Meet the Team

We are market leaders in terms of depth and breadth of experience. Our DPOs (data protection officers) and lawyers have decades of experience between them. When you sign up with us, you get access to the whole team and our collective experience. Details of our senior management team and our consultants are set out below.


Our Senior Management Team

Christina Maclean

Privacy Director, IT Governance, GRCI Law and DQM GRC


Christina Maclean is Privacy Director for IT Governance, GRCI Law and DQM GRC. She oversees the firm's commercial strategy, client relationship management, product development, and new business initiatives, ensuring the division’s continued growth and success in a competitive landscape.

With a proven track record of driving business growth through evidence-based strategies and delivering exceptional client service, Christina has established herself as a trusted leader in privacy, governance, and compliance. Her strategic vision and commitment to excellence have enabled the privacy division to expand its market presence while maintaining the highest standards of service delivery.

A non-practising solicitor with a rich and diverse professional background, Christina brings expertise in business development, marketing, communications, and broadcast media. Before joining GRCI Law, she honed her skills at top 50 law firms, including Gowling WLG, TLT, and Browne Jacobson, where she contributed to their domestic and international successes.

Christina is a thought leader in privacy and compliance, frequently sharing her insights at industry events and through published articles. She is passionate about empowering businesses to navigate complex regulatory environments with confidence.

When not shaping the future of privacy and compliance, Christina leverages her background in communications to champion transparency and trust in client relationships, setting a benchmark for excellence in the legal and regulatory sectors.

Dr Loredana Tassone

Managing Consultant and Head of EU and UK Representative Services


Loredana oversees operations, service delivery, and management and development of the consultant team. She has more than 15 years’ experience in the fields of privacy rights, data protection and cyber security in both the private and public sectors. She is a specialist in international and European law, and a qualified attorney at law in France and Italy. Based in Brussels, Loredana advises GRCI Law clients on a wide range of data privacy issues. She is a certified GDPR consultant, data protection officer and trainer, and has worked at the European Court of Human Rights, at the Directorate General of Human Rights and Legal Affairs of the Council of Europe, and for international law firms in the EU. Her previous experience includes advising on landmark cases brought before the European Court of Human Rights, including cases on data protection and privacy rights. She has also contributed to European capacity-building projects aimed at strengthening awareness of European legal standards, including data protection. Loredana’s PhD thesis was on the protection of personal data processed within the framework of judicial proceedings. She has helped design and implement elearning courses and training materials on data protection and privacy, and has worked as an associate lecturer at the universities of Manchester, Salford and Strasbourg. She has contributed articles to a range of publications.

Natalie Whitney

Head of Contract and Legal Services


Natalie is a member of our senior management team and is an expert in business risk management. She is a practical, solution-orientated qualified commercial, contracts and data protection lawyer with more than 25 years of international experience. At GRCI Law she advises clients on a wide range of data privacy issues, including multi-jurisdictional issues, due diligence for acquisitions, and legal compliance issues relating to marketing, CRM systems, HR, supplier agreements, cross-border data transfers and standard contract clauses. Her previous experience includes advising on commercial contracts and policies, risk, data protection, competition law and intellectual property. Natalie has advised UK councils, UK government departments and several multinational organisations as well as clients including General Motors, Vodafone, BT Global Operations, NATS (formerly National Air Traffic Services), Bombardier, Network Rail, Oil Spill Response and Cemex. She has also advised the UK Department for Transport on regulatory and risk issues and on the potential effect of Brexit on government projects. She has negotiated, drafted and implemented multimillion-pound international contracts, including with the South African, Namibian, Mozambican, Botswanan and Singaporean governments.


Our Consultants

Clare Bryan

Senior DPO Consultant


Clare is a lawyer and compliance professional with extensive experience in providing legal and regulatory advice across various disciplines (particularly data protection/privacy and marketing law) and covering a wide number of jurisdictions globally. She has more than 20 years’ experience working in both in-house and consultancy roles, including serving as lead legal adviser and subject-matter expert on data privacy compliance to several major FTSE 100 companies. Her strengths lie in analysing complex legislation and delivering clear, commercial and practical guidance on operational compliance to business stakeholders at all levels.

Judith Eis

DPO Consultant


Judith is a certified privacy practitioner with a Juris Doctorate degree in law. She has been instrumental in developing policies and procedures in line with international, EU and UK requirements. She also leads the implementation of governance frameworks for client organisations in information security and risk management to achieve regulatory assurance. Judith focuses on comprehensive and actionable strategies so that privacy issues can be addressed within all areas of an organisation and ensures subsequent monitoring and communication with relevant stakeholders at the highest levels of an organisation.

Ola Irukwu

DPO Consultant


Ola is a certified privacy professional experienced in working alongside various stakeholders to promote best practice in personal data management. She has worked as a data privacy and compliance liaison across a range of sectors r organisations. Her experience includes leading the data privacy compliance function of a leading US law firm and being the DPO for one of the UK’s largest events, advertising, marketing and brand experience agencies. Ola has also worked for a leading healthcare provider that delivers clinical, health and well-being services She provides tailored advice and guidance across all business areas on data privacy compliance requirements, including policies and procedures, DPIAs (data protection impact assessments), data sharing, international data transfers and data subject rights. She is passionate about helping organisations find the right solutions to meet their data privacy obligations.

Ada

DPO Consultant


Ada is a skilled strategist and policy, communications and project management professional. Her experience includes working as an in-house legal adviser specialising in data protection issues for a financial services regulator. She advised on a wide variety of such issues and represented the organisation in dealings with the ICO (Information Commissioner’s Office). Ada was also an in-house legal adviser for a media and telecommunications regulator, for the European Commission, and has been a guest lecturer at the London School of Economics on the techno–legal aspects of information systems.

Anisha Tara

Junior Consultant


Anisha holds a bachelor’s degree in law and a master’s degree in legal practice. She is able to break down complex legislative requirements into easily presentable and digestible material. Anisha is responsible for providing gap analyses for clients and advising them on areas where they can improve, as well as maintaining excellent client relationships and a high level of service.

Helen Pettit

Incident and Breach Management and Data Subject Rights Consultant


Helen is a compliance professional with a wide range of experience in consumer and criminal law and dispute resolution. Her key areas of focus are incident and breach management and complex DSARs. She has advised on a range of complex DSARs for GRCI Law clients, including a leading pizza brand and a well-known gym group. Her role involves regular liaison with the ICO on behalf of clients. Helen has worked for Trading Standards and a construction trade body, where she was the in-house DPO. She is well placed to provide advice and guidance to clients on data protection compliance as well as implementing data protection policies and procedures, including delivery of staff training.

Kirsten Craig

Data Privacy Lawyer


Kirsten is a solicitor with more than 20 years’ experience working both in-house and in private practice, and is a specialist in data privacy. Her experience includes working as senior data privacy counsel for the European arm of a global health insurance provider. Her responsibilities included designing and implementing European data protection policies, procedures and strategy; data privacy monitoring; and providing data privacy and compliance-focused legal advice. Kirsten has also worked as compliance counsel within regulated industries, including as group corporate secretary for Scotland’s largest social housing provider, where she led in the management of all areas of compliance and corporate governance. She was responsible for creating and implementing the global data protection and information management strategy for a leading Scottish alcoholic beverage manufacturer, supporting the EU and UK, and has worked on projects for Asia, the Middle East, Canada and the US. Kirsten is a fluent German speaker.

Loading...