David is Co-Head of the firm’s Data Protection, Privacy and Cybersecurity Practice and Co-Head of the Drew Data Protection and Cybersecurity Academy.
David is a senior data protection, cybersecurity and technology lawyer with over 20 years’ experience advising on a broad range of matters relating to digital technology, telecommunications and the Internet. He has advised on both regulatory and commercial matters including matters relating to development and review of public policy, legislation, regulatory enforcement, international relations and data governance (amongst others). David is also an accomplished speaker who has spoken widely on the development of Singapore data protection law, data protection and cybersecurity governance and compliance and related issues.
Prior to joining the firm, David was the first Chief Counsel to Singapore’s Personal Data Protection Commission (2013-2020). He has also worked with the Info-communications Development Media Authority and its predecessor, the Info-communications Development Authority of Singapore.
David’s experience includes a substantial stint as an in-house counsel and he has held General Counsel or equivalent positions for over 10 years. He is familiar with corporate governance, legal risk management and the development and management of the in-house legal function.
David’s experience in data protection and cybersecurity includes advising on numerous cases under Singapore’s Personal Data Protection Act (PDPA) including several which relate to data breaches, information security and protection of personal data. He has also acted as external DPO for various organisations and has advised on various compliance, policy and cross-border issues relating to data protection.
David’s experience with the Drew Data Protection & Cybersecurity Academy includes developing and delivering courses and training programmes on data protection law, management and compliance, including customised programmes and course materials for individual organisations.
Some matters he has advised on include:
- Data breach / security incident response and management
- Review of specific cybersecurity measures
- Development of data protection policies and processes
- Data Protection Trustmark requirements
The Legal 500 Asia Pacific
TMT 2023 – Recommended Lawyer for 3 consecutive years
Global Data Review – GDR 100
A client praises David Alfred, hailing his ability to “quickly analyse complex issues and provide robust analysis on compliance processes”. – GDR 100 2022
asialaw Leading Lawyers 2023
“Great understanding of the issue and seeks to clarify when information not clear.”
Best Lawyers International: Singapore (2024 edition)
Telecommunications Law - Endorsed Individual