Meet the Team

Our team is made up of lawyers, barristers, and IT and information security experts, who all have backgrounds in cyber/information security and data protection (privacy). Our collective experience and skillset is similar to that of a DPO (data protection officer) or chief privacy officer, data privacy manager or data privacy lawyer, which enables us to assist clients in a way far better than a single person could. 


Our DPOs

John Potts

Operations Director


John is a data protection professional who has been working in data privacy for more than 12 years. As Operations Director for GRCI Law, he oversees service delivery and manages the GRCI Law consultant team. He set up our specialist data breach and DSAR (data subject access request) services and developed our Cyber Incident Response Service. He is also the DPO for a number of GRCI Law’s key clients. Before joining GRCI Law, John was Head of Information Rights and Head of Information Law and Security with the UK Metropolitan Police Service. Both roles involved regular contact with the UK regulator, the ICO (Information Commissioner’s Office). He has worked on several high-profile cases regarding information access rights. In 2021, John was the technical editor of the book Data Protection Officer, published by The Chartered Institute for IT, which is part of the organisation’s series of guides to IT roles.

John is a data protection professional who has been working in data privacy for more than 12 years. As Operations Director for GRCI Law, he oversees service delivery and manages the GRCI Law consultant team. He set up our specialist data breach and DSAR (data subject access request) services and developed our Cyber Incident Response Service. He is also the DPO for a number of GRCI Law’s key clients. Before joining GRCI Law, John was Head of Information Rights and Head of Information Law and Security with the UK Metropolitan Police Service. Both roles involved regular contact with the UK regulator, the ICO (Information Commissioner’s Office). He has worked on several high-profile cases regarding information access rights. In 2021, John was the technical editor of the book Data Protection Officer, published by The Chartered Institute for IT, which is part of the organisation’s series of guides to IT roles.

Ada

DPO Consultant


Ada is a skilled strategist and policy, communications and project management professional. Her experience includes working as an in-house legal adviser specialising in data protection issues for a financial services regulator. She advised on a wide variety of complex data protection issues, and represented the organisation in dealings with the ICO. Ada has also worked as an in-house legal adviser for a media and telecommunications regulator and for the European Commission. She has been a guest lecturer at the London School of Economics on the techno-legal aspects of information systems.

Ada is a skilled strategist and policy, communications and project management professional. Her experience includes working as an in-house legal adviser specialising in data protection issues for a financial services regulator. She advised on a wide variety of complex data protection issues, and represented the organisation in dealings with the ICO. Ada has also worked as an in-house legal adviser for a media and telecommunications regulator and for the European Commission. She has been a guest lecturer at the London School of Economics on the techno-legal aspects of information systems.

Clare Bryan

DPO Consultant


Clare is a lawyer and compliance professional with extensive experience in providing legal and regulatory advice across various disciplines (particularly data protection/privacy and marketing law) and covering a wide number of jurisdictions globally. She has more than 20 years’ experience working in both in-house and consultancy roles, including serving as lead legal adviser and subject matter expert to several major FTSE 100 companies regarding data privacy compliance. Her strengths lie in analysing complex legislation and delivering clear, commercial and practical guidance to business stakeholders at all levels in respect of operational compliance.

Clare is a lawyer and compliance professional with extensive experience in providing legal and regulatory advice across various disciplines (particularly data protection/privacy and marketing law) and covering a wide number of jurisdictions globally. She has more than 20 years’ experience working in both in-house and consultancy roles, including serving as lead legal adviser and subject matter expert to several major FTSE 100 companies regarding data privacy compliance. Her strengths lie in analysing complex legislation and delivering clear, commercial and practical guidance to business stakeholders at all levels in respect of operational compliance.

Ernest Attah

DPO Consultant


Ernest is an experienced DPO who is used to working with both public- and private-sector clients. He managed a major digital project for a large NHS trust, ensuring data security and data privacy principles were implemented. He has also worked for an international digital agency and has a wealth of experience working with tech companies, including fintech. Ernest holds a master’s degree in corporate governance and has a company secretarial background. He is a qualified IAPP-CIPP/E (Certified Information Privacy Professional-Europe) and UK GDPR Practitioner.

Ernest is an experienced DPO who is used to working with both public- and private-sector clients. He managed a major digital project for a large NHS trust, ensuring data security and data privacy principles were implemented. He has also worked for an international digital agency and has a wealth of experience working with tech companies, including fintech. Ernest holds a master’s degree in corporate governance and has a company secretarial background. He is a qualified IAPP-CIPP/E (Certified Information Privacy Professional-Europe) and UK GDPR Practitioner.

Tariq Ighomrore

DPO Consultant


Tariq is a versatile and dedicated data protection and information governance professional, with more than ten years’ experience across both the public and private sectors. He has particular expertise in the financial, media and higher education sectors. He has helped financial organisations implement GDPR compliance and has knowledge of the NDPR (Nigerian Data Protection Regulation). Tariq has a track record of championing a culture of data privacy, using his expertise and knowledge of data protection regulations, processes and case law reviews. As a skilled business analyst, he has experience of full lifecycle project management and of regulatory and IT projects. He is also an experienced speaker and presenter.

Tariq is a versatile and dedicated data protection and information governance professional, with more than ten years’ experience across both the public and private sectors. He has particular expertise in the financial, media and higher education sectors. He has helped financial organisations implement GDPR compliance and has knowledge of the NDPR (Nigerian Data Protection Regulation). Tariq has a track record of championing a culture of data privacy, using his expertise and knowledge of data protection regulations, processes and case law reviews. As a skilled business analyst, he has experience of full lifecycle project management and of regulatory and IT projects. He is also an experienced speaker and presenter.

Judith Eis

DPO Consultant


Judith is a certified privacy practitioner with a Juris Doctorate degree in law. She has been instrumental in developing policies and procedures in line with international, EU and UK requirements. She also leads the implementation of governance frameworks for client organisations in information security and risk management to achieve regulatory assurance. Judith focuses on comprehensive and actionable strategies so that privacy issues can be addressed within all areas of the business and ensures subsequent monitoring and communication with relevant stakeholders at the highest levels of an organisation.

Judith is a certified privacy practitioner with a Juris Doctorate degree in law. She has been instrumental in developing policies and procedures in line with international, EU and UK requirements. She also leads the implementation of governance frameworks for client organisations in information security and risk management to achieve regulatory assurance. Judith focuses on comprehensive and actionable strategies so that privacy issues can be addressed within all areas of the business and ensures subsequent monitoring and communication with relevant stakeholders at the highest levels of an organisation.

Anisha Tara

Junior Consultant


Anisha holds a bachelor’s degree in law and a master’s degree in legal practice. She is able to break down complex legislative requirements into presentable and digestible material. Anisha is responsible for providing gap analyses for clients and advising them on areas where they can improve, as well as maintaining excellent client relationships and a high level of service.

Anisha holds a bachelor’s degree in law and a master’s degree in legal practice. She is able to break down complex legislative requirements into presentable and digestible material. Anisha is responsible for providing gap analyses for clients and advising them on areas where they can improve, as well as maintaining excellent client relationships and a high level of service.


Our UK and EU Representative Services Team

Dr Loredana Tassone

Head of UK and EU Representative Services


Loredana is a member of our senior management team and is Head of EU and UK Representative Services. She has more than ten years’ experience in the fields of privacy rights and data protection in both the private and public sectors. She is a specialist in international and European law and is a qualified attorney at law in France and Italy. Based in Brussels, Loredana advises GRCI Law clients on a wide range of data privacy issues. Her experience includes advising on landmark cases brought before the European Court of Human Rights, including those on data protection and privacy rights.


Our Breach & DSAR Support Team

Helen

Incident and Breach Management &
Data Subject Rights Consultant


Helen is a compliance professional with a wide range of experience in consumer and criminal law and dispute resolution. Her key areas of focus are incident and breach management and complex DSARs. She has advised on a range of complex DSARs for GRCI Law clients including a leading pizza brand and a well-known gym group. Her role involves regular liaison with the ICO on behalf of clients. Helen has worked for Trading Standards and a construction trade body, where she was the in-house DPO. She is well placed to provide advice and guidance to clients on data protection compliance as well as implementing data protection policies and procedures, including delivery of staff training.

Helen is a compliance professional with a wide range of experience in consumer and criminal law and dispute resolution. Her key areas of focus are incident and breach management and complex DSARs. She has advised on a range of complex DSARs for GRCI Law clients including a leading pizza brand and a well-known gym group. Her role involves regular liaison with the ICO on behalf of clients. Helen has worked for Trading Standards and a construction trade body, where she was the in-house DPO. She is well placed to provide advice and guidance to clients on data protection compliance as well as implementing data protection policies and procedures, including delivery of staff training.


Our Legal Team

Natalie Whitney

Head of Contract and Legal Services


Natalie is a member of our senior management team and is an expert in business risk management. She is a practical, solution-oriented, qualified commercial, contracts and data protection lawyer with more than 25 years’ experience. She advises clients on a wide range of data privacy challenges including multi-jurisdictional issues, due diligence for acquisitions, and legal compliance issues relating to marketing, CRM systems, HR, supplier agreements, cross-border data transfers and standard contract clauses. Natalie’s experience includes advising on commercial contracts and policies, risk, data protection, competition law and intellectual property.

Natalie is a member of our senior management team and is an expert in business risk management. She is a practical, solution-oriented, qualified commercial, contracts and data protection lawyer with more than 25 years’ experience. She advises clients on a wide range of data privacy challenges including multi-jurisdictional issues, due diligence for acquisitions, and legal compliance issues relating to marketing, CRM systems, HR, supplier agreements, cross-border data transfers and standard contract clauses. Natalie’s experience includes advising on commercial contracts and policies, risk, data protection, competition law and intellectual property.


Our Cyber Incident Response Team

Cliff Martin

Head of Cyber Incident Response


Cliff leads the Cyber Incident Response Service within GRCI Law. He began his career teaching computer systems and network technologies in further and higher education. He moved into the defence industry, where his main areas of expertise were risk management and accreditation, incident management and response, and secure systems architecture and configuration. Cliff has experience in both IT and OT environments. He understands the complexity of cyber security incidents and their potential impact on the business, its users and its customers.

Cliff leads the Cyber Incident Response Service within GRCI Law. He began his career teaching computer systems and network technologies in further and higher education. He moved into the defence industry, where his main areas of expertise were risk management and accreditation, incident management and response, and secure systems architecture and configuration. Cliff has experience in both IT and OT environments. He understands the complexity of cyber security incidents and their potential impact on the business, its users and its customers.


Our Business Development Team

Christina Maclean

Sales Director


Christina is jointly responsible for running GRCI Law with Operations Director John Potts. She oversees commercial strategy, product development, new business and client relationship management, and is also responsible for growing and developing the GDPR.co.uk software platform. She has a track record of driving growth through evidence-based strategy and driving exceptional client service. A non-practising solicitor with a background in marketing, communications, and broadcast news and sport, Christina has worked for a number of top 50 law firms across domestic and international markets, including Gowling WLG, TLT and Browne Jacobson. As a broadcaster, she worked for the BBC and ITV News Central. She has served as a non-executive director for an NHS trust.

Rakee Das

Business Development Manager


Rakee is an accomplished sales and business development professional with more than ten years’ experience spanning various sectors. With a track record of building strong relationships and a natural consultative approach, she consistently delivers solutions for clients. Rakee is responsible for driving growth and expansion by maximising existing client relations and developing new prospects, as well as ensuring a high level of client service.

 
Loading...