product we need to remain compliant with changing and expanding privacy laws.’

‘Mayer Brown has an exceptional team of experts and network of local firms which can advise on data protection and privacy laws.’

Principaux clients

Previse Limited


Andersen Tax LLC


Northern Trust


PwC


Cummins


Overmore Group


Bank of New York (BNY)


HSBC


Corney & Barrow Group Limited


AXA XL


Unilever


Principaux dossiers


Sidley Austin LLP

Sidley Austin LLP maintains an active presence in the financial services and life sciences sectors, under the supervision of William Long. The practice frequently advises on GDPR compliance, data privacy impact assessments, and regulatory changes. Long is noted for his capabilities in the creation of privacy policies and artificial intelligence governance programs, while Francesca Blythe is building a strong track record in cross-jurisdictional regulatory compliance, particularly in the pharma industry.

Responsables de la pratique:

William Long


Autres avocats clés:

Francesca Blythe; Eleanor Dodding


Les références

‘Sidley Austin LLP’s data protection, privacy, and cybersecurity practice provides expert guidance in navigating regulatory environments across the EU and USA. Their knowledge of pharmacovigilance and safety regulations has been key to keeping our organization compliant while supporting our business objectives.’

‘They take a practical approach, offering solutions tailored to our needs, and work closely with us to ensure smooth operations.’

‘The professionals at Sidley Austin LLP bring strong expertise and responsiveness to our collaboration.’

Principaux clients

Accelerant


ReCode


Northwood


Fleming


Arcus Biosciences


Merit Beauty


Pliant Therapeutics


International Paper


Alnylam


Principaux dossiers


Taylor Wessing LLP

The data and cyber team at Taylor Wessing LLP is jointly led by Christopher Jeffery and Victoria Hordern and is rated for its data protection corporate support work and legislative compliance advice across multiple jurisdictions. Jeffrey leverages significant knowledge of UK and international regulatory regimes to advise a range of clients on the full gamut of issues. Hordern is a reference in the life sciences and healthcare markets. In February 2025, Michael Yates left the team.

Responsables de la pratique:

Christopher Jeffery; Victoria Hordern


Autres avocats clés:

Jo Joyce; Ed Spencer


Les références

‘The people we have worked with have been amazing to collaborate with; in fact, our collaboration has been problem-free. They are detail-oriented and put in the time and focus needed for the issues we have collaborated on.’

‘Chris Jeffery is a fantastic partner.’

‘Very practical advice provided to complex issues.’

Principaux clients

Curonix


Principaux dossiers


  • Advised a number of pension schemes, professional trustee firms (such as IGG) and sole trustees with matters including: administrator and other supplier agreement review and audit, data privacy reviews, breach preparedness plans, trustee set-up compliance and data breach simulation exercises.
  • Undertook an assessment of Curonix’s compliance with data protection laws in the UK and advised on a wide range of issues including transparency, marketing, lawful processing, international data transfers, data security and data sharing.

Travers Smith LLP

As the new tech and commercial transactions department head at Travers Smith LLP, Louisa Chambers impresses a wide array of clients with her ‘thoughtful, clear and pragmatic advice’. The team’s comprehensive offering includes data security evaluations, corporate transactional support and compliance work. Chambers offers multi-jurisdictional expertise and has a particularly strong track record in the financial services and automotive sectors. James Longster is another key part of the team. In March 2025, Dan Reavill left the firm.

Responsables de la pratique:

Louisa Chambers


Autres avocats clés:

James Longster; Sarah Robinson


Les références

‘Louisa Chambers is the classic strategic advisor – we trust her implicitly and she gets our risk profile and desire to innovate in a way which pushes boundaries but does so in a compliant manner.’

‘I have enjoyed working with the Travers Smith team on Data Act matters for the last couple of years. They know the area very well and offer clear, pragmatic advice. We are likely to involve the team further in the coming months.’

‘I have enjoyed working with Louisa Chambers over the last couple of years. Her advice is always thoughtful, clear, and pragmatic, and she is very easy to get on with. I would certainly recommend her to anyone looking for advice on Data Act matters.’

Principaux clients

Samsung Electronics


Poundland Limited & Pepco Group Services Limited


Paymentsense Limited (t/a Dojo)


Sports Direct


IVC Evidensia


BagCheck LLC


Värde Partners


PSG Equity LLC


Advent International Ltd


Fortress


MNK Re


Bain Capital LP


Gruppo UNA


Goalhanger Podcasts


Principaux dossiers


  • Developing an interactive tool and mobile application to streamline data protection compliance for IVC Evidensia, a global veterinary group.
  • Advising Samsung Electronics on the development of its compliance approach to the EU Data Act and its interplay with compliance with EU and UK GDPR obligations.
  • Advised a large European self-storage operator, Safestore, on its cross-border joint venture and asset management arrangements with global investment firm Nuveen.

Womble Bond Dickinson (UK) LLP

The data team at Womble Bond Dickinson (UK) LLP offers a ‘truly forward-thinking and reliable service’ to clients in the energy, tech and chemicals industries. Under the tutelage of Andrew Kimble, the team conducts risk assessments, responds to regulatory investigations and drafts data sharing agreements. Kimble is equipped to offer GDPR and EU legislative compliance advice. Katie Simmonds impresses with her ‘exceptional professionalism and responsiveness’, while Sarah Daun is capable of drafting complex multi-jurisdictional data processing agreements.

Responsables de la pratique:

Andy Kimble


Autres avocats clés:

Sarah Daun; Katie Simmonds; Amy Prime


Les références

‘The entire experience was seamless from start to finish. The ease of booking made the process stress-free, and the innovative use of technology—particularly in handling DSAR (Data Subject Access Requests)—was impressive.’

‘What stood out most was the fantastic collaboration across the team, which fostered a strong sense of trust and professionalism throughout. A truly forward-thinking and reliable service.’

‘I’d like to give special mention to Amy Prime and Katie Simmonds for their exceptional professionalism and responsiveness. Their ability to communicate clearly, act decisively, and maintain transparency has fostered a strong sense of trust—something that truly differentiates them from competitors.’

Principaux clients

Blackbaud, Inc


PDP Companies Limited


Sirius Analysis


Unicard Limited


Liverpool Victoria Financial Services


Quilter


Northumbria University


Principaux dossiers


  • Advised Blackbaud on its response to a widely reported data breach and its broader global data protection strategy.
  • Delivering PDP’s training course ‘Data Protection in the Workplace’ and present at PDP’s data protection conference, including most recently delivering a workshop focused on the data protection challenges organisations face when using new technologies like artificial intelligence (AI) to monitor workers.
  • Continued to advise Northumbria University on a pro bono basis on the legal aspects of a digital supply chain testbed for spare parts, which includes the data sharing and collaboration arrangements, together with the terms of use for the testbed.

Addleshaw Goddard

Addleshaw Goddard places a strong focus on complex data protection advisory work, ranging from subject access requests and outsourcing arrangements to software licensing arrangements and international data transfers. Under the supervision of Helena Browne in Edinburgh, the team maintains a strong market presence in the retail, energy, F&B and manufacturing sectors. He is supported by Ross McKenzie in Aberdeen and Claire Edwards in Manchester. In July 2024, Nathalie Moreno left the firm.

Responsables de la pratique:

Helena Brown


Autres avocats clés:

Claire Edwards; Ross McKenzie


Les références

‘Dealing with the practice provides great comfort with the knowledge that you are dealing with experts in this particular area.’

‘Helena Brown is always exceptionally helpful.’

‘Ross McKenzie provides a first-class service in relation to data protection compliance. Advice is presented in a way that is extremely easy to use and pragmatic.’

Principaux clients

Debenhams (formerly BooHoo Group PLC)


Bonmarche/Peacocks


BP International Limited


British Land


British Airways


Diageo


Eagle Eye Solutions Limited


FNZ


Homeserve PLC


National Energy System Operator Limited (NESO)


NFU Mutual


Saga Group PLC


SSE PLC


Vision Express Group of Companies


Wickes Building Support


William Grant & Sons


Principaux dossiers


Cooley (UK) LLP

Under the tutelage of ‘outstanding professional’ Guadalupe Sampedro, the data protection team at Cooley (UK) LLP offers comprehensive advice to global commercial entities, especially those in the artificial intelligence, public and tech sectors. The dual-qualified Sampedro is an authority in the fintech space and is equally equipped to advise on the full gamut of the sector. Bryony Hurst, a 2024 arrival from Bird & Bird LLP, is reputed for her depth of expertise in regulatory and contentious matters.

Responsables de la pratique:

Guadalupe Sampedro


Autres avocats clés:

Bryony Hurst; Ann Bevitt; Daniel Millard


Les références

‘The data protection team is available to quickly understand our operations and provide robust solutions.’

‘They bring in-depth life-science and data privacy knowledge, including up-to-date info on new regulations.’

‘Cooley’s data protection/privacy council is exceptional.’

Principaux clients

eBay, Inc.


Colt Technology Services


Principaux dossiers


  • Advising eBay on a wide range of data protection matters relevant to its payments business globally (EU, UK, US, Australia).
  • Supporting Colt’s ongoing privacy matters globally.

Covington & Burling LLP

Covington & Burling LLP stands out for its deep legislative knowledge, which the team uses to assist clients in remaining compliant across multiple jurisdictions. Mark Young is particularly well known in the tech and pharma sectors and has been involved in several significant cybersecurity investigations in England and the EU. Lisa Peets is building a strong reputation for her AI expertise. Claudia Berg joined the firm from the Information Commissioner’s Office in January 2025.

Responsables de la pratique:

Mark Young


Autres avocats clés:

Lisa Peets; Paul Maynard


Principaux dossiers


Digiphile

Phil Lee is considered a ‘guru of privacy and now AI law’, which he leverages as head of the privacy, AI and digital regulation practice at Digiphile. The team boasts several market-leading American tech corporations as part of its client base, and is equipped to advise on data protection impact assessments and data processing agreements. Lee has recently assisted clients with GDPR compliance issues, ICO investigations and internal data protection training.

Responsables de la pratique:

Phil Lee


Autres avocats clés:

Natalie Barnfield; Marco Piana


Les références

‘Digiphile are not just external counsel, but an extension of the legal team and business. They take the time to truly understand the business goals and risk appetite and provide pragmatic and informed advice for the question you ask, and the questions you don’t realise you need to ask.’

‘Phil Lee is the guru of privacy and now AI law.’

‘Phil Lee is the best outside counsel I have worked with, bar none.’

Principaux clients

Block (trading as Square)


Canva


Egetis Therapeutics


Epsilon (a Publicis group company)


Expedia


NewStore


PayPal


Travelperk


Principaux dossiers


  • Advised internet discovery platform Taboola on commercial data protection agreements with customers, GDPR transparency disclosures, and compliance with ePrivacy and industry transparency and consent framework requirements.
  • Advised a pharmaceutical company on the management of a data security incident suffered by a third-party data processor, including making appropriate filings with the competent data protection authority, notifying impacted data subjects, and negotiations with the data processor.
  • Advised a global technology company on its response to enquiries sent by the UK Information Commissioner’s Office relating to its investigations into targeted online advertising on the UK’s top websites.

Farrer & Co

Farrer & Co is well known in the media, education and sporting sectors and offers clients a broad data protection service on both the contentious and advisory side. The team is led by the capable trio of Alan Baker, Ian De Freitas and Owen O’Rorke. De Freitas is a dispute specialist who was recently successful in a case involving data ownership and usage in a supply chain. O’Rorke has experience defending subject access request claims, while Baker focuses on GDPR compliance and data audit projects.

Responsables de la pratique:

Alan Baker; Owen O’Rorke; Ian De Freitas


Autres avocats clés:

Tom Rudkin


Les références

‘Ian De Freitas is a leading figure in this domain. He is our go-to partner for any support we need in this area.’

‘Farrer & Co has built a very fine data protection practice in recent years. Led by Ian de Freitas and bolstered by Tom Rudkin, they combine top-quality legal analysis with great industry and market knowledge.’

‘The team is incredibly responsive, knowledgeable, has excellent technical legal skills and provides legal advice in a manner which can be easily digested by the business.’

Principaux clients

Wowcher Limited


Charities Aid Foundation


Lawn Tennis Association


England and Wales Cricket Board


We Buy Any Car Limited


Telegraph Media Group


Age UK


British Library


British Museum


The National Lottery (Community Fund)


Principaux dossiers


Freeths LLP

Freeths LLP is praised by clients as an ‘excellent firm’ for its data and information practice, which advises on novel tech matters, crisis management and disputes. It is particularly well known in the retail and financial sectors. The team operates under the supervision of Luke Dixon, who excels in advisory work, while Will Richmond-Coggan forms the bedrock of the practice’s contentious offering. He is adept at handling mass group litigation claims.

Responsables de la pratique:

Luke Dixon


Autres avocats clés:

Will Richmond-Coggan; Mona Schroedel


Les références

‘Luke Dixon is extremely pragmatic, commercially knowledgeable and personable in his approach.’

‘Unusual level of service, including great dedication to client’s wellbeing in sensitive privacy cases.’

‘Excellent firm with excellent levels of service delivery.’

Principaux clients

Aldi Stores Limited


Tarmac


MHA


Pukka Pies


Ibstock Plc


Equiniti Plc


400 sub-postmasters


Facewatch


Principaux dossiers


  • Advising Aldi UK on a wide range of data matters.
  • Advised Breal Capital and Calveton Group on the data aspects of its acquisition of Thursdays (UK) Limited, t/as TGI Fridays.
  • Acting for Equiniti Group in connection with one of the most high profile data breach litigation cases of 2024, now listed for hearing in the Court of Appeal in June 2025, a case which is likely to establish new precedent for the gateway test before which data breach claims can be pursued in the courts.

Gowling WLG

Gowling WLG is considered a go-to firm for government departments, public sector entities and international corporations on a variety of data protection issues. The team, which is jointly spearheaded by Jocelyn Paulley and Loretta Pugh, frequently advises on data sharing agreements, prepares internal governance documentation, and advises on broader cybersecurity problems. In Birmingham, Paulley frequently conducts Data Protection Impact Assessments and cybersafety reviews. Pugh, who joined the team from CMS in October 2024, is praised as a ‘real asset to the team’.

Responsables de la pratique:

Jocelyn Paulley; Loretta Pugh


Autres avocats clés:

Patrick Arben; Amber Strickland


Les références

‘Loretta Pugh is fantastic, making herself available for urgent matters and patiently explaining complex concepts. A real asset to the team.’

‘Gowling certainly tailors their advice to us and our particular risk appetite and processes, which they have learned during the period we have engaged them.’

‘We have the impression, and feeling, of in-house legal counsel.’

Principaux clients

Energy Systems Catapult Limited


Energy Networks Association


Transport for London


Finning Limited


RECCo


Department for Education


Donna Ockenden Limited


Energy Networks Association


Elexon


The Universities and Colleges Admissions Service


Government Property Agency


Empiric Student Properties Limited


Financial Reporting Council


Department for Science, Innovation & Technology


Principaux dossiers


  • Advising Donna Ockenden Limited, the Chair of the independent review of maternity services at the Nottingham University Hospitals NHS Trust, on all the data protection aspects of the inquiry, covering data sharing agreements, privacy notices and DPIAs.
  • Appointed by the Department for Education to be its advisors for the next two years (with possible extensions) for the DfE Data Sharing Service
  • Advising the Energy Networks Association on the data privacy aspects of ENA Connect Direct, a new online platform for connection of low carbon energy domestic installations.

Mills & Reeve LLP

The data protection team at Mills & Reeve LLP is led by the capable trio of Helen Tringham, Paul Knight and Peter Wainman. The practice is prepared to offer GDPR compliance advice, construct data sharing agreements and prepare responses in the aftermath of ransomware attacks. Kang is praised as a ‘brilliant lawyer’ and is noted for his capabilities in international data transfers.

Responsables de la pratique:

Helen Tringham; Paul Knight; Peter Wainman


Les références

‘The practice stands out for its deep sector expertise, collaborative culture, and client-centric approach. What makes them unique is not just what they do, but how they do it—with integrity, innovation, and a relentless focus on delivering value.’

 

 

Principaux clients

Money and Pensions Service


Nichols plc


Domino Printing Sciences Plc


Premia Solutions Limited


Cleveland Clinic


Siemens Healthineers


iGPR


Midwich Plc


Principaux dossiers


  • Advising the Money and Pensions Service (MaPS) on the national Pensions Dashboards Programme. The Pensions Dashboards Programme will result in individuals being able to access pensions information online, securely and all in one place.
  • Advised a leading global manufacturer on implementing cybersecurity arrangements to safeguard personal data in its global manufacturing process.
  • Advised a leading NASDAQ-listed data analytics company on UK GDPR requirements.

Orrick, Herrington & Sutcliffe (UK) LLP

Orrick, Herrington & Sutcliffe (UK) LLP is home to an experienced cyber, privacy and data innovation practice, which boasts AI start-ups, international technology conglomerates, and financial services institutions as part of its client base. Department head Alex Sobolev frequently advises clients across multiple jurisdictions on privacy compliance, GDPR obligations, risk management and internal policy reviews. Adele Harrison and Anna O’Kelly are key members of the team’s contentious and regulatory offering. In September 2024, Kelly Hagedorn left the team.

Responsables de la pratique:

Alex Sobolev


Autres avocats clés:

Adele Harrison; Anna O’Kelly


Principaux clients

Axiom Therapeutics Inc.


Azzurri Investment Group Limited


Baidu, Inc


Bastille Networks


Binalyze OÜ


C-Wind Polska spólka z o. o.


Deltek, Inc.


Elixir Technologies Ltd.


FD3M UK Ltd


Fenix International Limited (d/b/a OnlyFans)


Future Fiber Networks LLC


GOAT


Inforcer Ltd


Invoice Cloud, Inc.


JumpStart Games, Inc.


Juniper Networks


Kape Technologies (Cyprus) Limited


Klarna Bank AB


Lindus Health Limited


Mercor.io Corporation


Microsoft Corporation


NVIDIA


Paddle.com Inc.


Perion Network Ltd.


Pinnacle Networks, Inc


PolyAI Limited


Praktika.ai Company


Reckitt Benckiser LLC


San Francisco Compute Company


Scope Inspection, Ltd


Squarespace Inc.


Supabase, Inc.


Team-GPT Global Inc.


Technologies of Voice Interface Limited


Testudo Global Inc


UKG Inc.


VERO Labs


Vi Labs Ltd


Voices


Xiaomi


Principaux dossiers


  • Advising Fenix International Limited on an ongoing basis in connection with all UK regulatory and compliance matters, including those related to online safety, anti-money laundering, financial regulatory matters, and organisational strategy for compliance with UK, EU and US consumer and privacy laws.
  • Advising Klarna on AI and data protection matters in the context of employment in France and Germany, and advising on the impact of upcoming AI legislation
  • Advising the New York Jets, a multimillion-dollar team in the National Football League, on privacy compliance and risk mitigation for launching their international fan club and promoting games in the UK and Europe.

Pillsbury Winthrop Shaw Pittman LLP

Pillsbury Winthrop Shaw Pittman LLP excels while advising clients on data transfer issues, breaches and legislative compliance. Steven Farmer leads the team and is described by clients as ‘extremely knowledgeable and resourceful’. He has a strong track record in the health tech space and is well equipped to advise companies on their obligations under the Digital Operational Resilience Act (DORA). Scott Morton has multi-jurisdictional experience and strength in cybersecurity matters.

Responsables de la pratique:

Steven Farmer


Autres avocats clés:

Scott Morton


Les références

‘The Pillsbury team is highly competent and responsive.’

‘Steven Farmer is extremely knowledgeable and resourceful, and makes himself available upon short notice.’

‘This team is well-versed in GDPR and UK GDPR regulations, and can provide recommendations on personal data compliance measures and technical measures that align with customer service processes.’

Principaux clients

Blis


Boundless Learning


BPM


Carrot Fertility


G.Network Communications


General Atomics


Giant| Bicycles


Hanbury Strategy and Communications Limited


Stack Data Strategy


HM Electronics


Ingenio


Institute of International Finance


Juniper Square


National Commission on Certification of Physician Assistants (NCCPA)


Ntrepid


Planet Patrol


Private Identity


Solar Energy Trade Shows


Victaulic Company


Principaux dossiers


  • Guiding financial services clients, including State Street and PNC Bank, through intricate data protection issues, including compliance with cyber resilience-related regulations, which is of critical importance.
  • Advised UK-based B2C internet service provider G.Network on day-to-day privacy and cybersecurity compliance, including as related to cloud computing
  • Advised HM Electronics on global privacy compliance, including in relation to the roll out of various AI solutions which improve customer experience.

AWO

AWO houses a strong contentious data protection team, having recently been involved in several claims for a broad range of key stakeholders. The team's 'amazing leader’ Ravi Naik has a background in human rights and is recognised for his strength in the digital tech space. The team also includes the ‘intellectually robust’ Alex Lawrence-Archer and the ‘extremely impressive’ Lucie Audibert.

Responsables de la pratique:

Ravi Naik


Autres avocats clés:

Alex Lawrence-Archer; Lucie Audibert


Les références

‘AWO is leading the market on data protection and privacy work for claimants and in respect of cutting-edge technology. They are all across the regulatory developments, both domestically and internationally. Highly sought after and really talented people.’

‘Ravi Naik is an amazing leader – he brings in top-quality work, thinks really creatively, and fights hard for clients. His strategic insights help win cases.’

‘Alex Archer-Lawrence is highly experienced and intellectually robust. Can see the important points from a distance and cut to the issues.’

Principaux clients

Information Commissioner’s Office


Just Treatment


Mozilla Corporation


FIFPRO


Clean Up Gambling


Bureau Européen des Unions de Consommateurs (the European Bureau of Consumers’ Unions) (BEUC)


The Serpentine Gallery


UNISON


Equity (the Performers’ Union)


Trades Union Congress


Reset


Worker Info Exchange


Principaux dossiers


  • Acting for the claimant (anonymous) in the precedent-setting case of RTM v Bonne Terre et al, which revealed the extent of data processing and profiling done by the online gambling industry, and refined the standard for consent in data protection law.
  • Acted for the founder of Amnesty International’s tech programme in her landmark lawsuit against Meta’s use of her data for advertising purposes.
  • Instructed by the Bureau Européen des Unions de Consommateurs (BEUC) to draft model complaints for its member organisations relating to the use of data by big tech platforms and consumers’ rights over the use of their data by those platforms

Goodwin

The ‘highly attentive’ data, privacy and cybersecurity practice at Goodwin has a notable emphasis on artificial intelligence matters, assisting clients with legislative compliance. The team is jointly led by Gretchen Scott, who recently advised a domestic commercial entity on drafting data protection agreements for its subsidiaries, and Curtis McCluskey, who is adept at constructing and implementing privacy notices. Lore Leitner left the firm in July 2024.

Responsables de la pratique:

Gretchen Scott; Curtis McCluskey


Autres avocats clés:

Joseph Ndep


Les références

‘Good advice but better people. They were highly attentive.’

‘Gretchen Scott has been our partner for a while and has always been available when needed. She’s kept us in the loop on new updates and provided practical advice.’

‘This is a team that understands our business, understands what matters, is available, and worth the billable hours even for a cost-conscious company. Our privacy policy is central to the value of our business, and the firm set up the right foundation for us.’

Principaux clients

Allurion


FIA Tech


JustPark


JPM


Help Scout


Convergence


StockTwits


Caristo


AI Build


Zello


Talktastic


ThatGameCompany


Repligen


Whoop


Hivemapper


Gameplay Galaxy


FaceApp


Trailborn


Plusgrade


Openstage


Principaux dossiers


Kingsley Napley LLP

The ‘nimble, responsive and practical’ information law team at Kingsley Napley LLP is recognised for the assistance it provides to clients, particularly those in the public and education sectors. Under the ‘calm, competent leadership’ of Emily Carter and Melanie Hart, the team offers GDPR advice and assistance in tribunal proceedings. Hart is equipped to build cyber response strategies for clients, while Carter is strong on the non contentious side. In April 2024, Adam Chapman left the firm, and in December, Chris Perrin joined from Spencer West LLP.

Responsables de la pratique:

Emily Carter; Melanie Hart


Autres avocats clés:

Helen Morris; Ellie Fayle


Les références

‘What makes this practice unique is its rare blend of deep technical expertise, genuine commercial understanding, and an empathetic, human approach to client relationships.’

‘Kingsley Napley brings calm, competent leadership to the table.’

‘I find Kingsley Napley more nimble, responsive, and practical. Their approach feels tailored rather than templated, and they invest time in understanding the context behind each matter.’

Principaux clients

King’s College London


London Fire Brigade


Enforcement Conduct Board


Construction Industry Council Approved Inspectors Register


Principaux dossiers


  • Advising King’s College London on UK GDPR claims.
  • Providing information law advice to the London Fire Brigade.
  • Representing two journalists in a successful Freedom of Information Act appeal to the First Tier Tribunal.

Leigh Day

Leigh Day is committed to offering individuals support in the aftermath of data breaches that have impacted utilities companies, public authorities and retailers. Department head Sean Humber is often instructed to act against government departments and has acted in several class actions, particularly in those related to the healthcare sector. Gene Matthews has a background in human and consumer rights law.

Responsables de la pratique:

Sean Humber


Autres avocats clés:

Gene Matthews; Joshua Garrod


Les références

‘Leigh Day were honest, transparent, reassuring and kind.’

‘Sean Humber was always friendly and approachable.’

‘Leigh Day takes data protection very seriously.’

Principaux clients

385 TalkTalk customers affected by data breach


6,000 + easyJet customers affected by data breach


Steve Nash, Food Safety Campaigner


6,000 + South Staffs Water / Cambridge Water customers affected by data breach


Rights & Security International (RSI)


5 Rights Foundation


30 + Lister Fertility Clinic patients affected by Stor-a-File data breach


Afghan Interpreters affected by MoD data breach


1000+ employees affected by Move-It Zellis data breach claim


Charing Cross GIC patients affected by data breach


Principaux dossiers


  • Successfully settled a group claim on behalf of 385 customers of TalkTalk in relation to alleged data breaches. It was alleged that the affected customers’ personal data, including their names, addresses, dates of birth, email addresses, TalkTalk account numbers, and bank account details, were accessed.
  • Successfully settled, for a substantial 5-figure sum, an individual data breach claim for a client against the Council and Police after he was wrongly identified as a paedophile and sex tourist.
  • Currently instructed by Steve Nash in a successful complaint to the Information Commissioner’s Office (ICO) with regard to the refusal of UK Health Security Agency (UKHSA) to release information about a 2022 E. coli outbreak, linked to the consumption of contaminated lettuce, which led to more than 250 infections and at least 77 hospitalisations.

Penningtons Manches Cooper LLP

Penningtons Manches Cooper LLP


Responsables de la pratique:

## INSERTED START: 08-05-2025 01:16:03


Anna Frankum; Joanne Vengadesan; Anna Frankum; Joanne Vengadesan


Les références

## INSERTED START: 13-06-2025 10:53:17

‘Strong on data protection’

‘Gareth Jones (associate) is excellent’

Principaux clients

## INSERTED START: 08-05-2025 01:16:03


Telecoms and cloud communications provider


Oxford Science Enterprises


Advanced Research + Invention Agency (ARIA)


Fable Data


American Institute for Foreign Study


Unifrog Education Limited


HOK International Ltd


Pay.UK


Smarter Contracts


Forge Europe GmbH


Police Federation of England & Wales (PFEW)


MSC Cruises


Flint House Police Rehabilitation


Chartered Association of Business Schools


CottonConnect Ltd


Telecoms and cloud communications provider


Oxford Science Enterprises


Advanced Research + Invention Agency (ARIA)


Fable Data


American Institute for Foreign Study


Unifrog Education Limited


HOK International Ltd


Pay.UK


Smarter Contracts


Forge Europe GmbH


Police Federation of England & Wales (PFEW)


MSC Cruises


Flint House Police Rehabilitation


Chartered Association of Business Schools


CottonConnect Ltd


Principaux dossiers


  • ## INSERTED START: 08-05-2025 01:16:03
    Advanced Research + Invention Agency (ARIA)|We advise ARIA in relation to day-to-day data protection issues. ARIA is a UK R&D funding agency built to unlock scientific and technological breakthroughs that benefit everyone. ARIA empowers scientists and engineers, from their Programme Directors to the teams they fund, with the resources and freedom to pursue breakthroughs at the edge of the possible.
  • ## INSERTED START: 08-05-2025 01:16:03
    American Institute for Foreign Study|We have advised the AIFS for many years in relation to their data protection compliance, on a broad range of issues including international data transfers.
  • ## INSERTED START: 08-05-2025 01:16:03
    CottonConnect Ltd|We have advised Cotton Connect on its framework agreement with a multinational fashion retailer and associated data protection issues, including relating to its proprietary traceability app and its monitoring and evaluation apps.
  • ## INSERTED START: 08-05-2025 01:16:03
    Advanced Research + Invention Agency (ARIA)|We advise ARIA in relation to day-to-day data protection issues. ARIA is a UK R&D funding agency built to unlock scientific and technological breakthroughs that benefit everyone. ARIA empowers scientists and engineers, from their Programme Directors to the teams they fund, with the resources and freedom to pursue breakthroughs at the edge of the possible.
  • ## INSERTED START: 08-05-2025 01:16:03
    American Institute for Foreign Study|We have advised the AIFS for many years in relation to their data protection compliance, on a broad range of issues including international data transfers.

Pritchetts Law

Pritchetts Law houses a data protection team which is proficient in cybersecurity and artificial intelligence mandates. The team is under the joint supervision of Stephanie Pritchett, who is adept at offering regulatory compliance and data protection advice, and Ben Wootton, who is well-positioned to conduct DPIAs.


Responsables de la pratique:

Stephanie Pritchett; Ben Wootton


Les références

‘The practice has a great calibre of lawyers and punches above its weight. Pritchett’s has invested heavily in its knowledge of the LOCS23 certification scheme and has shown a great willingness to walk clients through the minutiae of this scheme.’

‘Both Stephanie Pritchett and Ben Wootton have always made themselves available on short notice and have provided practical and tailored advice that takes into consideration client challenges and resource restrictions. We see them as an extension of the data protection team.’

‘The team at Pritchetts Law continue to excel in their provision of legal advice in data protection, privacy and cybersecurity. It is always up to date, comprehensive and clear.’

Principaux clients

The Ceuta Group of Companies


Northumbrian Water Group Limited


CFH Docmail


National Foundation for Educational Research


Nile UK Service Company Limited


The UPP Group of Companies


Link Maker Systems Limited


Synextra Limited


Mathys & Squire LLP


Sable International Group Limited


PDP Companies Limited


Make and Grow Limited


Vision33 Limited


Interactive Technology Corporation Limited


RE:GEN Group Limited


OrgChartHub Limited


Menzies Law


Operation Eyesight


All Aboard Water Sport and Water Recreational Activity


The Law Society


TextRazor Limited


Principaux dossiers


  • Advising a full-service brand management business on its data protection compliance programme. This has previously included drafting detailed data protection policies and procedures.
  • Advising a tech and AI scale-up company on its standard terms of business, end-user terms and privacy notices to ensure they reflect market practice and offer efficient contracting processes as well as GDPR compliance.
  • Advised a global managed IT services business on the actions flowing from its data protection compliance audit programme. These included updates to its master services agreement to address the complex international data transfers required within the group and between its global client base.

PwC LLP

PwC LLP stands out for the advice it offers on data breaches, legislative compliance and subject access requests. The team, which is led by the ‘highly skilled data protection lawyer’ Chris Cartmell, is active in the financial services, commercial and public sectors, working on projects in multiple jurisdictions. Cartmell frequently advises clients on cybersecurity matters and is noted for his specific knowledge of South East Asian markets. Stephanie Baker and Lucas Saric are key members of the team.

Responsables de la pratique:

Chris Cartmell


Autres avocats clés:

Lucas Saric; Stephanie Baker


Les références

‘Chris Cartmell and Stephanie Baker are outstanding data protection lawyers. Approachable and pragmatic, with a real focus on developing a deep understanding of their client’s goals and objectives.’

‘A highly skilled team in data protection and digital/tech law that works together to solve the client’s challenges in a proactive and collaborative manner. It is a strong team of highly skilled individuals that comes together as a unity to make a difference. I am impressed by how the team comes together and supports each other to deliver results and value to the client.’

‘A special mention to Chris Cartmell for not only being an expert in his field but also bringing a human-centric approach to interactions. What makes Chris stand out is that not only is he a highly skilled data protection lawyer, but also his ability to act with integrity in what he does.’

Principaux clients

Link Market Services Limited


Mott MacDonald Limited


Principaux dossiers


  • Advised Mott MacDonald Limited on a complex range of multi-jurisdictional data protection matters, including intra-group transfers, data protection impact assessments, data retention and disposal requirements and data processing agreements.
  • Supported Link Market Services Limited (part of the Mitsubishi UFJ Financial Group, Inc (“MUFG”)) with a DSARs managed service.
  • Supported Mott MacDonald Limited with designing and embedding an efficient internal DSAR process, as well as providing a DSARs managed service.

Slaughter and May

The data privacy and cyber practice at Slaughter and May is prepared to advise on multijurisdictional cyber breaches, data concerns related to commercial transactions and international data transfers. The team is led by the capable trio of Rebecca Cousin, noted for her capabilities in M&A matters, Richard Jeens, who spearheads the team’s contentious offering and Rob Sumroy, who excels when offering clients risk management and cyber preparedness services.

Responsables de la pratique:

Rebecca Cousin; Richard Jeens; Rob Sumroy


Les références

‘Slaughter and May’s data protection team is a pleasure to work with.’

‘The team’s knowledge lawyers are on top of all developments and as such the team has great insights into the latest position on legal and regulatory questions.’

‘Rebecca Cousin is an expert in the field of data protection.’

Principaux clients

 


 


Principaux dossiers


Squire Patton Boggs

Squire Patton Boggs is particularly active in the automotive, sport and life sciences sectors, under the supervision of David Naylor. The team regularly handles matters relating to artificial intelligence regulation, data breaches and cybersecurity in multiple jurisdictions. Naylor is praised by clients for his ‘great experience’ in corporate data protection advice, due diligence and contentious disputes. Based in Leeds, Francesca Fellows brings additional strength and depth to the practice.

Responsables de la pratique:

David Naylor


Autres avocats clés:

Francesca Fellows


Les références

‘Squire Patton Boggs’ data protection, privacy, and cybersecurity team has demonstrated strong expertise in data privacy law. Their advice was clear, practical, and tailored to our needs, helping us strengthen our systems and ensure compliance with evolving data protection regulations. Their deep knowledge of the field and ability to apply it effectively made a real difference to our risk management and operational resilience.’

‘The individuals we’ve worked with at Squire Patton Boggs stand out for their responsiveness, clarity, and deep subject-matter expertise. They bring a practical, solutions-oriented mindset that sets them apart from competitors. We’ve especially valued their collaborative approach and ability to translate complex legal requirements into actionable steps.’

‘Their advice is very easy to understand. They break down sometimes impenetrable law into easy-to-understand vernacular.’

Principaux clients

Aston Martin


Caterpillar


DataCore


Datasite


Domino’s


Essex County Cricket Club


Move.ai


MoneyPenny


Maximus


Tessian


Twilio


Principaux dossiers


  • Advising Aston Martin on all data privacy matters relating to the development and international launch of its new connected vehicles across more than 50 countries with reported sales revenues of c. $2.13 billion in 2024.
  • Advising Essex County Cricket Club on all data privacy aspects in connection with its compliance with data protection laws in relation to an investigation into discrimination and fraud.
  • Advising the Royal Mail Collective Pension Plan on all data privacy aspects of the launch of the UK’s first collective defined contribution plan.

Stevens & Bolton LLP

In Guildford, Stevens & Bolton LLP offers ‘agility and strategic foresight’ in its data protection practice, assisting clients in the hospitality, tech and automotive sectors. The ‘pragmatic’ team is led by Beverley Flynn, who frequently advises on data issues related to artificial intelligence, legislative compliance and ad tech. Gary Parnell is adept at multi-jurisdictional data transfer matters and GDPR issues.

Responsables de la pratique:

Beverley Flynn


Autres avocats clés:

Gary Parnell; Charles Maurice; Guy Cartwright


Les références

‘The team at Stevens & Bolton is terrific.’

‘The team at Stevens & Bolton is pragmatic and approachable. They understand the challenges of the business environment, and have deep experience across many sectors.’

‘Our main contact was Beverley Flynn. Her knowledge and pragmatic approach gave us enormous confidence in the arrangements we put in place.’

Principaux clients

PUIG UK Limited


Penhaligon’s Limited


Kia UK Limited


Papa John’s (GB) Limited


Fresha.com SV Limited


Alarm.com Holdings Incorporated


Beacon Counselling Trust


Oncoheroes Biosciences Inc.


Greyhawk Intelligence Group Limited


Plus Fitness Pty Ltd


Deallus Consulting Limited


Unily Group Limited


Artlogic Media Limited


RBB Economics LLP


Principaux dossiers


  • Acting for PUIG/Penhaligons, which is the owner of a large number of ‘household-name’ beauty and fashion brands, on data protection matters and cyber security.
  • Acting as Kia UK’s external legal counsel for all data protection matters.
  • Assisting longstanding client Papa John’s (GB) Limited with all its data protection and cybersecurity legal requirements in the UK.