James Castro-Edwards

Partner

Head of Data Protection




T: +44 (0)20 7395 3108
jcastro-edwards@wedlakebell.com

James Castro-Edwards's LinkedIn profile James Castro-Edwards's Twitter profile 

Expertise

    James has practiced in data protection since 2006 advising organisations in the private, public and third sectors on privacy issues. His experience includes managing global data protection compliance projects for multinational companies, providing advice on discrete data protection issues and advising companies that have suffered a data breach, as well as dealing with data subjects’ requests and advising on data protection impact assessments (DPIAs). He has also developed and delivered data protection audit and training programs to a wide variety of operators and leads the firm’s outsourced data protection officer service, ProDPO (https://prodpo.com/)
    James is widely published in a variety of titles, a regular public speaker on data protection issues and wrote the text book on the GDPR for The Law Society.

 


Recent Experience

  • Advising a US$14 BN multinational company on the data protection issues arising from a global HR system.
  • Delivering a data protection audit and providing ongoing advice to a national construction and homebuilding company.
  • Advising a US headquartered global relocation services provider on data protection matters.
  • Advising a London Council on data sharing arrangements.
  • Providing outsourced data protection officer (DPO) services to a European commercial bank.
  • Developing and delivering an accredited Data Protection Officers training course to a European government.

Career History

James joined Wedlake Bell in May 2015 as a partner and head of data protection, from PricewaterhouseCoopers (PwCLegal) cyber security and data protection team.

Prior to PwCLegal, James was a senior associate, specialising in data protection at Speechly Bircham.

After obtaining a degree in Law from Queen Mary University in London, he qualified at Japanese investment bank Mizuho International, in 2004. He also took a Legal Practice Course at the College of Law in London.


Publications

James regularly writes on data protection and has been published in a wide range of titles, including The Times, The Guardian, Spear’s Wealth, V3, Data Protection Law & Policy, Risk & Compliance and USLaw.

He frequently speaks on data protection and cyber security matters, including appearances on BBC News, LBC Radio, and at The Law Society.


"Practice head James Castro-Edwards is advising [...] on data protection issues surrounding its employees and on GDPR compliance"


— Legal 500, 2017

"James Castro-Edwards is a 'cybersecurity expert'"


— Legal 500, 2017

Insights

Legal opinion: Why Bounty was smacked with a £400,000 fine – Computing 18/04/2019

Insights

How to handle subject access requests

Insights

Employee data breaches – Distress under GDPR and the role of insurance

Insights

The legality of microchipping employees – People Management

Insights

​James Castro-Edwards’ article is published in Information Age

Insights

Reporting data breaches – a guide for HR teams

Insights

“Tech and data protection law, post-GDPR” – James Castro-Edwards writes for Computing Magazine

Insights

“User data controversy instigates Facebook changes as ICO investigates” – James Castro-Edwards comments for Digital Business Lawyer

Insights

“Facebook privacy row: Hard fines for tech giants ‘will plug data leaks'” – James Castro-Edwards comments for The Times

Insights

James Castro-Edwards and Nikita Saini host Data Protection webinar for The Law Society

Insights

“Find out how SMEs can avoid big GDPR fines and penalties” – James Castro-Edwards hosts webinar for Real Business

Insights

Partner and Head of Data Protection, James Castro-Edwards, interviewed by the Insurance POST

Insights

In Trust: James Castro-Edwards Profile

Insights

The Law Society Gazette review Partner James Castro-Edwards’ book on GDPR

Insights

Law Lessons: What EU GDPR & NIS Directive Mean For Your Business

Insights

General Data Protection Regulation – practical steps to compliance

Insights

Companies at risk over personal data compliance

Insights

EU General Data Protection Regulation

Insights

Wearables and data collection: Insurers should think twice before tracking private data from wearables

Insights

Subject Access Requests following Dawson-Damer v Taylor Wessing