David is Co-Head of the firm’s Data Protection, Privacy and Cybersecurity Practice and Co-Head of the Drew Data Protection and Cybersecurity Academy.
David is a senior data protection, cybersecurity and technology lawyer with over 20 years’ experience advising on a broad range of matters relating to digital technology, telecommunications and the Internet. He has advised on both regulatory and commercial matters including matters relating to development and review of public policy, legislation, regulatory enforcement, international relations and data governance (amongst others). David is also an accomplished speaker who has spoken widely on the development of Singapore data protection law, data protection and cybersecurity governance and compliance and related issues.
Prior to joining the firm, David was the first Chief Counsel to Singapore’s Personal Data Protection Commission (2013-2020). He has also worked with the Info-communications Development Media Authority and its predecessor, the Info-communications Development Authority of Singapore.
David’s experience includes a substantial stint as an in-house counsel and he has held General Counsel or equivalent positions for over 10 years. He is familiar with corporate governance, legal risk management and the development and management of the in-house legal function.
David’s experience in data protection and cybersecurity includes advising on numerous cases under Singapore’s Personal Data Protection Act (PDPA) including several which relate to data breaches, information security and protection of personal data. He has also acted as external DPO for various organisations and has advised on various compliance, policy and cross-border issues relating to data protection.
David’s experience with the Drew Data Protection & Cybersecurity Academy includes developing and delivering courses and training programmes on data protection law, management and compliance, including customised programmes and course materials for individual organisations.
Some matters he has advised on include:
- Data breach / security incident response and management
- Review of specific cybersecurity measures
- Development of data protection policies and processes
- Data Protection Trustmark requirements