T +44 20 7532 2517
Tim advises on all aspects of UK and EU privacy and data protection law, from general compliance issues (such as implementing privacy policies and consent forms) to more specialized issues (such as managing data breaches, structuring cross-border data transfers, and complying with the 'right to be forgotten'). Tim has a detailed knowledge of the EU's General Data Protection Regulation, and co-authored White & Case's Handbook on that legislation (whitecase.com/eu-gdpr-handbook).
Clients appreciate Tim's ability to find pragmatic and commercial solutions to complex (and frequently multi-jurisdictional) data protection compliance questions.
Tim has significant experience of working with a wide range of clients in the EU, the US and Asia. He has also spent time on secondment at Google, advising on cutting-edge privacy and data protection issues.
Advised the world's largest food company on data protection compliance across the EU, including development of a detailed data protection compliance questionnaire for local entities, roll-out of compliant and user-friendly data protection policies, and advice on cross-border data transfers.
Advised numerous clients on the likely impact of the proposed EU General Data Protection Regulation (including the new fines of up to the greater of €20 million, or 4% of worldwide turnover).
Advised an online tax and accounting software maker on data protection compliance issues, including data localization requirements, cloud-based data hosting and data analytics.
Advised a major US corporation in connection with an investigation by multiple EU Data Protection Authorities into the collection and further processing of personal data.
Provided data protection guidance and advice to a leading manufacturer of 'internet of things' devices, regarding the lawful processing of personal data, and the risks associated with profiling and monitoring individuals.
Advised a global financial institution on how to navigate the requirements of EU data protection law, in the context of demands for disclosure of data by US financial regulators.
Provided guidance on the impact of significant recent data protection cases, including the CJEU decisions in Costeja v Google Spain, Weltimmo v Nemzeti, and Schrems v Facebook.
Represented a large UK company in an investigation by the Information Commissioner's Office.
Advised a US electronics manufacturer on the compliance requirements arising in relation to employee monitoring, network scanning, and the use of CCTV, in a range of European jurisdictions.
Negotiated a biometric visa services agreement on behalf of the Ministry of Foreign Affairs of the Kingdom of Saudi Arabia.
Association of Executive Search Consultants – European Conference, November 10, 2016:
The Law Society – Data Protection Seminar, September 28, 2016
British Chamber of Commerce – Safe Harbor and the General Data Protection Regulation, March 9, 2016
PDP Annual Data Protection Compliance Conference, 2013 and 2014
What businesses need to know about data protection law following landmark EU legislation, Global Banking & Finance Review, May 2016
New restrictions on disclosures of personal data to non-EU courts will not apply in the UK, Privacy Laws & Business, March 2016
The Challenges of Cloud Computing Agreements: Evaluation Strategies, Bloomberg BNA, 2014
Getting the Deal Through – Data Protection & Privacy – United Kingdom, 2014
2017 Law360 Rising Star, Cybersecurity & Privacy
Winner, Lincoln's Inn Inter-Varsity Moot (2005) (judged by Lord Walker)