Introducing the GDR 100 2022

Welcome to the GDR 100, in which the Global Data Review team identifies and profiles the world’s best data law firms. The GDR 100 is the only global ranking that captures the capabilities, track record and market reputation of the leading firms in the field.


Law firms: 135
Elite law firms: 25
Partners: 932
Lawyers: 1,332
Non-lawyers: 67
Data breaches notified: 1,768
Who’s Who Legal: Data nominees: 321

Unlike its competitors, the GDR 100 examines not only law firms’ privacy and data protection capabilities, but also their work on all other kinds of data law – including data localisation, B2B disputes about data acquisition and breach responsibility, antitrust, the use of IP and confidentiality laws to protect proprietary data, and more.

We give firms the opportunity to show us their full data practice, allowing us to peer under the hood and see how companies are using data as an asset. This year’s submission form encouraged firms to clearly separate privacy and non-privacy work so that we could better see how they operate.

While we have seen plenty of non-personal data as a result, the GDR 100 reflects the market: most companies primarily need data protection-related services. Data localisation is a big deal in certain Asian jurisdictions – especially in cloud and financial services – and data-focused companies need to have watertight IP and database rights over their assets, but the bulk of the data-focused work out there is related to personal data. For example, there is plenty of cybersecurity and data breach work to go around, but for many companies data protection and security go hand in hand. There is relatively little demand for advice on ‘pure’ cybersecurity matters that are unrelated to personal data. There is a business risk to losing control of valuable data, but the regulatory risk is just as important.

As such, most of the mandates we showcase here, and the capacities that we assessed, relate to personal data.


The ranking is based on in-depth submissions submitted by hundreds of law firms around the world, ranging from IT-focused boutiques to sprawling international giants.

We used GDR sister publication Who’s Who Legal: Data as a starting point. The Who’s Who Legal team identifies the very best practitioners, basing their selection on votes submitted by thousands of lawyers and experts around the world. We asked firms that had nominees the 2021 edition of Who’s Who Legal: Data to submit extensive information on the make-up of their practices, identify the lawyers who work within them, and provide information about ongoing and recently concluded cases and other mandates.

Having identified potential candidates, we requested information about the partners and other lawyers who dedicate a significant amount of their time to data, and details of their work, broken down into various categories. We invited firms to send us details about confidential work, as it would assist us in building the final list.

Once we received those submissions, we included only those that we felt had deep, lasting practices with a track record of acting for major companies on complex cases and deals, and of advising on significant compliance projects and product launches.

It was not a purely quantitative approach: the GDR editorial team brought its experience of the market to bear. Getting into the book was not just a numbers game – firms also needed to impress. Given that the editorial team spends its days reporting on the world’s leading cases, that is no easy task, and firms that have been included have good reason to be proud.

We also included a few firms that chose not to send us submissions, basing our decisions on our knowledge of the market. While those profiles are not as full as we would like them to be, we felt that excluding them would undermine the ranking. We encourage any firms that feel left out to submit next year.

We also named 25 global elite firms – five more than last year. Read more about them here.

What is a data practice?

GDR is published by Law Business Research, which publishes brands such as Global Competition Review, Global Investigations Review, Global Restructuring Review, Global Arbitration Review and Global Banking Regulation Review. Each of these has its own 100 publication (with the exception of Global Banking Regulation Review, which launched in 2020 and has yet to publish its first). We also work alongside sister brands IAM and World Trademark Review, which respectively cover patents and trademark law and have even more ambitious 1,000 rankings.

There is a lot of variation between those rankings, but they all closely follow a single practice area and pick out the best firms on their respective markets.

The GDR 100 is far harder to cleanly delineate. Each of the 100s and 1,000s above cover distinct markets: antitrust lawyers are easy to spot, international arbitration is a sufficiently specialised market from general commercial litigation that you can usually tell them apart, and restructuring and insolvency experts tend to hold themselves out as such.

Data law is a different beast – or rather, a collection of different beasts. GDR frequently comes across lawyers with backgrounds in contentious and non-contentious IP, technology contracts, white-collar investigations, commercial disputes and more.

Can GDR identify a data lawyer? We think we know one when we see one. But it’s no easy task.

If it’s hard to identify data lawyers, it’s even harder to say one team of such lawyers is better than the other: law firms also approach data in very different ways, and it’s tough to mount a fair head-to-head comparison.

Some, for example, have a small bench of data protection specialists who have spent decades doing little else. Others have retooled lawyers with backgrounds in soft IP, commercial contracts and outsourcing as it became clear that data increasingly drives technology markets, and now offer a one-stop-shop service that will handle all data-related aspects of a client’s activity – whether that data is personal or not.

We take no position on the best way to do things. Privacy specialists make a good argument that experience trumps all. All-rounders can sometimes snipe that experts can develop tunnel vision. GDR isn’t taking sides: both approaches are valid ways of doing business, and in reality most practitioners sit somewhere between the two extremes – if nothing else because it’s only relatively recently that the market has grown to the point where it can sustain scores of senior lawyers who are true data protection specialists.

Unlock unlimited access to all Global Data Review content