Tim Hickman

Partner, London


“Tim Hickman, singled out for his ‘unparalleled knowledge of the sector’ ... is recommended for his GDPR compliance expertise.” (Legal 500, UK Data Protection, 2024)

“Tim Hickman is excellent and knows the law inside out.” (Legal 500, UK Data Protection, 2023)

“Tim Hickman is especially highlighted for his understanding of GDPR compliance. He regularly offers data protection advice to widely recognised global companies. He has a deep knowledge of the relevant regulation and a strong grasp of how to apply the law in the business context.” (Chambers, UK Data Protection, 2022)


Tim is head of the Firm's Data, Privacy & Cybersecurity practice, and advises on all aspects of data protection law and artificial intelligence (AI) regulation. Tim has a detailed knowledge of the General Data Protection Regulation (GDPR) and the UK GDPR, and co-authored White & Case's GDPR Handbook, which provides in-depth guidance on the impact of that legislation, and White & Case's GDPR National Implementation Guide, which analyses national GDPR implementing laws in all 30 EEA jurisdictions and the UK. Tim is a Contributing Editor of the International Comparative Legal Guide to Data Protection. He is also closely familiar with the EU AI Act and the UK AI White Paper.

Clients appreciate Tim's ability to find pragmatic and commercial solutions to complex multi-jurisdictional data protection questions.

Tim has significant experience of working with a wide range of clients in the UK, the EU, Asia and the US. He has spent time on secondment at Google, advising on cutting-edge privacy and data protection issues. He has also spoken at several events at Harvard Law School, and the University of Cambridge.

Bars and Courts
England and Wales
Nottingham Law School
University of Nottingham


Advised Meta (formerly Facebook) on pre-litigation and litigation matters involving privacy and data protection in the UK and the EU.

Two secondments to Google, advising on privacy and data protection matters.

Advised Nestlé on data protection compliance matters globally, including in relation to the GDPR.

Advised Boeing on various UK and EU data protection maters.

Advised Deutsche Bank AG (London Branch) on the negotiation of data protection clauses in a range of commercial agreements.

Advised fashion brands Oasis and Warehouse on GDPR compliance strategies and approaches to electronic direct marketing.

Advised MSI on global data protection issues.

Advised AGCO on EU data protection and electronic direct marketing compliance strategies.

Advised Centerbridge Partners on privacy and data protection matters.

Advised several clients on the successful implementation of Binding Corporate Rules for international data transfers.

Advised LINE Corporation on international data protection issues, including in the context of online instant messaging.

Represented several clients in compliance investigations by the Information Commissioner's Office.

Speaking Engagements

Delivered the closing remarks at the Harvard European Law Association's Spring Conference 2019

GDPR: One Year On – BrightTALK, Tel Aviv, June 2019

GDPR: One Year On – BrightTALK, London, May 2019

Harvard Law School – "Why should US businesses care about EU data protection law?", February 2018

ETSI Summit 2018 - Data Protection and Privacy in a Data-Driven Economy: Session Chair, "Link the Dots"; Session Chair, "The Data Eldorado"; Panel Moderator, "How markets see it"

Conference on European Railways – GDPR Overview, Prague, June 2017

Association of Executive Search Consultants – European Conference, November 10, 2016: Zurich

The Law Society – Data Protection Seminar, September 28, 2016

British Chamber of Commerce – Safe Harbor and the General Data Protection Regulation, March 9, 2016

PDP Annual Data Protection Compliance Conference, 2013 and 2014


Data breaches could force advisers out of business, Data breaches could force advisers out of business, FT Adviser, November 2018

Draft Data Retention and Acquisition Regulations 2018—background and key points, LexisNexis, July 2018 (subscription required)

Joint controllers under the GDPR—implications for transactional lawyers, LexisNexis, 20 June 2018 (subscription required)

Expect new data service models to emerge, The Lawyer, June 2018 (subscription required)

Everything your business should know about the impending GDPR, Information Age, January 2018

Seeking consent under the General Data Protection Regulation, LexisNexis PSL TMT analysis, September 2017

GDPR Handbook: Unlocking the EU General Data Protection Regulation, White & Case LLP, September 2017

EU regulators welcome stricter rules on cookies and direct marketing, White & Case LLP, May 2017

Privacy Shield: Recent Developments, White & Case LLP, April 2017

Fintech: Key issues for operating fintech businesses, PLC Magazine, April 2017

IP addresses and personal data: Did CJEU ask the right questions?, Privacy Laws & Business International Report, February 2017

What businesses need to know about data protection law following landmark EU legislation, Global Banking & Finance Review, May 2016

IP addresses may be subject to EU data protection laws, White & Case LLP, May 2016

New restrictions on disclosures of personal data to non-EU courts will not apply in the UK, Privacy Laws & Business, March 2016

Rights of Data Subjects under the GDPR, Computers & Law Magazine, January 2016

Data transfers after Schrems: discord in the EU, SC Magazine, January 2016

Awards and Recognition

"Tim Hickman is excellent and knows the law inside out." (Legal 500, UK Data Protection, 2023)

"Tim Hickman knows everything about data privacy". (Legal 500, UK Data Protection, Privacy and Cybersecurity, 2022)

2022 Legal500, Next Generation Partner, Data Protection, Privacy and Cybersecurity

2018 Global Data Review 40 Under 40

2017 Law360 Rising Star, Cybersecurity & Privacy

Winner, Lincoln's Inn Inter-Varsity Moot (2005) (judged by Lord Walker)