Mark Gleeson Data Privacy and Cyber Security Lawyer

Mark is a senior, specialist data privacy and cyber security lawyer. He is also an expert on freedom of information.  He has over 20 years’ multi-jurisdictional experience gained from roles in both private practice and industry. He advises clients (from start-ups to multinationals) in a range of sectors including: financial services, life sciences and pharma, manufacturing, retail, telecoms, transport, construction and the public sector. His practice covers all areas of data protection and cyber law, advising not just on compliance but also on defending clients from data breach claims, dealing with regulatory investigations and helping with data subject access requests. Mark has significant experience in engagement with UK, European and other overseas regulators.

Mark began his legal career as a pupil at 3 Temple Gardens before moving into senior roles in the Government Legal Service and then Head of Data Protection at Barclays Bank Plc’s Barclaycard Division. Between 2007 and 2014 Mark was Head of Data Protection and Information at Addleshaw Goddard LLP before joining Squire Patton Boggs (UK) LLP as a partner and Head of their UK Data Privacy and Cyber practice. He was a data protection and cyber partner at Browne Jacobson LLP and at Womble Bond Dickinson (UK) LLP from 2016 until 2020.

Mark has been highly recommended in the Legal 500 as an expert data protection lawyer and he is a member of the Data Protection Consultation Board at Thomson Reuters’ Practical Law.

Recent examples of Mark’s work:

  • Conducted impact assessments and drafted contractual provisions to allow cross-border data transfers post-Schrems II and in anticipation of Brexit.
  • Undertook GDPR compliance reviews and audits for a range of clients in different sectors.
  • Advised a global company on the roll-out of its GDPR compliance programme across EMEA.
  • Advised clients on successfully resisting expensive, large scale data subject access requests.
  • Advised office holders on the sale and further use of employee and customer data following administration and restructuring of high street retailers and restaurant chains.
  • Advised several financial services businesses (including mainstream banks, challenger banks and fintech companies) on the interaction of PSD2 and GDPR.
  • Advised a global digital services provider on compliance with the NIS Regulations 2018 and its statutory and contractual obligations to an operator of an essential service.
  • Successfully defended a major telecoms business under investigation by the Information Commissioner’s Office for alleged multiple breaches of the Privacy and Electronic Communications Regulations.
  • Defended a global retailer from a large volume of GDPR compensation claims brought by customers following a credentials stuffing cyber-attack.
  • Advised an IT company on its statutory and contractual liability following the theft and sale of equipment by a rogue employee.
  • Advised a global iconic brand on breach management/recovery, notification to the ICO/law enforcement and data subjects, and the pursuance of civil proceedings against a website hosting company following a ransomware attack on its retail website.
  • Advised an on-line and high street retailer following alleged breaches of PCI-DSS including negotiations with the PCI Security Standards Council.
  • Advised an on-line retailer on the management of a breach of website security, and civil litigation, resulting from the exposure of customer data following failures by a third party service provider.
  • Defended a credit broker for alleged failures in compliance with PECR including representation before the ICO, negotiations over the level of penalty and advising on reputation/brand management.
  • Advised a developer on using FOIA and EIR requests against a Government department, a local authority and several non-departmental public bodies to obtain evidence to support a civil claim for damages.

Contact Mark

Tel: +44 (0) 203 637 6374

Email: mark.gleeson@emlaw.co.uk