About

I advise clients on data protection matters from a risk and governance, workplace, and commercial perspective. I take a pragmatic, risk-based approach to compliance, working with clients to address their data privacy issues in a way that is proportionate and practical.

Sitting across our data, privacy & cyber group and top-tier employment law team, I advise leading multinational organisations on data privacy issues.

I run projects across multiple jurisdictions, both inside and outside the EU, and work with clients in the media & entertainment, tech, finance, legal, and marketing sectors.

I have particular expertise in GDPR compliance strategy, data privacy as part of GRC, and the building of effective privacy policies and processes and information security and acceptable use, as well astransparency requirements.

Experience

Technology

  • Advising large multinationals on the update of their global information security policies and alignment to ISO27001
  • Advising multiple clients on the use of the 2021 SCCs and UK Addendum in relation to both internal and external data sharing, including relevant Schrems II "Transfer Impact Assessments"
  • Assisting global businesses on their approach to the retention of personal data across multiple jurisdictions
  • Advising clients on their cross-border global diversity and inclusion initiatives, including practical steps for the management of associated data privacy risks
  • Advising organisations on processing data relating to criminal offences and the intersection of data privacy laws with industry-specific regulatory requirements, for example, those applicable in the legal and financial services industries

Testimonials

"Tom Ford has a fantastic balance of employment and data privacy knowledge."
Legal 500

Services