David is Director and Co-Head of Data Protection, Privacy and Cybersecurity at Drew & Napier and Co-Head and Programme Director of the Drew Data Protection & Cybersecurity Academy. His main practice areas also include Artificial Intelligence and Digital Trust, ASEAN and Global Data Protection Law, and Data Breach Management and Response.
David has over 25 years’ experience advising on legal, public policy and business-related aspects of the digital economy, digital technology, telecommunications and the Internet. He has particular expertise in data law and policy including areas such as data privacy, data protection management, cybersecurity, AI ethics, data governance and digital and cyber regulation. He presently acts as the Data Protection Officer of various organisations including Drew & Napier itself.
As a qualified adult educator, David has developed and conducted a wide range of courses for clients in Singapore and overseas. He often speaks on topics related to his areas of practice and has taught courses up to postgraduate level at local tertiary institutions.
David was previously the first Chief Counsel of Singapore’s Personal Data Protection Commission (from 2013 to 2020). He has also held director-level roles with the Infocomm Media Development Authority and its predecessor, the Info-communications Development Authority of Singapore, where he advised on matters related to international telecommunications, world trade law and government procurement (amongst others).
David has extensive experience advising clients in diverse sectors including, for example, e-commerce, telecommunications, information technology, media, banking, insurance, healthcare, hospitality, retail, manufacturing and government.
Some of the matters he has advised on include the following:
- Development of data protection laws in Singapore and Brunei Darussalam, including stakeholder engagement and competency development;
- Cybersecurity incident response and data breach management including notifications to stakeholders and investigations (locally and overseas);
- Outsourcing of data processing and cross-border transfers of personal data, data transfer agreements and transfer impact assessments;
- Development of data protection policies, notices and related documentation including regional and global policies; and
- Contracts for procuring or providing AI and data-related products and services.
Chambers Asia Pacific
TMT 2026 – Band 4 for 2 consecutive years
His advice is well thought out and practical. He is also able to think outside the box, which is helpful when we are faced with novel areas of the law. ‘
‘He has been knowledgeable in the area of law I consulted him on, and has always been very responsive.‘
"His strength lies in his deep understanding of the regulatory processes. He also provides strong support on contentious matters."
"I think very highly of David, he knows his stuff very well."
The Legal 500 Asia Pacific
Data Protection and Cyber Security 2025 – Leading Individual for 2 consecutive years
TMT 2025 – Recommended Lawyer for 5 consecutive years
"David Alfred … has in-depth understanding of data protection laws in Singapore and ASEAN. His ability to navigate complex regulatory frameworks and his deep understanding of our industry's nuances have consistently impressed me."
"David Alfred possesses a deep understanding of the nuances and intricacies of data protection and can be relied on to provide sound advice and practical guidance at each stage of the matter."
"David Alfred – critical thinking, solid drafting and excellent legal strategy."
Global Data Review – GDR 100
A client praises David Alfred, hailing his ability to “quickly analyse complex issues and provide robust analysis on compliance processes”. – GDR 100 2022
asialaw Leading Lawyers 2025
Technology & Telecommunications 2025 – Elite Practitioner
“Incisive regulatory advice, cuts to the heart of legal issues and solid legal recommendations.”
“He is very knowledgeable, prompt, able to offer solutions, understands business concerns, practical, and has a good network with regulators.”
Lexology Index (previously Who’s Who Legal)
Global Guide: Data 2026 – Data Privacy & Protection – Recommended Lawyer for 2 consecutive years
Global Guide: Data 2026 – Data Security – Highly Recommended Lawyer; previously Recommended Lawyer
Client Choice 2026: Data
National Guide: Southeast Asia – Data 2025 – Recommended Lawyer
Best Lawyers International: Singapore (2026 edition)
Privacy and Data Security Law - Endorsed Individual for 2 consecutive years
Telecommunications Law - Endorsed Individual for 3 consecutive years