Skip Repeated Content

Geraldine Scali is based in the London office and focuses on data protection, privacy and information technology. She advises international clients on data protection, privacy and information security including GDPR compliance, cross-border transfers including Binding Corporate Rules, data protection issues in the context of international litigations and investigations and corporate deals, cybersecurity and security breach responses. In addition, she regularly speaks on data protection and cyber security and writes for a number of journals. She is also a contributor to various books on data protection and the EU General Data Protection Regulation, including the text book published by BNA on the GDPR.

In 2013, Geraldine co-founded an international networking group established for women working as in-house counsel,compliance officers and other professionals in the field of privacy.

Geraldine is recommended in The Legal 500 UK 2017 for Data Protection, Privacy & Cybersecurity. In previous editions, clients described her as “very well-informed” and “experienced and communicative.” She is also listed in the 2019 edition of Who’s Who Legal: UK Global Elite Thought Leaders and the 2020 edition of Who’s Who Legal: Data.

Prior to joining BCLP, Geraldine practised in the UK in an American law firm for 9 years focusing on data protection and cybersecurity and started her career in France in leading French and English law firms focusing on computer law, e-commerce, data protection, privacy and communication law. She is a dual-qualified lawyer, admitted as a Solicitor in England and Wales in 2014, and a French lawyer admitted to the Paris bar in 2005.


Professional Affiliations

    • Women in Privacy®, an international networking group for women data protection and privacy professionals
    • IAPP (International Association of Privacy Professionals)
    • IAPP (International Association of Privacy Professionals)
Read More

Representative Experience

Her experience (prior to joining BCLP) includes advising:

  • numerous international companies including banks, payment services providers and investment managers on compliance with the GDPR.
  • the Corporate Compliance Monitor of a bank appointed by the U.S. Department of Justice, the UK Financial Conduct Authority and the U.S. Board of Governors of the Federal Reserve System on data protection and bank secrecy related issues.
  • various organisations on dealing with international data security breaches.
  • a global manufacturing company with a global data protection project including implementation of Binding Corporate Rules.
  • various companies on data protection issues in the context of international arbitrations, litigations and investigations by foreign authorities including on data transfer issues.