2018 Speakers & Chairs


31st Annual International Conference  

Navigating GDPR: The art of the possible

2 – 4 July 2018
St. John's College Cambridge, UK


Below is a list of all speakers and chairs confirmed as of 22 May.
Details subject to change. 

Data Protection Authorities and Policy Makers


Bruno Gencarelli
Head of the International Data Transfers and Protection Unit
European Commission

Mr. Bruno Gencarelli is the Head of the Data protection Unit within the European Commission (DG Justice and Consumers). The unit is responsible for all aspects of  Commission's policies and activities in the area of data protection: negotiation, adoption and implementation of the reform of EU data protection legislation, addressing data protection issues at international level (including through the negotiation of international agreements and the adoption of adequacy decisions), monitoring the application by Member States of EU data protection legislation, ensuring the secretariat of the "Article 29 Working Party", etc.  He is one of the lead negotiators of the EU-US "Umbrella Agreement" and of the Privacy Shield. He previously served as a Member of the Commission's Legal Service and as an assistant (référendaire) to a judge at the European Court of Justice after having practiced law in the private sector. He holds degrees in law and political science. He is an Associate Professor in EU Competition Law at Sciences Po Paris.



Nigel Houlden
Head of Technology

Nigel is the Head of Technology Policy for the ICO, he has spent over 30 years in technology, working in various sectors, NHS, Local Government, industry and before joining the ICO was a senior lecturer in computing at Glyndwr University. His PhD is in the Optimization and pseudo optimization of routing algorithms.

Nigel is passionate about technology, how it is used and how it can change lives. He is a member of the BCS and has held Chartered IT Professional status for 15 years.   

Dr Nigel Houlden PhD, BSc, MBCS, CITP




Karolina Mojzesowicz
Deputy Head, Data Protection Unit
European Commission

Karolina Mojzesowicz is the Deputy Head of Unit of the unit responsible for data protection at the European Commission (DG Justice and Consumers). She was one of the Commission's representatives in the interinstitutional negotiations with Parliament and Council on the General data Protection Regulation (GDPR). She is now responsible for its implementation in the EU. Mrs Mojzesowicz previously served as a member of the European Commission's Legal Service, focusing on EU Competition law and International Trade law. In that capacity, she represented the Commission in numerous cases before the European Courts and before the WTO panels and Appellate Body. Mrs Mojzesowicz studied law in Poland, the Netherlands and Germany where she obtained her PhD in 2001.




Florence Raynal
Head, European and International Affairs Department

Florence Raynal began her career in 2000 within the Law Firm Donahue & Partners LLP in New York, where she participated for 3 years in international projects on privacy and labour laws. When coming back to France, she worked as Senior Manager at Ernst & Young Law Firm for 4 years where she advised on privacy matters at both national and European level.

She was internally appointed Data Protection Officer (“Correspondant Informatique et Libertés”) of Ernst & Young France and coordinated the firm’s privacy compliance for the 26 countries of the Continental Western European Area.

In 2008, she was appointed Head of the International and European Affairs Department of the CNIL.

She has assisted the former CNIL Chair Mr. Alex Türk and current Chair Ms. Isabelle Falque- Pierrotin in their chairmanship of the Article 29 Working Party. In that regard, she has been dealing with the management of the WP29’s plenary and the WP29’s external representation, which also implies participating in defining the WP29’s position on all implicated subjects. Moreover, she has aided the CNIL’s International Affairs Commissioner on those matters.

Furthermore, the International and European Affairs Department of the CNIL is in charge of developing and improving transfers mechanisms such as:  the Standard Contractual Clauses, the US Safe Harbor, country adequacy assessments and Binding Corporate Rules. Florence has been particularly involved in the development of the European BCR referential adopted by the WP29; as well as, in its promotion, instruction and the WP29’s implementation of the coordination procedure. In addition, she initiated discussions with other regional cooperation systems such as the APEC privacy working group and the French speaking data protection authorities network (AFAPDP) with the idea to build a bridge between BCRs and other existing tools such as APEC Cross Border Privacy Rules.

Leading the International department has implied the participation in all reforms on international regulations. This includes participating actively in the on-going reform of the EU framework, the modernisation of the Convention 108, the revision of the OECD privacy guidelines and the evolution of the International Conference of Privacy Commissioners.

The International Department ensures that the CNIL is well represented in all international fora dealing with privacy, is aware of international key privacy activities as well as collaborates closely with its global counterparts.


Elisabeth Stafford
Senior Policy Advisor - EU Data Protection
Department for Digital, Culture, Media and Sport


Dale Sunderland
Deputy Commissioner 
Office of the Data Protection Commissioner of Ireland



Helga Þórisdóttir
Data Protection Authority

Helga Þórisdóttir was appointed as Data Protection Commissioner for Iceland in September 2015.

She was appointed as Acting Executive Director of the Icelandic Medicines Agency from 2012 – 2013. Prior to that, she has 20 years of work experience as a lawyer; From 2010 – 2012 and again from 2013 – 2015 she was the Deputy Director of the Icelandic Medicines Agency and from 2008 until 2012, and again from 2013 – 2015 she was also the Head of Legal Affairs at the same agency. She worked with the Ministry of Education from 2005 – 2008 and from 2003 – 2005 she worked for the EFTA Secretaritat in Brussels, dealing with free movement of goods in the EEA Agreement. Before that she spent six years working at the Committee Department of the Icelandic Parliament, Althingi, i.e. from 1997 – 2003, where she provided legal guidance to six of then 12 Standing Committees of the Parliament.

She began her career as deputy for the State´s prosecution Office in Iceland presenting criminal cases before district courts of Reykjavík and Reykjanes. She holds a Canditat juris degree from the University of Iceland, has concluded an AMP program from the IESE Business School in Barcelona and holds a diploma in French.





Stewart Allen
Senior Associate
Claro Partners

Stewart Allen is a consultant with the insight and strategy consultancy Claro Partners. He has worked on numerous projects including social media behaviour, consumer research and most recently the future of urban life and the city.

Previous to this he was a Postdoctoral researcher with the Max Planck Institute in Berlin, Germany. He received his Ph.D in 2013 from the University of Edinburgh in social anthropology.



Kabir Barday
Chief Executive

Kabir is CEO of OneTrust, the leading technology company helping organizations globally operationalize data privacy compliance and Privacy by Design. Prior to OneTrust, Kabir was director of product management at AirWatch, where his work was awarded IAPP's most innovative privacy technology.




Kamini Bharvada
Senior Data Privacy Counsel
Aviva Group and Privacy Eagle Ltd

Kamini provides broad global data protection / GDPR consultancy services to several clients and is currently working as Senior Data Privacy Legal Counsel at the Aviva Group advising on all aspects of GDPR implementation from a practical, operational and legal perspective. Kamini’s other current clients include Genpact (where she advises on "go to market" projects involving provision of GDPR related services) and Reuters (where she writes data privacy related precedents/articles for Practical Law).

Previously Kamini worked for Accenture for 10 years as European Data Privacy Counsel where she was heavily involved in the re-structuring of Accenture’s global Data Privacy Officer network as well as other projects including negotiation of complex contracts, advising on innovative technology programs and carrying out privacy impact assessments on the latest technological products and services utilising internet of things, big data and analytics. Before Accenture, she was at Morgan Stanley and Faegre Baker Daniels.

Kamini holds a European Law degree and IAPP specialised data privacy qualifications (CIPP/E; CIPP/US; CIPM; CIPT) and is a past board member of the IAPP Education Advisory Board.


John Bowman
Senior Principal

John is a Senior Principal in Promontory's privacy and data protection team. John advises clients on all aspects of compliance with data protection laws and regulations. He is a specialist on the European Union’s General Data Protection Regulation (GDPR). Prior to joining Promontory, John worked at the U.K. Ministry of Justice where he was the government’s lead negotiator on the GDPR. This work involved leading the U.K. delegation to the Council of the European Union’s DAPIX expert working group in Brussels, developing the government’s policy position on the GDPR, engaging with a wide range of stakeholders and advocates, and regularly briefing ministers.

John also represented the U.K. at the European Commission's Article 31 Committee, which is responsible for determining the adequacy of non-EU data-protection regimes. He earlier represented the U.K. government in negotiations on reviewing The Hague Conventions on International Child Abduction and led the government’s outreach to domestic Muslim communities on issues related to family law. John also carried out a comprehensive review of the U.K.’s claims management regulatory regime for the Ministry of Justice. John is a regular speaker on data protection matters and has had articles published by Privacy Laws and Business, Bloomberg BNA, IAPP and the European Data Protection Law Review.


David Cole
Managing Director and Founder

David’s 25 years’ experience in marketing includes launching the UK’s first ever newspaper reader panel and an influential period as Head of Database Marketing at The Telegraph Group. He founded fastmap in 2006 and is regularly in demand to speak at events around the world about the importance of consent as marketing issue, as well as a legal requirement.




Peter Fleischer
Global Privacy Counsel

Peter has worked as Google’s Global Privacy Counsel since 2006. Based in Europe, Peter is Google’s longest-serving privacy leader. He counsels Google teams on how to design privacy-sensitive and legally-compliant products. Peter has designed many of Google’s privacy compliance programs. He has met with thousands of privacy officials and leaders worldwide. Peter has managed scores of regulatory actions around the world, and appeared before some of the world’s highest courts.

Prior to joining Google, Peter worked for 10 years at Microsoft, as EMEA privacy leader and Director of Regulatory Compliance.

Peter is a graduate of Harvard College and Harvard Law School. He is an elite swimmer.


Dyann Heward-Mills
Founder and CEO

Dyann Heward-Mills founded HewardMills in March 2018 to provide companies with DPO support. Prior to this, HewardMills, Dyann was a Partner at Baker Mckenzie leading the Data Protection and Cyber Security practice group in London. She advised on a range of information law matters including data breach management, Binding Corporate Rules (BCR), Anti-Money Laundering compliance, data protection audits, cloud computing and regulatory approvals.

Dyann’s career includes Senior Privacy Counsel for GE Capital, providing global support and advice on privacy and data protection matters and at Linklaters, where as the senior privacy and communications lawyer, she had global responsibility for data protection compliance, successfully securing BCR (the first for a law firm).



Xavier Jean
Global Privacy Officer

Xavier Jean is the Global Privacy Officer for GSK. He has responsibility for the design, implementation and continuous improvement of GSK’s data privacy compliance programme globally. He is leading preparations for the introduction of the EU General Data Protection Regulation (GDPR), as well as other initiatives across GSK’s global operations to meet local data privacy requirements.

Xavier Jean has 21 years of international experience in leading risk management and compliance teams in the pharmaceutical industry. Prior to his appointment as Global Privacy Officer in January 2017, Xavier Jean held several senior compliance roles including Ethics & Compliance Officer for GSK’s support functions, and Vice President of IT Risk and Compliance.

By training a biochemist, he is passionate advocate of data privacy.


Philippe Jeanmart
Technical, Quality and Risk Senior Vice President (and co-author of the technical standard)
Bureau Veritas



Anna Johnston
Salinger Privacy

Anna Johnston is one of Australia’s most respected experts in privacy law and practice. 

After serving as Deputy Privacy Commissioner for NSW, Anna founded Salinger Privacy in 2004 to offer specialist privacy training and consulting services.  Salinger Privacy provides pragmatic advice on managing privacy risks to our clients, including businesses and government agencies engaged in data linkage and data analytics projects.  Salinger Privacy also offers a range of publications including the free Privacy Officer’s Handbook, template policies and procedures, checklists and eBooks.  In everything we do, we aim to demystify privacy law, and offer pragmatic solutions – to help our clients ensure their regulatory compliance, and maintain the trust of their customers.

Anna’s pro bono roles have included serving as Chair of the Australian Privacy Foundation, an advisor to the Australian Law Reform Commission, a Board Member of iappANZ, and various editorial roles for privacy journals.  She is currently an Advisory Board Member for the EU’s STAR project, to develop training on behalf of European Data Protection Authorities.

Anna writes the influential Salinger Privacy blog, and tweets at @SalingerPrivacy.

Anna holds a first class honours degree in Law, a Masters of Public Policy with honours, a Graduate Certificate in Management, a Graduate Diploma of Legal Practice, and a Bachelor of Arts.  She was admitted as a Solicitor of the Supreme Court of NSW in 1996.  However since she no longer practices as a solicitor, she won’t mind your lawyer jokes at all.


James Leaton Gray
Deloitte and The Privacy Practice


Diana Lopez
Country Privacy Advisor, UK/Ireland


Richard Merrygold
Director of Group Data Protection

An experienced Data Protection practitioner, Richard has spent the last 9 years working across healthcare, pharmaceutical, technology and financial service sectors. A firm believer in engaging on an operational level in addition to key stakeholders in Compliance and Legal he takes pride in building sustainable privacy frameworks, providing real world, workable solutions to a wide range of privacy related challenges.

Richard is currently responsible for privacy compliance across the UK and European businesses covering operations in the UK, France, Italy and Spain, focussing on developing and implementing a group wide privacy framework in preparation for the General Data Protection Regulation.


Jade Nester
Senior Policy Manager

Jade Nester is a Senior Policy Manager at the GSMA, a trade association representing the interests of mobile network operators worldwide. Previously, she was at Promontory, where she advised clients on compliance with privacy and data protection laws and regulations.

Between 2006 and 2014, Jade held a number of roles within the U.S. government, including Senior Advisor for Internet Policy at the National Telecommunications and Information Administration (NTIA) within the Commerce Department and Director, Internet Policy at the State Department.

During the Obama Administration, Jade co-chaired a White House National Science and Technology Council working group responsible for U.S. policy on commercial cross-border privacy issues, including U.S. views on the GDPR. She also participated in the U.S.-EU Safe Harbor Consultation. In 2010, Jade served as the head of the U.S. delegation to the OECD Working Party on Information Security and Privacy.

In addition to global privacy frameworks, Jade has deep knowledge of issues related to Internet intermediary liability, copyright, cybersecurity, and Internet governance. She holds the CIPP/E/G and CIPM certifications, and is a Certified Information Systems Security Professional (CISSP).


Thomas Otter
Global Vice President Product Management


Ellis Parry
Global Privacy Lead

Ellis Parry started his career as a solicitor in private practice, after gaining his MBA, before joining AstraZeneca pharmaceuticals in 2001 as a specialist IT lawyer. Parry became AstraZeneca's Global Privacy Officer in 2005, leaving to join BP as its Global Lead for Data Privacy in 2010.

At BP Parry is responsible for designing BP's global data privacy governance strategy, including GDPR change activities and the maintenance of BP's Binding Corporate Rules. Parry is a contributing author to Sweet & Maxwell’s “Data Protection Law and Practice” 4th ed and the 2017 companion “Guide to the General Data Protection Regulation” 1st ed. 


Andrea Reiner
Senior Counsel
Arm Limited

Andrea Reiner is Senior Counsel at Arm Limited. She advises on the data protection for Arm’s IOT group, which is building cloud-based device management service for creating and deploying low-power, connected and secure IoT devices at scale.

Andrea originally qualified in New York and Massachusetts, and is also a Solicitor in England and Wales. Andrea has a longstanding interest in privacy issues and does her best to keep up with developments in the US and UK.


Bruno Silveira
Group Head of Compliance
Kingfisher plc

Bruno Silveira is the Group Head of Compliance for Kingfisher plc, an FTSE100 home improvement company operating 1,200 stores in 10 countries in Europe. In his role, Bruno leads the design and implementation of the Group`s Compliance Programme, including anticorruption and data protection, across Europe (UK & Ireland, France, Russia, Poland, Romania, Germany, Spain, Portugal, Turkey) and Asia (China, Hong Kong, Vietnam).

His experience in leadership and hands-on positions with global companies such as BG Group, Embraer and GE includes a wide variety of complex matters, such as ethics and compliance, investigations, data privacy and technology.


Myria Solorzano
Senior Associate
Claro Partners

Myria is a strategic designer with a background in information design. Her educational and professional experience has shown her the value of visual representation of complex systems as a tool to understand and generate solutions.

She leads the development and delivery of the Global Service Jam in Barcelona. At Claro, she helps clients from different industries improve their design thinking capabilities.



Caroline Tahon
Senior Director, Legal Project Manager
SAP SuccessFactors

Caroline's perpetual quest is how to link legal and technology together for the greater good of both.  After copyright, patents, mergers and acquisitions, she now helps organizations unravel the complex world of data protection and privacy regulations. She hopes she brings some sense of humour to boring presentations and high stake meetings.

Graduated from Paris XI, Madrid- Complutense, thanks to EU -Erasmus, and a LLM from Santa Clara University (US). 



David Trower
Executive Director Global Privacy

David Trower joined the international clinical research organisation, PPD, as Executive Director Global Privacy in March 2010. Based in their Cambridge UK office, he is responsible for coordinating compliance with applicable data privacy legislation across all of the company’s global operations, monitoring developments in national and international law, and managing relationships with clients, regulatory authorities and professional bodies.

Previous to working at PPD, David held the position of Chief Privacy Officer EMEA for IMS Health, and prior to this a similar role at the internet service provider UUNET.

He is actively involved in professional networks in the privacy field and takes an interest in public policy in healthcare data protection.

David moved into private sector compliance from the United Kingdom ‘Office of the Data Protection Commissioner’ (now ‘Information Commissioner’), where he held the position of Strategic Policy Manager. In this role, David worked directly for the Deputy Commissioner on international data protection issues. He was responsible for liaison with other European data protection supervisory authorities and played an active role in sub-committees of both the Article 29 Working Party and the European Conference of Data Protection Commissioners. David also worked on UK policy issues arising from the development of the Internet and new technologies. He started work at the UK Office working within financial services compliance.

David’s worked as a lecturer in government and political science in Manchester in his early career. He holds a professional post-graduate teaching qualification from Manchester Metropolitan University, an MA(Econ) in European Politics from the University of Manchester, and BA(Hons) in Politics from the University of Nottingham. His Masters Degree involved research into the impact on industrial relations of the creation of the European Single Market.




Nick Tyler
Senior Director and Global Lead, Data Privacy
Takeda Pharmaceuticals International AG

Nick has worked for Takeda, a global pharmaceutical company, since January 2013, based at the company’s European HQ in Zurich. Nick is Takeda’s GDPR Project Lead. Nick also leads a global ‘Virtual Practice Group ‘ of lawyers established to advise and support the business on all aspects of data privacy law and compliance.

Nick has significant experience dealing with data protection and privacy issues in the life sciences industry having also worked for AstraZeneca, as Global Privacy Counsel, as well as advising industry clients in private practice at the London office of international law firm Reed Smith LLP. Nick is a member of EFPIA’s Data Protection Working Group as well as being a Board member of the International Pharmaceutical Privacy Consortium (IPPC) on behalf of Takeda.

Previously, Nick worked for many years at the Information Commissioner’s Office (ICO), the UK’s data privacy regulator, where he was the Commissioner’s Legal Adviser heading up the ICO’s in-house Legal Team.

Helena Verhagen
Privacy Valley



Steve Wright
Data Protection & Information Security Officer
John Lewis Partnership

Steve joined The John Lewis Partnership in April 2016 and is responsible for both the Information Security and Data Privacy, both of these enable the John Lewis Partnership to protect the personal data of our customers and partners, to be compliant with data protection laws and regulations, and to provide trust and transparency - resulting in greater brand experiences across our digital, mobile and ecommerce channels.

Steve is passionate about big data and all things digital. With more than 20 years’ experience, designing, developing, managing and delivering transformational data, governance, privacy and security programmes, Steve’s vast experience as a pragmatic and charismatic leader, ideally places him as a ‘trusted advisor’ at board level on all privacy and security related matters. Steve is also a published author, a non-executive director and is regularly invited to speak at industry events, trade associations and thought leadership working groups, working towards continually finding new ways to increase trust and transparency in respect of consumer services, business functions and product vendors.

Steve strongly believes that governance, cyber security and privacy are all inextricably linked as they share common objectives and principles, and therefore, require satisfactory safeguards and assurances. From a business perspective, this can be achieved by building ‘data trust and assurance’ programmes based on the fundamental principles of transparency, accountability, protection, integrity, confidentially and availability, accompanied by clear policies and delivered through comprehensive training, integrated procedures and a robust compliance regime.

Having once served as a CISO, and held senior roles at, Unilever, Deloitte, PwC, Siemens and Capita, Steve has a full appreciation of what is required to get the job done in a cost effective, pragmatic and timely fashion with a natural ability to lead from the front, to coach others and to take responsibility consistently, courageously and with integrity.


Law Firms


Peter Church

Peter’s practice encompasses a wide range of areas in which technology interfaces with the law including data privacy, ecommerce regulation and technology contracts. He has spent time on secondment at a number of global technology and communications companies.

He is editor of Data Protected, a review of data protection laws across 52 jurisdictions around the world.


Gail Crawford
Latham & Watkins

Gail Crawford is a partner in the London office and Chair of the Data Privacy Committee and Co-chair of the Technology Transactions Group and the Internet and Digital Media Industry Group. Her practice focuses primarily on technology, intellectual property and commercial law and includes technology and Intellectual Property licensing agreements, joint ventures, technology procurement, outsourcing and advising on data protection, e-commerce and consumer protection legislation.

Ms. Crawford is an editor of the Latham & Watkins Global Privacy & Security Compliance Law Blog (www.globalprivacyblog.com) and has contributed to a number of publications and conferences in the area of data privacy and security.

Ms. Crawford has previously spent time working in-house on secondment to Diageo where she created the information technology and outsourcing legal function and was the legal lead on the project to transform and outsource Diageo’s finance and accounting processes on the back of the company’s SAP roll-out in more than 45 countries. She has also worked on secondment with the information technology and operations function of the Lloyds Banking Group.

Ms. Crawford is ranked as a notable practitioner for Information Technology and Data Protection by Chambers UK 2015. She is also recommended for Data Protection by The Legal 500 UK 2014 and is listed in the "Up and Coming" category for Intellectual Property by Chambers UK 2012. 



Maria Holmström Mellberg                  
Founder and Legal Advisor
Mellberg Advisory

Maria Holmström Mellberg founded Mellberg Advisory in April 2018. Previously she worked at Nordea Group. Since 2015, she was in charge of the Group-wide project to implement the upcoming General Data Protection Regulation (GDPR) including the enhancement of Nordea Group’s overall privacy approach.

Before that Maria was Nordea’s Group Regulatory Coordinator for the regulatory compliance and operational risk areas and before that held various positions in Compliance and Operational Risk Mgmt. She has broad financial industry business experience. She holds an LL.M. from Uppsala university.

Maria is active in public and regulatory affairs related work around digital, data and cyber and represents Nordea in external national and European bodies. She is an active Board member of the Swedish Data Protection Forum, an external speaker and trainer at the DP Academy.

Lars Kjolbye
Latham & Watkins



Georgina Kon

Georgie regularly advises household names in a wide range of sectors on all aspects of information governance and privacy.

She is a key member of Linklaters’ Global Data Protection Working Group and has advised extensively on recent developments, including GDPR and Brexit.




Leena Kuusniemi
Senior Legal Counsel

Leena Kuusniemi is an experienced Legal Adviser for technology companies.

Before founding Leegal Oy in Finland, she has worked in legal departments of Rovio Entertainment (Senior Legal Counsel in Finland HQ) and Nokia Corporation (Director Legal&IP in Finland HQ, Vancouver, Copenhagen) supporting strategic technology licensing, mobile advertising and global regulatory and privacy matters.

Leena is a member of several industry working groups including online industry GDPR task-force that she co-founded with Rovio CTO, and Unicef working group (Children’s rights in online services).
In addition, she is a member of Helsinki University Legal Tech Lab advisory board, Finnish IT Law Association and IAPP. She is Special Adviser for Digital and Technology unit for Fipra Network (Brussels) and has also participated in several EU Commission working groups related to technology industry initiatives.

Leena has lectured widely in conferences and training programmes such as Finnish Internet Forum, IIC, Nordic Privacy Arena, IAPP, Nordic Game Conference and she is a permanent lecturer in Data Protection Officer certification programs organised by University of Maastricht’s European Centre on Privacy and Cybersecurity.

Leena has a legal qualification degree from University of Helsinki and LL.M. (Law and Information Technology) from University of Stockholm.


Paul Lavery
McCann FitzGerald

Paul is a partner and the head of the Technology & Innovation Group in McCann FitzGerald and advises on a wide range of data protection, data security,  information technology, outsourcing and confidentiality issues.  He writes and lectures widely on these and other topics.

Paul is the author of Commercial Secrets: The Action for Breach of Confidence in Ireland.  The book has been quoted with approval in judgments of the Irish High Court and Supreme Court. 

Paul has provided specialist advice in the complex and evolving area of privacy and data protection law for over 21 years and is considered an expert in the field in Ireland.  He advises clients on all aspects of data privacy compliance, including appropriate notices and policies, records of processing activities, the legal basis for processing, access requests, marketing obligations, international data transfers and appropriate processing exemptions.  He has also been involved in a number of “market firsts” in Ireland including the first case in Ireland on the meaning of personal data, the first case in Ireland on processing causing distress and the first set of Binding Corporate Rules to be approved with the Irish Data Protection Commissioner as lead regulator.

Paul is also advising a number of clients on their preparation for and on-going compliance with the General Data Protection Regulation and the Irish Data Protection Act 2018

Paul’s clients in the area of privacy and data protection include public and private sector bodies including government departments, state agencies, semi-state companies, leading IT companies, telecommunication service providers, financial institutions, professional bodies, pharmaceutical and insurance companies.


Peter F. McLaughlin
Burns & Levinson LLP

After having been Assistant GC (Privacy & Security) and the global privacy officer for a multinational as far back as 2005, Peter McLaughlin advises clients with respect to a broad range of technology transactions, privacy and security issues. These predominantly touch: 1) the domestic and international handling of personal data; 2) the development and assessment of legally defensible cybersecurity programs, and post-incident responses with management of forensic teams; and 3) innovative uses of information and technology, such as digital health and life sciences, wearables, electronic marketing, Internet of Things, cloud services, autonomous vehicles, facial recognition, and analytics. He represents clients across industry sectors with respect to rules governing personal information; responding to regulators from the Federal Trade Commission, the U.S. Department of Health and Human Services and state attorneys general; and supporting post-enforcement compliance obligations.

Mr. McLaughlin is a graduate of Columbia University, Georgetown University Law, and is a frequent contributor and speaker.



Giles Pratt
Freshfields Bruckhaus Deringer

Giles is a partner in Freshfields’ IP/IT group. He specialises in IP and data privacy laws and leads Freshfields’ London data practice, advising on the full range of legal issues relating to data, including IP protection, data privacy and cybersecurity matters, particularly in the context of deals, crises, investigations and new data uses and analytics.

Giles co-heads, and is a regular contributor to, the Freshfields Digital initiative, and regularly advises on data issues in the context of new technologies, such as connected cars, IIoT and new data analytics tools.

Giles is ranked in Chambers ("He is commercially astute, has an excellent knowledge of the law and very good judgement", "Clients appreciate the clarity, intellectual rigour and enthusiastic work ethic he brings to his instructions"), Legal 500 ("responsive and commercially astute"), in the Managing IP Handbook (“In terms of leading individuals…[one client] described...Giles Pratt as ‘very responsive’, adding: ‘He’s always thinking of all the angles rather than just the black letter of the law’”).


David Smith
Special Advisor
Allen & Overy


Rob Sumroy
Slaughter and May

Rob is a partner in the IP/Technology group and co-heads the firm’s Data Protection and Privacy hub.  He advises clients on all things ‘data’, including Big Data, digital initiatives, cyber security, data breaches, direct marketing, the Internet of Things, m-commerce and e-commerce, emerging technologies (such as Artificial Intelligence) and the cloud.  He regularly assists clients with the technology, data and IP input to their emerging digital strategies.

Rob is currently advising clients on their preparation for the General Data Protection Regulation.  He is a Co-Contributing Editor of The International Comparative Legal Guide to: Fintech 2017, a practical cross-border insight into Fintech law across 34 jurisdictions.  He is ranked Band 1 by Chamber UK 2017 for both Information Technology and Outsourcing.


Eduardo Ustaran
Hogan Lovells

As co-director of the global Privacy and Cybersecurity practice of Hogan Lovells, Eduardo Ustaran is internationally recognised in privacy and data protection law. He is a dually qualified English Solicitor and Spanish Abogado based in London. Eduardo is also the author of The Future of Privacy (DataGuidance, 2013), a ground-breaking book where he anticipates the key elements that organisations and privacy professionals will need to tackle to comply with the regulatory framework of the future. Eduardo advises some of the world's leading companies on the adoption of global privacy strategies and is closely involved in the development of the new EU data protection framework. He has been named by Revolution magazine as one of the 40 most influential people in the growth of the digital sector in the UK, and is ranked as a leading privacy and internet lawyer by prestigious international directories.

Eduardo is a former member of the Board of Directors of the IAPP, co-founder and editor of Data Protection Law & Policy, and a member of the panel of experts of Data Guidance. Eduardo is executive editor of European Privacy: Law and Practice for Data Protection Professionals (IAPP, 2011), and co-author of Beyond Data Protection (Springer, 2013), E-Privacy and Online Data Protection (Tottel Publishing, 2007), and of the Law Society’s Data Protection Handbook (2004). Eduardo has lectured at the University of Cambridge on data protection as part of its Masters of Bioscience Enterprise, and regularly speaks at international conferences. 



Academics and Foundations



Colin Bennett
Professor, Department of Political Science
University of Victoria

Colin Bennett received his Bachelor's and Master's degrees from the University of Wales, and his Ph.D from the University of Illinois at Urbana-Champaign.  Since 1986 he has taught in the Department of Political Science at the University of Victoria, where he is now Professor.  He has enjoyed Visiting Professorships at Harvard’s Kennedy School of Government, the Center for the Study of Law and Society at University of California, Berkeley, the School of Law, University of New South Wales, the Law, Science, Technology and Society Centre at the Vrije Universiteit in Brussels and at the University of Toronto.

His research has focused on the comparative analysis of surveillance technologies and privacy protection policies at the domestic and international levels. In addition to numerous scholarly and newspaper articles, he has written or edited seven books, including The Governance of Privacy (MIT Press, 2006, with Charles Raab) and The Privacy Advocates:  Resisting the Spread of Surveillance (MIT Press, 2008), and policy reports on privacy protection for Canadian and international agencies. He was co-investigator of a large Major Collaborative Research Initiative grant entitled “The New Transparency:  Surveillance and Social Sorting” which culminated in the report:  Transparent Lives:  Surveillance in Canada.   Through a new SSHRC Partnership Grant on “Big Data Surveillance”, he is currently researching the capture and use of personal data by political parties in Western democracies.


Oliver Butler
Fellow by Special Election in Law
Wadham College, University of Oxford

Oliver Butler is a Fellow of Wadham College, Oxford, and an Associate Research Fellow at the Bonavero Institute of Human Rights at the University of Oxford. His research interests are in information law, particularly privacy, data protection and confidentiality. His current research considers whether there are convincing justifications for regulating public authorities differently from private actors in relation to the regulation of information. He is finalising a PhD thesis on the history of the public-private divide in UK information law and his teaching interests are in constitutional and administrative law.

Oliver previously worked as a research assistant at the Law Commission on the Data Sharing Between Public Bodies Project and completed his BA in law at Emmanuel College, Cambridge, BCL at Lincoln College, Oxford and LLM at Harvard Law School.


Graham Greenleaf
Professor of Law & Information Systems
University of New South Wales

Professor Graham Greenleaf AM is Asia-Pacific Editor of PL&B’s International Report (since 2007), a regular contributor to it, and a speaker at PL&B's International Conference in Cambridge in 1991, 2005, 2007, 2011 and 2015. He has provided periodic full day or half day Seminars for PPL&B on Asian Data Privacy Laws since 2007.

Graham is a research Professor of Law & Information Systems at UNSW Australia. He is Senior Researcher  and Founding Co-Director of the Australasian Legal information Institute (AustLII).  In 2010 he was made a Member of the Order of Australia (AM) for his contributions to both free access to legal information and privacy protection.  Since the 1970s his involvement in privacy policy and research has involved Australian DPAs (as an official and as consultant), the Australian Privacy Foundation (as a co-founder and Board Member 1987-2017), the Asian Privacy Scholars Network (as founder, 2010) and Privacy Law & Policy Reporter (founder and editor 1994-2006). He has provided consultancy advice to the European Commission on data privacy laws in seven countries in the Asia-Pacific. His most recent book is Asian Data Privacy Laws: Trade and Human Rights Perspectives (OUP, 2014).


Christopher Millard
Professor of Privacy and Information Law
Queen Mary, University of London

Christopher Millard is Professor of Privacy and Information Law and head of the Cloud Legal Project in the Centre for Commercial Law Studies, Queen Mary University of London. He is also a Research Associate at the Oxford Internet Institute and is Of Counsel to the law firm Bristows. He has over 30 years experience in technology law, both in academia and legal practice.

His first book, Legal Protection of Computer Programs and Data (Sweet & Maxwell, 1985), was one of the earliest international comparative law works in the field and he has since published widely on legal and regulatory issues relating to information technology, communications, privacy, e-commerce, and Internet law. Since 2008 his main research focus has been cloud computing. He is co-author of Cloud Computing Law (Oxford University Press, 2013) and is a founding editor of the International Journal of Law and IT and of International Data Privacy Law.

Christopher is a Fellow and former Chairman of the Society for Computers & Law, a Fellow of the Royal Society of Arts, a past-President of the International Federation of Computer Law Associations, and a past-Chair of the Technology Law Committee of the International Bar Association. He was a member of the OECD’s Steering Group on Contractual Solutions for Transborder Data Flows (2000-01) and since 2002 he has been a member of the International Chamber of Commerce’s Task Force on Privacy and Personal Data Protection.

Before he joined Bristows in 2008, Christopher was head of the global privacy practice at Linklaters and prior to that he was a partner at Clifford Chance. He has twice been designated Internet and eCommerce Lawyer of the Year by the International Who's Who of Business Lawyers.


Andelka Phillips
Ussher Assistant Professor in Information Technology Law
Trinity College Dublin, The University of Dublin

Dr Andelka M. Phillips is the Ussher Assistant Professor in Information Technology Law in the Law School at Trinity College Dublin, where she is also the convenor of Technology, Law and Society Research Group. She is also a Research Associate with the University of Oxford’s Centre for Health, Law and Emerging Technologies (HeLEX) Centre.

Her recent research has focussed on the regulation of direct-to-consumer genetic tests and she is currently working on a book, entitled Buying Your Self on the Internet: Wrap Contracts and Personal Genomics to be published by Edinburgh University Press as part of its Future Law series. She is also co-editing with Professor Jonathan Herring and Dr Thana Campos Philosophical Foundations of Medical Law, which will be published as part of Oxford University Press' Philosophical Foundations of Law series.

Her research interests lie in the areas of Information Technology Law and Medical and Health Law. She is engaged in research on wide range of topics, but she is particularly interested in the societal impact of new and emerging technologies, as well as governance of future spaces, such as developments in Artificial Intelligence and Internet of Things (especially wearable technology).


Jatinder Singh
EPSRC Research Fellow
Computer Laboratory, University of Cambridge


Privacy Laws & Business


Stewart Dresner
Chief Executive
Privacy Laws & Business

Stewart Dresner graduated from the University of Lancaster in politics and marketing in 1973. He has written and researched extensively on data protection/privacy and freedom of information since 1975, when he initiated a research project on this subject at the UK Consumers Association. His research in the USA and Canada in 1976 enabled him to prepare a submission to the UK government-sponsored Lindop Committee, and write Open Government: Lessons from America, published in 1980.

He then joined Business International as a business journalist where he wrote on privacy laws for its publications and organised conferences in Austria, Belgium, Portugal, Spain, Sweden, and the UK. The company became a subsidiary of The Economist and he wrote its report on the first prosecution under the UK’s Data Protection Act 1984.

When The Economist rejected Stewart’s proposal for an international data protection law newsletter, he established Privacy Laws & Business in 1987. Its first service was the Privacy Laws & Business International Newsletter which has now developed to become the hub of a comprehensive global information service reporting on over 100 countries with data protection legislation and proposed legislation. Privacy Laws & Business services include consulting, conferences, training, recruitment, the Privacy Laws & Business UK Report (which also covers the Freedom of Information Act), advice to companies and policy makers, and the Privacy Officers Network.

Privacy Laws & Business has clients in over 2000 clients in 53 countries including:

Clients include 70% of the Global and UK top ten in the Financial Times lists.

Law firm clients include 100% of the top ten global firms (source: Law360), 75% of the top twenty UK firms (source: Wikipedia), and 70% of the top ten US firms (source: Internet Legal Research Group).

Stewart was a founder and first Chairman of the UK's Data Protection Forum. He has spoken on data protection/privacy law at conferences in Australia, Belgium, Canada, Finland, Germany, France, Hungary, Ireland, Israel, the Netherlands, Portugal, Poland, Spain, Switzerland, the UK and the USA and to groups, such as the International Association of Privacy Professionals, the Institute of Chartered Accountants, The Records Management Society, the Information Systems Audit and Control Association, and the International Pension and Employee Benefits Lawyers Association.

The Privacy Laws & Business website, www.privacylaws.com provides details of the firm’s services and links to privacy information worldwide.


Laura Linkomies
Editor, Privacy Laws & Business Reports

Laura Linkomies is Editor of Privacy Laws & Business International and UK Reports, and PL&B enews service. Laura oversees the whole editorial process from researching, commissioning and managing freelancers to writing about a wide range of legislative and management issues within privacy, data protection and freedom of information. She also assists in conference planning and public relations, and provides secretariat services for the PL&B European Privacy Officers’ Network.

Laura first joined Privacy Laws & Business as Associate Editor for the International Report in 1997 and launched the UK Report in 2000. Before joining Privacy Laws & Business, she worked at the UK Information Commissioner's Office as a European Secretariat Officer facilitating co-operation with European Union national Data Protection Commissioners. Laura has also worked as freelance business content writer for Sweet & Maxwell, and written for several publications in Finland.

Laura holds a Masters degree in Political Science and Journalism from University of Tampere, Finland, and Advanced Certificate in Marketing from the Chartered Institute of Marketing. She is fluent in English and Finnish, and has a working knowledge of Swedish, Italian and German.


Graham Greenleaf
Asia-Pacific Editor, Privacy Laws & Business Reports

Professor Graham Greenleaf AM is Asia-Pacific Editor of PL&B’s International Report (since 2007), a regular contributor to it, and a speaker at PL&B's International Conference in Cambridge in 1991, 2005, 2007, 2011 and 2015. He has provided periodic full day or half day Seminars for PPL&B on Asian Data Privacy Laws since 2007.

Graham is a research Professor of Law & Information Systems at UNSW Australia. He is Senior Researcher  and Founding Co-Director of the Australasian Legal information Institute (AustLII).  In 2010 he was made a Member of the Order of Australia (AM) for his contributions to both free access to legal information and privacy protection.  Since the 1970s his involvement in privacy policy and research has involved Australian DPAs (as an official and as consultant), the Australian Privacy Foundation (as a co-founder and Board Member 1987-2017), the Asian Privacy Scholars Network (as founder, 2010) and Privacy Law & Policy Reporter (founder and editor 1994-2006). He has provided consultancy advice to the European Commission on data privacy laws in seven countries in the Asia-Pacific. His most recent book is Asian Data Privacy Laws: Trade and Human Rights Perspectives (OUP, 2014).


Tom Cooper
Deputy Editor, Privacy Laws & Business Reports

Tom Cooper began working for PL&B in 2010 as a sub editor. He produces the print and online versions of our PL&B UK and PL&B International reports using desk top publishing software. His role also involves close checking of stories and ensuring a consistent style across publications. He writes for PL&B Reports and undertakes administrative tasks as needed.

Tom trained as a journalist in Australia. He has worked for a number of local newspapers, and was editor of UK hockey magazine Push from 2008 to 2014.  He has had spells as an editor at the Commonwealth Parliamentary Association and for an online wire service covering European Union business news.



Valerie Taylor
Privacy Laws & Busniess

Valerie qualified as a solicitor in 1994 with Clifford Chance, the London based international law firm, and throughout her legal career has specialised in data protection as well as IT and intellectual property law.

After leaving Clifford Chance, Valerie worked for several years in the in-house legal team at Royal Mail Group plc where she was the principal data protection adviser.
Valerie has been working with Privacy Laws & Business since 2002. She gives advice to large and small businesses in the public and private sector on all aspects of data protection and related legislation, including DP strategy, project management, policies and procedures, training and awareness and compliance monitoring.

She regularly carries out data protection health checks for organisations and advises them on a risk-based approach to compliance. She runs Data Protection training workshops for Privacy Laws & Business, as well as in-house training sessions for clients, and is a Legal Correspondent for the Privacy Laws & Business Reports.