David is Director and Co-Head of Data Protection, Privacy and Cybersecurity at Drew & Napier and a member of the firm’s Artificial Intelligence (AI) and Digital Trust practice. He is also Co-Head and Programme Director of the Drew Data Protection & Cybersecurity Academy.
David is a senior technology lawyer with over 25 years’ experience encompassing legal, public policy, business and technological aspects of the digital economy, data, digital technology, telecommunications and the Internet. He has particular expertise in data law and policy, digital and cyber regulation, data protection and cybersecurity.
David has spoken widely on global aspects of data governance, privacy and cybersecurity, development of data protection law in Southeast Asia, data protection management and compliance, AI regulation, digital trust and other technology and business-related topics. He has taught courses up to postgraduate level at local tertiary institutions and is a qualified corporate trainer and adult educator.
Prior to joining the firm, David was the first Chief Counsel to Singapore’s Personal Data Protection Commission (from 2013 to 2020). He has also worked with Singapore’s Info-communications Media Development Authority and its predecessor, the Info-communications Development Authority of Singapore.
David has extensive experience advising and acting for government, commercial and not-for-profit organisations in diverse sectors (for example, telecommunications, information technology, media, e-commerce, banking, insurance, healthcare, retail, hospitality, and manufacturing).
Some of the matters David has advised on include the following:
- Public policy and development of data protection laws in Singapore and Brunei Darussalam, including conduct of public consultations, stakeholder engagement and competency development
- Numerous enforcement cases under Singapore’s Personal Data Protection Act 2012 (PDPA)
- Cybersecurity incident and data breach management and response
- Cybersecurity reviews and audits for a wide range of systems and applications
- Cross-border transfers of personal data, data transfer agreements and transfer impact assessments
Chambers Asia Pacific
TMT 2025 – Band 4
"His strength lies in his deep understanding of the regulatory processes. He also provides strong support on contentious matters."
"I think very highly of David, he knows his stuff very well."
The Legal 500 Asia Pacific
Data Protection and Cyber Security 2024 – Leading Individual
TMT 2024 – Recommended Lawyer for 4 consecutive years
"David Alfred possesses a deep understanding of the nuances and intricacies of data protection and can be relied on to provide sound advice and practical guidance at each stage of the matter."
"David Alfred – critical thinking, solid drafting and excellent legal strategy."
Global Data Review – GDR 100
A client praises David Alfred, hailing his ability to “quickly analyse complex issues and provide robust analysis on compliance processes”. – GDR 100 2022
asialaw Leading Lawyers 2024
“Incisive regulatory advice, cuts to the heart of legal issues and solid legal recommendations.”
“He is very knowledgeable, prompt, able to offer solutions, understands business concerns, practical, and has a good network with regulators.”
Lexology Index (previously Who’s Who Legal)
Global Guide: Data 2025 – Data Privacy & Protection – Recommended Lawyer
Global Guide: Data 2025 – Data Security – Recommended Lawyer
Best Lawyers International: Singapore (2025 edition)
Privacy and Data Security Law - Endorsed Individual
Telecommunications Law - Endorsed Individual for 2 consecutive years