Meet the Team
Our team is made up of lawyers, barristers, and IT and information security experts, who all have backgrounds in cyber/information security and data protection (privacy). Our collective experience and skillset is similar to that of a DPO (data protection officer) or chief privacy officer, data privacy manager or data privacy lawyer, which enables us to assist clients in a way far better than a single person could.
Our DPOs
John Potts
Operations Director
John is a data protection professional who has been working in data privacy for more than 12 years. As Operations Director for GRCI Law, he oversees service delivery and manages the GRCI Law consultant team. He set up our specialist data breach and DSAR (data subject access request) services and developed our Cyber Incident Response Service. He is also the DPO for a number of GRCI Law’s key clients. Before joining GRCI Law, John was Head of Information Rights and Head of Information Law and Security with the UK Metropolitan Police Service. Both roles involved regular contact with the UK regulator, the ICO (Information Commissioner’s Office). He has worked on several high-profile cases regarding information access rights. In 2021, John was the technical editor of the book Data Protection Officer, published by The Chartered Institute for IT, which is part of the organisation’s series of guides to IT roles.
John is a data protection professional who has been working in data privacy for more than 12 years. As Operations Director for GRCI Law, he oversees service delivery and manages the GRCI Law consultant team. He set up our specialist data breach and DSAR (data subject access request) services and developed our Cyber Incident Response Service. He is also the DPO for a number of GRCI Law’s key clients. Before joining GRCI Law, John was Head of Information Rights and Head of Information Law and Security with the UK Metropolitan Police Service. Both roles involved regular contact with the UK regulator, the ICO (Information Commissioner’s Office). He has worked on several high-profile cases regarding information access rights. In 2021, John was the technical editor of the book Data Protection Officer, published by The Chartered Institute for IT, which is part of the organisation’s series of guides to IT roles.
Ada
DPO Consultant
Ada is a skilled strategist and policy, communications and project management professional. Her experience includes working as an in-house legal adviser specialising in data protection issues for a financial services regulator. She advised on a wide variety of complex data protection issues, and represented the organisation in dealings with the ICO. Ada has also worked as an in-house legal adviser for a media and telecommunications regulator and for the European Commission. She has been a guest lecturer at the London School of Economics on the techno-legal aspects of information systems.
Ada is a skilled strategist and policy, communications and project management professional. Her experience includes working as an in-house legal adviser specialising in data protection issues for a financial services regulator. She advised on a wide variety of complex data protection issues, and represented the organisation in dealings with the ICO. Ada has also worked as an in-house legal adviser for a media and telecommunications regulator and for the European Commission. She has been a guest lecturer at the London School of Economics on the techno-legal aspects of information systems.
Clare Bryan
DPO Consultant
Clare is a lawyer and compliance professional with extensive experience in providing legal and regulatory advice across various disciplines (particularly data protection/privacy and marketing law) and covering a wide number of jurisdictions globally. She has more than 20 years’ experience working in both in-house and consultancy roles, including serving as lead legal adviser and subject matter expert to several major FTSE 100 companies regarding data privacy compliance. Her strengths lie in analysing complex legislation and delivering clear, commercial and practical guidance to business stakeholders at all levels in respect of operational compliance.
Clare is a lawyer and compliance professional with extensive experience in providing legal and regulatory advice across various disciplines (particularly data protection/privacy and marketing law) and covering a wide number of jurisdictions globally. She has more than 20 years’ experience working in both in-house and consultancy roles, including serving as lead legal adviser and subject matter expert to several major FTSE 100 companies regarding data privacy compliance. Her strengths lie in analysing complex legislation and delivering clear, commercial and practical guidance to business stakeholders at all levels in respect of operational compliance.
Judith Eis
DPO Consultant
Judith is a certified privacy practitioner with a Juris Doctorate degree in law. She has been instrumental in developing policies and procedures in line with international, EU and UK requirements. She also leads the implementation of governance frameworks for client organisations in information security and risk management to achieve regulatory assurance. Judith focuses on comprehensive and actionable strategies so that privacy issues can be addressed within all areas of the business and ensures subsequent monitoring and communication with relevant stakeholders at the highest levels of an organisation.
Judith is a certified privacy practitioner with a Juris Doctorate degree in law. She has been instrumental in developing policies and procedures in line with international, EU and UK requirements. She also leads the implementation of governance frameworks for client organisations in information security and risk management to achieve regulatory assurance. Judith focuses on comprehensive and actionable strategies so that privacy issues can be addressed within all areas of the business and ensures subsequent monitoring and communication with relevant stakeholders at the highest levels of an organisation.
Anisha Tara
Junior Consultant
Anisha holds a bachelor’s degree in law and a master’s degree in legal practice. She is able to break down complex legislative requirements into presentable and digestible material. Anisha is responsible for providing gap analyses for clients and advising them on areas where they can improve, as well as maintaining excellent client relationships and a high level of service.
Anisha holds a bachelor’s degree in law and a master’s degree in legal practice. She is able to break down complex legislative requirements into presentable and digestible material. Anisha is responsible for providing gap analyses for clients and advising them on areas where they can improve, as well as maintaining excellent client relationships and a high level of service.
Our UK and EU Representative Services Team
Dr Loredana Tassone
Head of UK and EU Representative Services
Loredana is a member of our senior management team and is Head of EU and UK Representative Services. She has more than ten years’ experience in the fields of privacy rights and data protection in both the private and public sectors. She is a specialist in international and European law and is a qualified attorney at law in France and Italy. Based in Brussels, Loredana advises GRCI Law clients on a wide range of data privacy issues. Her experience includes advising on landmark cases brought before the European Court of Human Rights, including those on data protection and privacy rights.
Our Breach & DSAR Support Team
Helen
Incident and Breach Management &
Data Subject Rights Consultant
Helen is a compliance professional with a wide range of experience in consumer and criminal law and dispute resolution. Her key areas of focus are incident and breach management and complex DSARs. She has advised on a range of complex DSARs for GRCI Law clients including a leading pizza brand and a well-known gym group. Her role involves regular liaison with the ICO on behalf of clients. Helen has worked for Trading Standards and a construction trade body, where she was the in-house DPO. She is well placed to provide advice and guidance to clients on data protection compliance as well as implementing data protection policies and procedures, including delivery of staff training.
Helen is a compliance professional with a wide range of experience in consumer and criminal law and dispute resolution. Her key areas of focus are incident and breach management and complex DSARs. She has advised on a range of complex DSARs for GRCI Law clients including a leading pizza brand and a well-known gym group. Her role involves regular liaison with the ICO on behalf of clients. Helen has worked for Trading Standards and a construction trade body, where she was the in-house DPO. She is well placed to provide advice and guidance to clients on data protection compliance as well as implementing data protection policies and procedures, including delivery of staff training.
Our Legal Team
Natalie Whitney
Head of Contract and Legal Services
Natalie is a member of our senior management team and is an expert in business risk management. She is a practical, solution-oriented, qualified commercial, contracts and data protection lawyer with more than 25 years’ experience. She advises clients on a wide range of data privacy challenges including multi-jurisdictional issues, due diligence for acquisitions, and legal compliance issues relating to marketing, CRM systems, HR, supplier agreements, cross-border data transfers and standard contract clauses. Natalie’s experience includes advising on commercial contracts and policies, risk, data protection, competition law and intellectual property.
Natalie is a member of our senior management team and is an expert in business risk management. She is a practical, solution-oriented, qualified commercial, contracts and data protection lawyer with more than 25 years’ experience. She advises clients on a wide range of data privacy challenges including multi-jurisdictional issues, due diligence for acquisitions, and legal compliance issues relating to marketing, CRM systems, HR, supplier agreements, cross-border data transfers and standard contract clauses. Natalie’s experience includes advising on commercial contracts and policies, risk, data protection, competition law and intellectual property.
Our Cyber Incident Response Team
Cliff Martin
Head of Cyber Incident Response
Cliff leads the Cyber Incident Response Service within GRCI Law. He began his career teaching computer systems and network technologies in further and higher education. He moved into the defence industry, where his main areas of expertise were risk management and accreditation, incident management and response, and secure systems architecture and configuration. Cliff has experience in both IT and OT environments. He understands the complexity of cyber security incidents and their potential impact on the business, its users and its customers.
Cliff leads the Cyber Incident Response Service within GRCI Law. He began his career teaching computer systems and network technologies in further and higher education. He moved into the defence industry, where his main areas of expertise were risk management and accreditation, incident management and response, and secure systems architecture and configuration. Cliff has experience in both IT and OT environments. He understands the complexity of cyber security incidents and their potential impact on the business, its users and its customers.
Vanessa Horton
Cyber Incident Responder
Vanessa holds a degree in computer forensics and has worked for West Midlands Police as a digital forensics officer. She has been involved in a number of complex crime cases and was awarded a Diamond Award and an Excellence in Service Delivery Award. Vanessa also holds a number of cyber security and forensics qualifications. She is part of GRCI Law’s Cyber Incident Response team, helping clients with their cyber security requirements.
Vanessa holds a degree in computer forensics and has worked for West Midlands Police as a digital forensics officer. She has been involved in a number of complex crime cases and was awarded a Diamond Award and an Excellence in Service Delivery Award. Vanessa also holds a number of cyber security and forensics qualifications. She is part of GRCI Law’s Cyber Incident Response team, helping clients with their cyber security requirements. p>
Our Business Development Team
Christina Maclean
Sales Director
Christina is jointly responsible for running GRCI Law with Operations Director John Potts. She oversees commercial strategy, product development, new business and client relationship management, and is also responsible for growing and developing the GDPR.co.uk software platform. She has a track record of driving growth through evidence-based strategy and driving exceptional client service. A non-practising solicitor with a background in marketing, communications, and broadcast news and sport, Christina has worked for a number of top 50 law firms across domestic and international markets, including Gowling WLG, TLT and Browne Jacobson. As a broadcaster, she worked for the BBC and ITV News Central. She has served as a non-executive director for an NHS trust.
Rakee Das
Business Development Manager
Rakee is an accomplished sales and business development professional with more than ten years’ experience spanning various sectors. With a track record of building strong relationships and a natural consultative approach, she consistently delivers solutions for clients. Rakee is responsible for driving growth and expansion by maximising existing client relations and developing new prospects, as well as ensuring a high level of client service.
