I am a partner in our International Privacy & Data Protection Group. I specialise in fintech and payments and divide my time between our offices in London and Madrid.

I have significant experience of international data protection from both in-house and private practice perspective. Although I have spent most of my career in private practice, I also have the in-house experience of having worked for a global company such as PayPal. At PayPal I was the DPO and Privacy Director for EMEA and LATAM and responsible for building a global privacy program and leading the process to obtain new BCRs (controller and processor) following the complex separation from eBay. My experience at PayPal gave me a unique opportunity to experience the challenges that global companies face when implementing regulatory changes. Also it was key for me to learn how important it was to provide business teams with the practical advice needed in such a cutting edge industry.

I apply those lessons learned from my in-house experience to the advice I provide to my clients at Bird & Bird. I have also strong experience in global project management and coordinating relevant expertise from different offices and across multiple jurisdictions which is key for projects such as BCRs or the implementation of other international data transfers frameworks.

I have strong experience in fintech and payments where I regularly advise leading global players in this sector. I have been recently advising clients on matters such as the interplay between PSD2 and GDPR but I also advise clients from many other industries such as Technology & Communications, Life Sciences & Healthcare, Media and Retail & Consumer, Energy and Utilities or Hospitality, among other, on a wide range of data protection matters, including BCRs.

I am a regular speaker on data protection issues at international events and I have also lectured on LLM and specialist courses in the past. I am a member of the Madrid Bar Association.

  • Advised a global marketplace in the launching of a new payments business.
  • Advised several global companies on controller and processor BCRs, including BCRs for a global telecom company having the Spanish DPA as lead authority.
  • Advising on data protection issues related to blockchain platforms.
  • Advised several leading payments providers on the implementation of GDPR and the interface with PSD2.
  • Advised a global marketplace in the process of segregating the data related to their payments business from their marketplace data.
  • Universitat Jaume I, Spain, Law Degree
  • Ilustre Colegio de Abogados de Madrid