Our Website Uses Cookies 


We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.


For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Mark Young advises clients on data protection, cybersecurity and other tech regulatory matters. He has particular expertise in product counselling, GDPR regulatory investigations, and legislative advocacy. Mr. Young leads on EU cybersecurity regulatory matters, and helps to oversee our internet enforcement team.

He has been recognized in Chambers UK as "a trusted adviser - practical, results-oriented and an expert in the field." Recent editions note that he is "deeply knowledgeable in the area of privacy and data protection," "fast, thorough and responsive," and has "great insight into the regulators."

  • Counsel to several major technology companies on GDPR and global data privacy compliance, particularly in relation to new features, products and services that involve cutting edge issues (e.g., AI, biometric data, Internet of Things devices, etc.).
  • Advises several pharmaceutical, biotech and healthcare companies on GDPR compliance; international transfers of data and the development, implementation and authorization of Binding Corporate Rules (BCRs); clinical trials and pharmacovigilance; cloud computing and service contracts; digital health products and services, including in relation to data analytics and rights; and internal investigations.
  • Advises a major cloud computing provider on compliance with security and incident reporting obligations that apply to digital service providers under the EU Network and Information Systems (NIS) Directive.
  • Counsel to multiple clients who have experienced a cyber / data security incident, including supervising technical investigations, advising on notification obligations and other legal risks, and representing clients before regulators around the world.
  • Coordinated an EU and ex-U.S. team as part of a 24/7 global incident response effort over several weeks in relation to a multifaceted systems and controls issue.

Pro Bono

  • Advising Privacy International, the privacy-rights NGO, with respect to emerging EU and other privacy and data retention laws (2007-2012).

Memberships and Affiliations

  • IAPP   
  • Society for Computers and Law

Previous Experience

  • Trained with and qualified into the IP department of a leading City of London law firm
  • First Data International, seconded to the in-house legal team
  • BBC, Vodafone, the Times newspaper, legal internships
  • PricewaterhouseCoopers, IT Management Consultant
  • Chambers UK, Data Protection and Information Law (2014-2021)
  • Chambers UK, Parliamentary & Public Affairs (2013-2014), recognised as “an expert on data protection law and policy”
  • Legal 500 UK, Data Protection (2016) and Public Affairs (2011)
  • Sports, Media and Entertainment Team of the Year (Intellectual Property Magazine Awards, 2010)