Lawyers

Christian Cockcroft

Christian Cockcroft

Shoosmiths, Scotland

Position

Christian is a data, privacy and regulatory lawyer whose practice spans a broad spectrum of data governance, data regulation (antitrust, privacy and sectoral) and cybersecurity related work.

Christian is versed in a multitude of privacy laws, including GDPR, the PECRs (and related cookie-law), CCPA and PIPEDA, while his wider regulatory experience involves advising on antitrust, data governance and market access laws, law enforcement access & lawful intercept, and sector/industry-specific laws and codes of practice (including HIPPA, SOX, DORA, ISO information security standards and PCI-DSS).

This mix of experience makes Christian uniquely placed to assist multi-national organisations in navigating a range of cross-border compliance issues, from implementing global privacy programs and advising on cross-border data breaches, complex strategic or transactions matters (such as outsourcing or digital transformation global), as well as advising on novel or higher-risk technologies (e.g., MarTech, AI-regulation, blockchain, crypto-tech, NFTs, metaverse etc.).

Christian trained and practised in the Brussels office of a US law firm, before moving in-house, most recently as General Counsel & Data Protection Officer for an international security organization, before joining Shoosmiths in 2021.

Representative engagements include:

Assisting multiple organisations in navigating data transfer compliance, including Schrems II compliance, model clauses and docking arrangements, transfer risk assessments (having conducted over 20 TRAs in 2022) and negotiating supplementary security measures. Advised a number of organisations in the acquisition of Binding Corporate Rules, including acting on one of the UK’s first post-Brexit standalone BCR applications for a leading Ed-tech provider. Conducted an international data mapping and compliance project for a Japanese automotive manufacturer. Assisted a large timeshare and resort provider with its global privacy & data compliance efforts, including data mapping, vendor management, revision of existing privacy and information security policies, use of MarTech and cookie compliance. Advising on multiple intra-group data transfer arrangements for companies spanning a broad range of sectors (e.g., banking, social media, telecommunications, heavy industry, automotive etc.). Advised a global bank on a $100m+ outsourcing arrangement with an edge-to-cloud provider, including negotiating contractual arrangements with vendors, drafting information security schedules and advising on associated data transfers issues. Advised a major social networking company on both privacy and antitrust aspects of its acquisition of a popular OTT messaging platform. Advice to a global credit rating agency on a range of privacy matters, including the use of AI-enabled decision-making technologies. Advice to various telecos, ISPs and digital advertising agencies on PECR compliance, use of location data and compliant data monetization strategies. Working with a multitude of automotive manufacturers on a range of privacy matters associated with connected car technology and law enforcement access to data. MarTech and privacy advice to a range of industry leaders, publishers and digital advertising agencies on TP cookie sunsetting. Advice to a leading provider of coworking on its global use of AI-enabled CCTV. Advised a global electronics manufacturer in a global data incident involving regulatory filings in over 30 jurisdictions.