Tom FordManaging Associate

Download vCard

+44 (0)20 7074 8373
tom.ford@lewissilkin.com

I am a UK lawyer who advises on data protection matters from a risk and governance, workplace, and commercial perspective. Taking a pragmatic, risk-based approach to compliance, I work with clients to address their data privacy issues in a way that is proportionate and practical.

Sitting within both Lewis Silkin’s data, privacy & cyber group and top-tier employment law division, I advise leading multinational organisations on data privacy issues.

I have considerable experience of running projects across multiple jurisdictions, both inside and outside the EU, and work with clients in the media & entertainment, tech, finance, legal, and marketing sectors.

I have particular expertise in:

GDPR compliance strategy;
data privacy as part of GRC, and building effective privacy policies and processes;
information security and acceptable use - including ISO27001/2 requirements;
transparency requirements, including internal and external privacy notices;
data protection impact assessments (DPIAs);
data processing agreements (DPAs) and data sharing agreements, including Schrems II risk mitigation and intra-group data sharing;
data subject access requests (DSARs) and other rights requests;
data breaches and data breach reporting;
regulatory investigations;
data retention strategy;
Covid-19 testing and the collection and use of vaccination data;
diversity and inclusion monitoring;
employee vetting and background checks.

Some of my recent work highlights include:

Advising large multi-nationals on the update of their global information security policies and alignment to ISO27001.
Advising multiple clients on the use of the 2021 SCCs and UK Addendum in relation to both internal and external data sharing, including relevant Schrems II "Transfer Impact Assessments".
Carrying out several projects assisting global businesses on their approach to the retention of personal data across multiple jurisdictions.
Advising multiple clients on their cross-border global diversity and inclusion initiatives, including practical steps for the management of associated data privacy risks; and
advising on the processing of data relating to criminal offences and the intersection of data privacy laws with industry-specific regulatory requirements (for example, those applicable in the legal and financial services industries).

Awards and Recognition

Rising Star in Legal 500 2022 (Data Protection)
Legal 500 2021 (Employment) - ‘Tom Ford has a fantastic balance of employment and data privacy knowledge'

More from Tom

Related sectors

Technology & Communications

Related services

Diversity monitoring: what to collect and how to comply with the law

19 June 2022

To improve the diversity of your workforce, you need to measure it, and this means collecting and monitoring data. But what questions should you ask employees about their individual characteristics and how can you handle that information lawfully? This article takes an in-depth look at these questions.