Tim Hickman | White & Case LLP International Law Firm, Global Law Practice

Tim Hickman

Partner, London

T +44 20 7532 2517

E [email protected]


Tim advises on all aspects of UK and EU privacy and data protection law, from general compliance issues (such as implementing privacy policies and consent forms) to more specialized issues (such as managing data breaches, structuring cross-border data transfers, and complying with the 'right to be forgotten'). Tim has a detailed knowledge of the EU's General Data Protection Regulation (GDPR), and co-authored White & Case's Handbook on that legislation (whitecase.com/eu-gdpr-handbook).

Clients appreciate Tim's ability to find pragmatic and commercial solutions to complex (and frequently multi-jurisdictional) data protection compliance questions.

Tim has significant experience of working with a wide range of clients in the EU, Asia and the US. In 2018 he gave a seminar at Harvard Law School on the impact of the GDPR on US businesses. He has also spent time on secondment at Google, advising on cutting-edge privacy and data protection issues.

Bars and Courts

  • England and Wales
  • Republic of Ireland


  • LPC, Nottingham Law School
  • LLB, University of Nottingham


  • English


Advised Nestlé on data protection compliance matters globally, including in relation to the GDPR.

Advised a major China-based Financial Institution on the applicable compliance obligations arising under EU data protection law, including international data transfers from its operations in the EU to its headquarters in China.

Advised the world's largest food company on data protection compliance across the EU, including development of a detailed data protection compliance questionnaire for local entities, roll-out of compliant and user-friendly data protection policies, and advice on cross-border data transfers.

Advised numerous clients on the likely impact of the proposed EU General Data Protection Regulation (including the new fines of up to the greater of €20 million, or 4% of worldwide turnover).

Advised an online tax and accounting software maker on data protection compliance issues, including data localization requirements, cloud-based data hosting and data analytics.

Advised a major US corporation in connection with an investigation by multiple EU Data Protection Authorities into the collection and further processing of personal data.

Provided data protection guidance and advice to a leading manufacturer of 'internet of things' devices, regarding the lawful processing of personal data, and the risks associated with profiling and monitoring individuals.

Advised a global financial institution on how to navigate the requirements of EU data protection law, in the context of demands for disclosure of data by US financial regulators.

Provided guidance on the impact of significant recent data protection cases, including the CJEU decisions in Costeja v Google Spain, Weltimmo v Nemzeti, and Schrems v Facebook.

Represented a large UK company in an investigation by the Information Commissioner's Office.

Advised a US electronics manufacturer on the compliance requirements arising in relation to employee monitoring, network scanning, and the use of CCTV, in a range of European jurisdictions.

Negotiated a biometric visa services agreement on behalf of the Ministry of Foreign Affairs of the Kingdom of Saudi Arabia.

Speaking Engagements

Association of Executive Search Consultants – European Conference, November 10, 2016:

The Law Society – Data Protection Seminar, September 28, 2016

British Chamber of Commerce – Safe Harbor and the General Data Protection Regulation, March 9, 2016

PDP Annual Data Protection Compliance Conference, 2013 and 2014

Awards & Recognition

2017 Law360 Rising Star, Cybersecurity & Privacy

Winner, Lincoln's Inn Inter-Varsity Moot (2005) (judged by Lord Walker)