Nicholas Soni

Partner - IT, Data Protection & Cybersecurity, Disputes

Nicholas Soni

Nicholas Soni

Partner - IT, Data Protection & Cybersecurity, Disputes

Nick has over 20 years’ experience in information technology, data governance and cybersecurity. His strength lies in his unique combination of “hands-on” technology skills used to underpin his legal practice.

His recent legal practice experience has encompassed the technical aspects of data protection, commercial technology and cybersecurity law, examples of which include:

  • At CBRE Group Inc, various data privacy work, including privacy engineering at software development gates; negotiating complex global data processing arrangements and contracts; managing data transfers (inc. impact of Schrems II); privacy incident preparations; along with other data privacy functions in the Global Data Privacy Office
  • Leading the incident handling and ICO investigatory response to a complex regulatory matter involving a software migration project
  • Dealing with an ICO investigation and NCSC involvement following a data breach of a well-known organisation of a significant amount of personal data following a “nation-state” attack
  • Headed global privacy and cybersecurity initiatives for well-known FTSE 100 corporations involving global legal counsel (Singapore, Malaysia, China, Brazil, and more), including reviewing advice and ensuring adherence to budgets
  • Leading a data protection audit for an internationally based organisation involving the interviews of staff, review of data processing, analysis of data governance strategy versus business objectives and feedback to C-suite executives
  • Development of complex Legal Incident Plans for governance of cybersecurity responsiveness, including consideration of the intersections of business continuity planning, security incidents and legal and risks
  • Leading a GDPR gap analysis for a learning technology platform based out of the USA with a UK-based branch, including the review and “baking-in” of privacy-by-design processes into future software development gating processes
  • Drafting of the full-suite of customer facing privacy notices for a UK bank, including the provision of advice around GDPR compliance and notices for children

"I received guidance and support from Nick in a complex regulatory matter during 2018/19. He was knowledgeable, practical and supportive - a trusted advisor."
Ted Sheils, Global Head of Data Sharing, Privacy & Ethics at HSBC, GB&M

"Nick helped me bring my organization into compliance with GDPR in a short time. He was responsive, pragmatic, and had good business sense as well as legal expertise. I look forward to working with him again."
Neil Salon, Senior Director Legal, DataRobot, Inc.

"Nick provided support during a GDPR implementation program. Nick was extremely professional, and demonstrated his expert knowledge within the field of Data Protection. The advice provided was clear and concise, which ensured the program ran smoothly. I would highly recommend Nick for any similar projects or programs"
Julia Palmer, DPO at Shawbrook Bank

"Nick is an expert in the areas of information privacy and data protection. The GDPR related advice he provided to Midrive was succinct, easy to follow and did not lose sight of the commercial realities of our business"
Lambro Anastasiou, CFO at The Modern Milkman / Co-founder Startup CFO Network

"I have worked on and off with with Nick for 7 years now. I have the utmost faith in his abilities and advice and have the comfort of knowing I can reliably depend on a first class service. Plus, he's enjoyable to work with!"
Ian Molloy, CFO at Energy Industries Council


  • "Sufficient Guarantees and technical due diligence when appointing processors", PDP Journals, May 2019
  • "Transparency: GDPR focus", PDP Journals, Jan 2018
  • "Data security and response planning: GDPR focus", PDP Journals, Jul 2017
  • "Trust me, I’m a…Computer, Society for Computers and Law", Feb 2017

Related Articles


IT, Data Protection & Cybersecurity, Disputes

Qualifications and Professional Bodies

    • Solicitor & Notary Public
    • PgDip (Oxon) Software & Systems Security
    • Certified Information Privacy Manager (CIPM)
    • Certified Information Privacy Professional / Europe (CIPP/E)
    • Certified information Systems Security Professional (CISSP)
    • Post Graduate Diploma in Law
    • BSc (Hons) Mathematics and Computer Science
    • Member of the Society of Computers and Law
    • Member of the International Association of Privacy Professionals (IAPP)


  • CBRE Group, Inc. (Senior in-house lawyer, Global Data Privacy Office)
  • Herbert Smith Freehills (Senior Associate, Cybersecurity & Data Privacy)
  • Macfarlanes (Senior Counsel, Data Privacy & Cybersecurity)