Skip to main content
Tom Ford

Tom FordManaging Associate

Download vCard

I am a UK lawyer who advises on data protection matters from a risk and governance, workplace, and commercial perspective. Taking a pragmatic, risk-based approach to compliance, I work with clients to address their data privacy issues in a way that is proportionate and practical.

Sitting within both Lewis Silkin’s data, privacy & cyber group and top-tier employment law division, I advise leading multinational organisations on data privacy issues.

I have considerable experience of running projects across multiple jurisdictions, both inside and outside the EU, and work with clients in the media & entertainment, tech, finance, legal, and marketing sectors.

I have particular expertise in:

  • GDPR compliance strategy;
  • data privacy as part of GRC, and building effective privacy policies and processes;
  • information security and acceptable use - including ISO27001/2 requirements;
  • transparency requirements, including internal and external privacy notices;
  • data protection impact assessments (DPIAs);
  • data processing agreements (DPAs) and data sharing agreements, including Schrems II risk mitigation and intra-group data sharing;
  • data subject access requests (DSARs) and other rights requests;
  • data breaches and data breach reporting;
  • regulatory investigations;
  • data retention strategy;
  • Covid-19 testing and the collection and use of vaccination data;
  • diversity and inclusion monitoring;
  • employee vetting and background checks.

Some of my recent work highlights include:

  • Advising large multi-nationals on the update of their global information security policies and alignment to ISO27001.
  • Advising multiple clients on the use of the 2021 SCCs and UK Addendum in relation to both internal and external data sharing, including relevant Schrems II "Transfer Impact Assessments".
  • Carrying out several projects assisting global businesses on their approach to the retention of personal data across multiple jurisdictions.
  • Advising multiple clients on their cross-border global diversity and inclusion initiatives, including practical steps for the management of associated data privacy risks; and
  • advising on the processing of data relating to criminal offences and the intersection of data privacy laws with industry-specific regulatory requirements (for example, those applicable in the legal and financial services industries).

Awards and Recognition

  • Rising Star in Legal 500 2022 (Data Protection)
  • Legal 500 2021 (Employment) - ‘Tom Ford has a fantastic balance of employment and data privacy knowledge'
Back To Top