Wayne Cleghorn is a senior technology lawyer specialising in data protection, global data privacy, cyber security, digital law, information governance and new technologies, including artificial intelligence. He is a data breach response and cyberattack specialist and an experienced Data Protection Officer (DPO).
Wayne’s practice includes advising UK, European, US and international data protection programmes, leading data protection audits, drafting data privacy policies, updating GDPR procedures and documentation. His work includes responding to large data breaches including ransomware, strategically responding to complex subject access requests, advising on regulator investigations, and helping organisations respond effectively to regulators and enforcement measures. He also drafts commercial contracts, negotiates data processing agreements, and arranges international data transfers via Standard Contractual Clauses, Binding Corporate Rules and other tools.
He has advised a wide range of sectors including financial services, fintech, technology, manufacturing, retail, ecommerce, health, biotechnology, universities and government bodies. He has worked in private practice, in-house, as a government lawyer and a Management Consultant.
Led the work programme at a Fortune 500 US Silicon Valley global cloud services provider to review and update GDPR Privacy by Design policy and procedures, Data Protection Impact Assessments (DPIAs), Privacy Impacts Assessments (PIAs) and Privacy Risk Registers of over 100 infrastructure, hardware, software products and digital services.
Provided statutory Data Protection Officer services to a UK Central Government Department and Non-Departmental bodies for a big data project with 15 parties and income of £20 billion to combine trade, transport, security and private sector data.
Advised Nasdaq–listed Dutch–US biotechnology and pharmaceutical company on UK post–Brexit data protection, UK supply chain reviews and improve US data transfer practices.
Advised UK based Application developers to launch a global education App by imbedding UK ICO’s Appropriate Design Childrens’ Code, drafted Terms and Conditions, Data Protection Policy, GDPR FAQ, UX data minimisation and set user consent protocols.
Helped a UK and European retail bank and fintech to increase its data science, big data analytics and debt-risk intelligence data capabilities. Included data brokers and credit reference agency contracts, negotiations, risk analysis and artificial intelligence services.
Responded to a major health data ransomware attack by Black Basta (linked to the Conti and REvil groups) that required recording and breach response under GDPR, California law, 25 US states and the US Health Insurance Portability and Accountability Act (HIPAA).
Led a project to assess, limit and remediate the EU and US insurance and healthcare supply chain effects of Australia’s Medibank data breach in 2022.
Keen interest in travel, photography and gospel music. Always seeking opportunities to develop French language skills.
Member of the International Association of Privacy Professionals (IAPP), with certifications: FIP (Fellow), CIPP/E (Europe), CIPP/US (United States) and CIPT (Technology)
Professional Member of the BCS, the Chartered Institute for IT – MBCS
Understanding Europe’s Big Six Data Protection Regulators (PrivacySolved Insights)
International Data Transfers: New UK Standard Contractual Clauses (PrivacySolved Insights)
The Ransomware Problem: Five Steps to Success (PrivacySolved Insights)
“I appreciate your dedication to improving our global privacy programme. Please know that we will continue to make progress on this plan and our overall programme.”
Vice President & Chief Privacy Officer, Fortune 500 Technology Company
“Thank you for the hard work on this. We appreciate the assistance and collaboration (and advice) we have received over the course of this process. Thanks a lot, on behalf of our team!”
Director, Cloud Solutions Architecture, Global Cloud Services Company
“Thanks for your willingness to continue supporting our Group. It was a pleasure.”
Group Executive Committee Member & Group General Counsel, Global Consulting, Technology and Digital Company