Tom FordManaging Associate

Sitting within both Lewis Silkin’s data & privacy group and top-tier employment law division, I advise leading multinational organisations on data privacy issues from a risk and governance, workplace, and commercial perspective. Taking a pragmatic, risk-based approach to compliance, I work with clients to address their data privacy issues in a way that is proportionate and practical. 

I have considerable experience of running projects across multiple jurisdictions, both inside and outside the EU, and  work with clients in the media & entertainment, tech, finance, legal, and marketing sectors. 

I have particular expertise in:

• GDPR compliance strategy;
• transparency requirements, including internal and external privacy notices;
• documentation  requirements, internal policies and protocols;   
• data protection impact assessments (DPIAs);
• data processing and data sharing agreements;
• data subject access requests (DSARs) and other rights requests;
• data breaches and data breach reporting;
• regulatory investigations;
• data retention strategy;
• Covid-19 testing and the collection and use of vaccination data;
• diversity and inclusion monitoring;
• employee vetting and background checks. 

Some of my recent work highlights include:

• leading a major global project on the data privacy implications of  Covid-19 'back to work' measures, including  Covid-19 testing and the processing of data on vaccination status;

• providing detailed advice on global diversity and inclusion initiatives, including practical steps for the management of associated data privacy risks;

• drafting and advising on the implementation of complex group data sharing arrangements involving multiple client stakeholders in the UK, EU and US; and

• advising on the processing of data relating to criminal offences and the intersection of data privacy laws with industry-specific regulatory requirements (for example, those applicable in the  legal and financial services industries).