Mark Rhodes

Mark Rhodes

Job Title: Senior Consultant Solicitor

Mark is a privacy and data protection specialist solicitor and has been practising privacy and data protection since 2006, long before GDPR.  As such, he brings a rare depth of experience to draw upon when providing advice.  Mark has spent most of his career in-house and has lived and breathed the wider commercial context and imperative to be pragmatic. He has worked within both the financial services and the life sciences industries.

Mark’s experience includes: 

  • Chief Privacy Officer and Data Protection Officer for a company delivering the world’s first and only multi-condition software as a medical device;
  • Chief Privacy Officer and Data Protection Officer for a household FTSE 100 plc in financial services in 32 countries; and, 
  • Group Head of Privacy at a division of a top 15 global brand.

More substantively, he has advised on:

  • Inventory - mapping data used, by whom, why and when, and qualifying the material associated risk and the relevant controls (and documentation).
  • Consent and consent management - privacy policies and notices, cookies policies, not collecting data that should be collected or using data outside of permissions.
  • Privacy contract terms - negotiating of privacy contractual terms for commercial agreements; application of which standard contract terms.
  • Operationally handing personal data from privacy by design, data privacy impact assessments, transfer impact assessments, through to complaints handling, enquiries and data subject access requests.
  • Over retention and destruction of data – ensuring retention requirements are proportionate and applied; finding and fixing where there is insufficient deletion of data.
  • Governance - reviewing internal policies (not just to be compliant but also actually understandable), appropriate governance and audit requirements of a business as well as both their business customers and any third-party providers or subcontractors; due diligence on acquisitions;
  • Risk management and reporting – spotting trends and translating the impact of new laws;
  • Training and awareness – the single biggest control an organisation can wield;
  • Regulators, law enforcement & various other government departments - successfully engaging and responding or steering engagement. This also extends to successfully managing engagement by privacy activists;
  • Breaches - 100% successful closure of data breaches without fines or other sanctions; 
  • Privacy risk management programmes - designing, structuring, embedding and reviewing sustainable privacy programmes to appropriately manage risk to business risk appetite.

Getting Privacy and Data Protection compliance right, pragmatically, and proportionate to the risk is key to commercial success.  It also best positions a business to take advantage of market opportunities sooner, for example, by implementing AI systems. 

If an initial call could be useful, please call.


Practices: Business Law, GDPR Compliance & Data Protection, Intellectual property


We’re an award-winning law firm

Scroll to Top