James Castro-Edwards
Partner
Head of Data Protection

Expertise
- James has practiced in data protection since 2006 advising organisations in the private, public and third sectors on privacy issues. His experience includes managing global data protection compliance projects for multinational companies, providing advice on discrete data protection issues and advising companies that have suffered a data breach, as well as dealing with data subjects’ requests and advising on data protection impact assessments (DPIAs). He has also developed and delivered data protection audit and training programs to a wide variety of operators and leads the firm’s outsourced data protection officer service, ProDPO (https://prodpo.com/)
- James is widely published in a variety of titles, a regular public speaker on data protection issues and wrote the text book on the GDPR for The Law Society.
Recent Experience
- Advising a US$14 BN multinational company on the data protection issues arising from a global HR system.
- Delivering a data protection audit and providing ongoing advice to a national construction and homebuilding company.
- Advising a US headquartered global relocation services provider on data protection matters.
- Advising a London Council on data sharing arrangements.
- Providing outsourced data protection officer (DPO) services to a European commercial bank.
- Developing and delivering an accredited Data Protection Officers training course to a European government.
Career History
James joined Wedlake Bell in May 2015 as a partner and head of data protection, from PricewaterhouseCoopers (PwCLegal) cyber security and data protection team.
Prior to PwCLegal, James was a senior associate, specialising in data protection at Speechly Bircham.
After obtaining a degree in Law from Queen Mary University in London, he qualified at Japanese investment bank Mizuho International, in 2004. He also took a Legal Practice Course at the College of Law in London.
Publications
James regularly writes on data protection and has been published in a wide range of titles, including The Times, The Guardian, Spear’s Wealth, V3, Data Protection Law & Policy, Risk & Compliance and USLaw.
He frequently speaks on data protection and cyber security matters, including appearances on BBC News, LBC Radio, and at The Law Society.
"Practice head James Castro-Edwards is advising [...] on data protection issues surrounding its employees and on GDPR compliance"
— Legal 500, 2017
"James Castro-Edwards is a 'cybersecurity expert'"
— Legal 500, 2017
Insights
Legal opinion: Why Bounty was smacked with a £400,000 fine – Computing 18/04/2019
Insights
How to handle subject access requests
Insights
Employee data breaches – Distress under GDPR and the role of insurance
Insights
The legality of microchipping employees – People Management
Insights
James Castro-Edwards’ article is published in Information Age
Insights
Reporting data breaches – a guide for HR teams
Insights
“Tech and data protection law, post-GDPR” – James Castro-Edwards writes for Computing Magazine
Insights
“User data controversy instigates Facebook changes as ICO investigates” – James Castro-Edwards comments for Digital Business Lawyer
Insights
“Facebook privacy row: Hard fines for tech giants ‘will plug data leaks'” – James Castro-Edwards comments for The Times
Insights
James Castro-Edwards and Nikita Saini host Data Protection webinar for The Law Society
Insights
“Find out how SMEs can avoid big GDPR fines and penalties” – James Castro-Edwards hosts webinar for Real Business
Insights
Partner and Head of Data Protection, James Castro-Edwards, interviewed by the Insurance POST
Insights
In Trust: James Castro-Edwards Profile
Insights
The Law Society Gazette review Partner James Castro-Edwards’ book on GDPR
Insights
Law Lessons: What EU GDPR & NIS Directive Mean For Your Business
Insights
General Data Protection Regulation – practical steps to compliance
Insights
Companies at risk over personal data compliance
Insights
EU General Data Protection Regulation
Insights
Wearables and data collection: Insurers should think twice before tracking private data from wearables
Insights