The storage and management of data have emerged as critical concerns for businesses, driven by significant changes in the legal and regulatory landscape, notably with the implementation of the General Data Protection Regulation (GDPR). Businesses must formulate appropriate strategies for data governance and establish programs to ensure legal and regulatory compliance. The reputation of the business and exposure to substantial fines are at stake. 

Our team of data protection and cybersecurity experts brings extensive experience advising businesses, governmental bodies, and large not-for-profits on data management. Working closely with boards, legal, and operational teams, our experts blend technical proficiency with commercial wisdom gained from managing these issues. This ensures that we identify solutions that are not only legally compliant but also commercially suitable for your organisation. 

What we advise on
  • GDPR issues  
  • All aspects of data governance programmes  
  • Privacy law and implementation and support  
  • Marketing issues  
  • Drafting and negotiating complex data, privacy, and cybersecurity agreements  
  • Data protection issues   
  • Data breaches and subject complaints  
  • Cyber risk management   
  • Incident response including with different regulators and law enforcement  
  • Transactions and projects involving cybersecurity risk management 
Who we work with
  • listed and unlisted companies   
  • Governmental organisations   
  • NGOs and not for profits   
  • individuals  
Specialist Expertise

Our team is equipped to advise and support you in all aspects of responsible personal information handling and the security of systems and networks. The Data Privacy and Cybersecurity team possesses specialised knowledge and experience to support you, regardless of the complexity of your needs. 


Spencer West adopts a proactive approach to ensure businesses’ compliance with data protection regulations. We provide comprehensive advice on developing and managing data governance programs, addressing GDPR issues, and formulating policies and privacy notices. Our strategic guidance on privacy by design covers technology, systems, and business practices, including projects involving AI, DLP systems, AdTech, facial recognition, digital health, app development, and cloud computing. From marketing issues to drafting complex data, privacy, and cybersecurity agreements, our experts navigate data protection challenges in outsourcing, employment, and corporate law contexts, including M&A transactions. We support clients in dealing with investigations by data protection regulators, manage data subject complaints, and handle incidents, such as data breaches. Our approach ensures not only legal compliance but also commercially appropriate solutions tailored to the unique needs of each client or organisation. 


Going beyond data privacy concerns, our comprehensive cybersecurity legal service is designed to address cyber risk management. We advise on vendor due diligence, draft legal incident management plans, conduct tabletop exercises, and ensure compliance with NIS Regulations and GDPR preparedness. In the event of a cybersecurity incident, our team provides responsive support, liaising with regulators such as the FCA, ICP, and PRA, as well as law enforcement. We extend our cybersecurity expertise to transactions and projects, embedding cybersecurity risk management in M&A corporate transactions, joint ventures, and outsourcing agreements. 

Our cybersecurity legal services cover the entire spectrum of cyber risk, ensuring businesses are well-prepared to navigate the complexities of the digital landscape and effectively respond to cybersecurity challenges. 

Meet our team

Nick Benson
Partner - Business Law
Andrew Bird
Partner – Corporate
Jowanna Conboye
Partner - Intellectual Property; Technology; Commercial
Poh-Leng Devare
Partner – Commercial, Intellectual Property, Data Protection
Karl Foster
Partner - Commercial
Joseph Githaiga
Partner & Co-founder - Corporate & Commercial, Data Protection and Privacy, Regulatory Compliance
Kristy Gouldsmith
Partner - Data Protection, Privacy and Cybersecurity
Emma Gross
Partner – Employment, Data Protection
Basil Kgaugelo Mashabane
Partner - Corporate, Commercial, Data Privacy, Commercial Litigation & Pension Funds Law
Gerallt Owen
Gerallt Owen
Partner - Investigations, Regulatory and Corporate crime
Christopher Perrin
Partner - Commercial, Technology, Outsourcing and Data
Edmund Probert
Partner – Commercial Law, IT Contracts & Intellectual Property
Spencer West Partner Dr. Peter Schneidereit
Dr. Peter Schneidereit
Partner - IT Contracts and Data Protection