Wayne Cleghorn is an experienced and specialist Senior Technology Lawyer focusing on data protection, global data privacy, data breach response, and new technology governance, including artificial intelligence. He engages effectively with clients, identifies the key issues, gives practical advice, and offers unique insights because of his diverse experience. His advice and guidance are always risk-based, pragmatic, and commercially astute.
Wayne’s practice includes advising UK, European, US, and international data protection programmes, leading data protection audits, drafting data privacy policies, updating GDPR procedures and documentation. His work includes responding to large data breaches, including ransomware, strategically responding to complex subject access requests, advising on regulator investigations, and helping organisations respond effectively to regulators and enforcement measures. He also drafts commercial contracts, negotiates data processing agreements, and arranges international data transfers via Standard Contractual Clauses, Binding Corporate Rules, and other tools. He has advised a wide range of sectors, including financial services, fintech, technology, manufacturing, retail, ecommerce, health, biotechnology, universities, and government bodies.
Wayne has worked in private practice, in-house, as a government lawyer, and a Management Consultant. He is also a certified Project Manager and a Lead Data Protection Officer (DPO).
Led the work programme at a Fortune 500 US Silicon Valley global cloud services provider to review and update GDPR Privacy by Design policy and procedures, Data Protection Impact Assessments (DPIAs), Privacy Impacts Assessments (PIAs) and Privacy Risk Registers of over 100 infrastructure, hardware, software products and digital services.
Provided statutory Data Protection Officer services to a UK Central Government Department and Non-Departmental bodies for a big data project with 15 parties and income of £20 billion to combine trade, transport, security and private sector data.
Advised Nasdaq–listed Dutch–US biotechnology and pharmaceutical company on UK post–Brexit data protection, UK supply chain reviews and improve US data transfer practices.
Advised UK based Application developers to launch a global education App by imbedding UK ICO’s Appropriate Design Childrens’ Code, drafted Terms and Conditions, Data Protection Policy, GDPR FAQ, UX data minimisation and set user consent protocols.
Helped a UK and European retail bank and fintech to increase its data science, big data analytics and debt-risk intelligence data capabilities. Included data brokers and credit reference agency contracts, negotiations, risk analysis and artificial intelligence services.
Responded to a major health data ransomware attack by Black Basta (linked to the Conti and REvil groups) that required recording and breach response under GDPR, California law, 25 US states and the US Health Insurance Portability and Accountability Act (HIPAA).
Led a project to assess, limit and remediate the EU and US insurance and healthcare supply chain effects of Australia’s Medibank data breach in 2022.
Keen interest in travel, photography and gospel music. Always seeking opportunities to develop French language skills.
Member of the International Association of Privacy Professionals (IAPP), with certifications: FIP (Fellow), CIPP/E (Europe), CIPP/US (United States) and CIPT (Technology)
Professional Member of the BCS, the Chartered Institute for IT – MBCS
Understanding Europe’s Big Six Data Protection Regulators (PrivacySolved Insights)
https://www.privacysolved.com/understanding-europes-big-six-data-protection-regulators/
International Data Transfers: New UK Standard Contractual Clauses (PrivacySolved Insights)
https://www.privacysolved.com/international-data-transfers-new-uk-standard-contractual-clauses/
The Ransomware Problem: Five Steps to Success (PrivacySolved Insights)
https://www.privacysolved.com/the-ransomware-problem-five-steps-to-success/
May 13, 2025
The Information Commissioner’s Office (ICO) has imposed a £3.07 million fine on Advanced Computer Software Group Ltd for security deficiencies …
Read more
February 11, 2025
We’re delighted that Partner Wayne Cleghorn has been featured in Architecture & Governance Magazine, with an article discussing cybersecurity trends. …
Read more
January 23, 2025
Excello Law Partner in AI and Data Protection, Wayne Cleghorn, Shares Insights on AI Opportunities Action Plan in Director of …
Read more
December 6, 2024
On Thursday, 5 December, Wayne Cleghorn attended a BusinessDesk round table event held in Nottingham city centre, titled “How Professional …
Read more
October 14, 2024
Excello Law Data Protection, Privacy, Cybersecurity and Artificial Intelligence Law Partner Wayne Cleghorn has been appointed by the European Commission …
Read more