GDR 100 2022

Herbert Smith Freehills

Herbert Smith Freehills

Professional notice

Other lawyers41
Who’s Who Legal: Data nominees2
Personal data breaches notified13

Practice profile

Herbert Smith Freehills has rapidly expanded its data practice, pursuing a two-pronged tactic of senior hires and the utilisation of specialists from other practice areas. That growth continued in the past year: Pietro Pouche was promoted to partner in Milan, three lawyers became counsel or of counsel, and hires came in from Bird & Bird and hw&h.

In recognition of the interconnected nature of many data issues – and their prevalence among many different aspects of many different types of business – the firm’s data group spans practices and borders. The firm refers to its approach as operating a “virtual super-practice’” that allows it to take a truly cross-disciplinary approach that is able to handle a wide range of breadth and depth of work.

The growth in the firm’s data offering came in response to three factors: increased regulation; a rise in cybersecurity risk; and the ever-increasing commercial focus for its clients on data as a key strategic asset. The genesis of the practice now informs its strategy for the future: it looks to predict the big issues before they arise, to tackle international matters and to have a team of lawyers that are technically adept as well as well-informed on legal issues. The practice has a wide geographic footprint, with multiple partners in Europe, Asia (especially Singapore and Indonesia), Russia, the US and Australia. Key clients include British American Tobacco, multiple banks, Gazprom, Samsung, Whirlpool, TikTok, KPMG and Ant Financial/Alipay.

Leading individuals

London partner Miriam Everett heads the firm’s data protection and privacy team. She assists clients with the full gamut of data protection and privacy issues, through from the design and implementation of policies to disaster recovery and data breaches. Her considerable experience is complemented by Andrew Moir, also London-based, head of the firm’s cyber and data security group, which focuses on cyber-resilience, incident response, and cybersecurity issues related to transactions. Other key names include Paris-based Alexandra Neri, who leads the firm’s French IP/TMT practice and has an outstanding contentious practice. Pablo García Mexia runs the Madrid digital and TMT law practice. Sakurayuki leads associate firm Hiswara Bunjamin & Tandjung TMT and competition practices in Indonesia. Rohan Isaacs joined in Johannesburg after a near-30-year career at Norton Rose Fulbright; he now leads the Herbert Smith Freehills South African tech and privacy practice.

Work highlights

Herbert Smith Freehills handles a massive volume of high-complexity work.

London-based Everett advised Monsanto in connection with an Australian product liability class action, after the client wanted to transfer EU personal data from the US to Herbert Smith Freehills in Melbourne for ultimate transmission to the claimants’ lawyers. Everett is also assisting UBS on developing a tool that allows employees to determine if they can disclose data to third parties – covering issues such as data protection, bank secrecy and contractual restrictions. Everett worked alongside corporate partner Roddy Martin in assisting Chinese connected autonomous vehicle manufacturer Xpeng during its European market entry.

In Hong Kong, investigations partner Kyle Wombolt has advised clients such as UBS, BHP Billiton and Toll on various APAC issues. Jakarta HBT of counsel Cellia Cognard advises Volvo on its Indonesian business operations and advises TikTok alongside partner Teguh Arwiko; Sakurayuki, meanwhile, has assisted PT Telkom Indonesia and Keppel. Isaacs has acted for the likes of Willis Towers Watson, firstRand Bank and Grab on privacy compliance. In deals, lawyers in multiple jurisdictions provided Lufthansa with data protection advice during the 2020 sale of subsidiary LSG Group – an inflight services provider – to gategroup.

Tim Leaver in London has done plenty of work with recruiter Hays: in the past year, this included responding to two European regulators’ industry-wide compliance audits. The rest of the firm’s regulatory work is confidential, but the practice is plainly particularly strong in dealing with France’s CNIL. Google is a regular disputes client: Neri and of counsel Sébastien Proust represent it in multiple matters relating to the right to be forgotten.

Client feedback

A senior risk and policy official at a major international bank says Herbert Smith Freehills is “responsive and collaborative”.

“Andrew Moir provides excellent advice and understands the need to tailor it taking [the organisation] into account,” she says.

At Herbert Smith Freehills we understand how important data is and have developed a global practice advising on law and regulation relating to the use, trade, regulation, exploitation, security and breach of data around the world.

What sets us apart:

   • Cross-discipline, cross-practice, cross-sector, cross-border – We understand that data privacy and cyber security have evolved into a global issue, affecting every single commercial organisation and touching on all aspects of modern life and global trade. Data protection is not simply a regulatory compliance ‘tick box’ exercise. We approach data protection and cyber security issues from a multi-disciplinary and multi-jurisdictional perspective, bringing in specialists in employment, insurance, corporate governance, intellectual property, class actions, product liability and disputes, in addition to our core data protection and cyber security experts.

• Breadth and depth of work – As a practice, we cover a broad range of data and cyber issues, covering everything from complex regulatory compliance advice, through data subjects seeking to enforce their rights, responses to regulatory complaints and investigations, to data breaches and cyber incident response. Our clients can be confident that the team is flexible and adapts for each matter to be able to provide the level of support and resource required.

• Innovative structures and products – Through our market-leading Alternative Legal Services (ALT) practice, we deliver efficient and cost effective support for document- and information-intensive matters, in particular data breach/cyber security incidents and data protection-related contract repapering exercises. As part of this, we offer our proprietary data breach analytics software and workflow, working in conjunction with our ALT and Legal Process Management teams, to be able to get to the heart of the personal or sensitive information lost during a breach of unstructured data, for a fraction of the cost.

• Data and Cyber Disputes - The firm’s cyber and data expertise combined with its market leading litigation experience and reputation places us exceptionally well to act in cyber and data disputes, including class actions. We help clients deal with challenges of all kinds in relation to data and cyber – including from regulators, others in the supply chain, employees and consumers.

Operating from 26 offices across Asia Pacific, EMEA and North America, Herbert Smith Freehills is at the heart of the new global business landscape providing premium quality, full-service legal advice. The firm provides many of the world’s most pre-eminent organisations with access to market-leading legal advice, combined with expertise in a number of global industry sectors, including banking and financial services, consumer products, energy, financial buyers, infrastructure & transport, mining, pharmaceuticals & healthcare, real estate, TMT and manufacturing & industrials.


Miriam Everett,
Global Head of Data Protection & Privacy
E- mail: [email protected]
T: +44 20 7466 2378
Andrew Moir,
Global Head of Cyber and Data Security
E-mail: [email protected]
T: +44 20 7466 2773

Unlock unlimited access to all Global Data Review content