About Me

I am a partner in Bird & Bird's London-based international Privacy & Data Protection practice. My background with the UK Information Commissioner's Office combined with experience as a regulatory law specialist in private practice gives me unrivalled insight into contentious data protection work and enforcement action.

My practice areas focus on all aspects of contentious data protection work including enforcement action by regulators, managing data breaches and advising on the strategic and tactical implications of clients' position from a regulatory perspective. Many of the matters I have dealt with on behalf of the regulator arose from cybersecurity breaches giving me hands on insight into the intersection of data protection law and cybersecurity.

Prior to joining Bird & Bird in March 2023, I was Legal Director of Enforcement for the UK Information Commissioner's Office ("ICO") from 2019 and was appointed by Commissioner Elizabeth Denham CBE as her acting General Counsel. I first joined the ICO in 2018 as the lead lawyer in the office's investigation and enforcement action into the Cambridge Analytica affair. Following my appointment as Director I went on to lead the ICO's enforcement action on all their most high profile matters and managed the contentious legal function covering the DPA, FOIA, NIS, PECR and their criminal prosecutions. In addition I led on a wide variety of strategic matters, including the ongoing project to revise and update the ICO's penalty setting and statutory guidance policies as well as their posture on enforcement during the pandemic, as well as helping to lead the office's input into UK Adequacy negotiations following Brexit.

Before joining the ICO I spent ten years in private practice with a leading international law firm dealing with all aspects of regulatory law, including investigations and prosecutions involving money laundering, carousel and boiler room fraud, export control and sanctions issues, proceeds of crime and confiscation and anti-bribery & corruption with a particular focus on cases involving complex interactions of different regulatory areas across multiple jurisdictions.
  • Aggregate IQ (First enforcement notice under GDPR)
  • Criminal Prosecution of SCL Elections Limited
  • monetary penalty for a global social media company - (highest possible and highest ever at the time penalty imposed by the ICO)
  • Marriott Hotels ICO enforcement action
  • British Airways ICO enforcement action


  • International Baccalaureate: English/French/History/Maths/Chemistry/Art (plus studies in Philosophy & Local History)
  • University of Birmingham: Philosophy BA (Hons) 2:1 (Mary Talbot Muirhead prize for academic achievement, highest marks in graduating year); Graduate Diploma in Law
  • Manchester Metropolitan University: Bar Vocational Course
  • Qualified Lawyers Transfer Test - Solicitor of the Senior Courts of England & Wales


  • Solicitor in England & Wales – admitted in Nov 2001

Latest insights

More Insights
blue telephone

PECR & UK GDPR: Need to Know Enforcement Updates (March & April)

May 23 2024

Read More
notepad and pencil on pink background

The ICO publishes long-awaited content moderation guidance, coinciding with the end of Ofcom's illegal harms consultation

Mar 05 2024

Read More
surveillance cameras

EDPB’s case digest on Security of Processing and Data Breach Notification – all you need to know

Mar 05 2024

Read More

What's on TwoBirds TV?

More Videos