David Sinclair

Consultant Cyber Security and Information Law Solicitor

Last updated on June 27th, 2022 at 11:14 am

Following a career in construction and health and safety, David qualified as a regulatory solicitor and Chartered Health and Safety Practitioner in 2005.  Since 2016 and having completed an LLM. in Information Law and Practice, David has specialised in cyber security and information law.  David has gained extensive experience both in-house, at an NHS Foundation Trust, in primary health and social care and in private practice.  David advises public and private sector clients on cyber security, data protection, freedom of information, environmental information and common law confidentiality, as well as on the Privacy of Electronic Communications Regulations.  David also continues to advise on health and safety and fire safety law.   David represents companies, public bodies and not for profit organisations in police and ICO investigations following cyber-attacks and data breaches, including as part of cyber security incident response teams.  He also advises boards and senior managers on the commercial and management aspects of cyber security and data protection, including data protection documentation, data processing and sharing agreements, DPO appointment and management, data protection management systems, data sharing in mergers and acquisitions, data subject rights, staff information and training and data breach management.

Commended by clients for his clear advice and practical, down to earth approach, David undertakes due diligence, system reviews and audit work to assist organisations to meet their information assurance and cyber-security compliance obligations.  David also provides company and trustee board and senior management data protection and information security training.  In addition to his LLM in Information Law and Practice (with Commendation), David has a BSc. (Hons) in Occupational Health and Safety, Master of Science degree  in Information Security Management (with Distinction) and he is an Associate Lecturer in Cyber Security and Information Law at the University of Northumbria.

Practice areas

David’s recent areas of practice include:

  • GDPR and DPA 2018 compliance
  • Data management (including in mergers and acquisitions)
  • Data subject rights (including effective DSAR management)
  • Data mapping and a Register of Processing Activities development
  • Data protection policies and procedures
  • Consent to data processing
  • Data processing contracts and data sharing agreements
  • Risk assessment (including data protection impact assessments)
  • Records management and data security
  • Cyber-attack and data breach incident response and management
  • Data compliance reviews and audit
  • Board, manager and specialist cyber security and information law training

David also advises on health and safety, fire safety and healthcare safety law and he advises and represents clients in relation to HSE, local authority and CQC investigations.


  • Running and cycling


  • MSc Information Security Management with Distinction, Northumbria University
  • LLM Information Law & Practice, Northumbria University
  • Legal Practice Course, College of Law (York)
  • Postgraduate Diploma in Law, College of Law (Birmingham)
  • Postgraduate Diploma in Environmental Management Practice, University of Durham
  • BSc. (Hons.) Occupational Health and Safety, Leeds Metropolitan University
  • Associate Lecturer in Cyber Security and Information Law, Northumbria University

Recent work

David has advised clients on a wide-range of contentious and non-contentious data protection and freedom of information matters.  I have just completed an online harms guidance for primary care staff.   I am currently advising clients on the proposed changes to data protection law and practice arising from the government’s National Data Strategy and its consultation on Data: A new direction, as well as on data sharing and GDPR compliance.

Linkedin: View Profile

Email: david.sinclair@jonathanlea.net

Our Team