Our Website Uses Cookies 

We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.

For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Mark Young advises clients on data protection, cybersecurity and intellectual property matters. He has particular expertise in regulatory compliance and legislative advocacy, cyber and data security incident preparation and management, and online IP enforcement.

According to the latest edition of Chambers UK (2019), he is "deeply knowledgeable in the area of privacy and data protection," as well as "fast, thorough and responsive." In previous editions, he has been recognized as "a trusted adviser - practical, results-oriented and an expert in the field," having "a really sharp analytical mind," and "being particularly well thought of for his insight into the EU General Data Protection Regulation."

  • Advises several pharmaceutical, biotech and healthcare companies on GDPR compliance; international transfers of data and the development, implementation and authorization of Binding Corporate Rules (BCRs); clinical trials and pharmacovigilance; cloud computing and service contracts; digital health products and services, including in relation to data analytics and rights; and internal investigations.
  • Counsel to several major technology companies on GDPR and global data privacy compliance, particularly in relation to new features, products and services that involve cutting edge issues (e.g., AI, biometric data, Internet of Things devices, etc.).
  • Advises a major cloud computing provider on compliance with security and incident reporting obligations that apply to digital service providers under the EU Network and Information Systems (NIS) Directive.
  • Counsel to multiple clients who have experienced a cyber / data security incident, including supervising technical investigations, advising on notification obligations and other legal risks, and representing clients before regulators around the world.
  • Coordinated an EU and ex-U.S. team as part of a 24/7 global incident response effort over several weeks in relation to a multifaceted systems and controls issue.

Pro Bono

  • Advising Privacy International, the privacy-rights NGO, with respect to emerging EU and other privacy and data retention laws (2007-2012).

Memberships and Affiliations

  • IAPP   
  • Society for Computers and Law

Previous Experience

  • Trained with and qualified into the IP department of a leading City of London law firm
  • First Data International, seconded to the in-house legal team
  • BBC, Vodafone, the Times newspaper, legal internships
  • PricewaterhouseCoopers, IT Management Consultant
  • Chambers UK, Data Protection and Information Law (2014-2020)
  • Chambers UK, Parliamentary & Public Affairs (2013-2014), recognised as “an expert on data protection law and policy”
  • Legal 500 UK, Data Protection (2016) and Public Affairs (2011)
  • Sports, Media and Entertainment Team of the Year (Intellectual Property Magazine Awards, 2010)