I advise on cyber, data governance, privacy and regulatory matters, helping organisations manage risk across borders. As Shoosmiths’ subject matter lead on cyber regulatory laws – including NIS2, the EU Cyber Resilience Act and the forthcoming UK Cyber Security and Resiliency Act – I act for a wide range of multinationals on strategic cyber issues, incident preparedness and incident response.

My wider practice covers data protection and AdTech across GDPR, PECR, CCPA, PIPL and other emerging frameworks, with a focus on building solutions that work at scale in complex, multi-jurisdictional environments. Highly tech-lingual, I am used to working directly with infosec, product and software development teams to ensure legal advice can be implemented in practice.

From a sector perspective, I have detailed knowledge of telecoms, energy and infrastructure (including data centres), automotive and financial services (particularly FinTech), and a deep understanding of the bespoke regulatory frameworks that govern these markets.

Before joining Shoosmiths in 2021, I trained at Gibson Dunn (Brussels office) and later served as General Counsel and Data Protection Officer for an international security organisation. That in-house experience means I understand the realities of implementing global privacy programmes and managing high-stakes incidents.

I am active in privacy and tech law circles and contribute to thought leadership on AI regulation, cyber resilience, cross-border data transfers and digital transformation.