Geraldine Scali

  1. People /

Geraldine Scali

Geraldine Scali

Partner


London
  1. People /

Geraldine Scali

Geraldine Scali

Partner


London

Geraldine Scali

Partner

London

T: +44 (0) 20 3400 4483

LinkedInLinkedIn
VcardVcard
Download PDFDownload PDF
Print
Share

Biography

Geraldine Scali focuses on data protection and security. For over 15 years now she had been assisting international clients from all industries but with a specific focus on the financial services, retail and pharma industry. She advises on all aspects of data privacy and security with a focus on the implementation of global data protection compliance programmes including on UK/EU GDPR compliance, cross-border data transfers, preparedness and management of personal data breaches and reporting. She also regularly advises on data protection issues in the context cross-border investigations and litigation, corporate deals, and Inclusion & Diversity Programmes. In addition, she advises a clients on the emerging laws that impact the development and implementation of AI solutions.

Geraldine is listed in Who’s Who Legal: UK Global Elite Thought Leaders and as a leading individual in the 2021 edition of Who’s Who Legal: Data – “Geraldine Scali at BCLP receives effusive praise for her longstanding practice which encompasses security breach responses, data protection litigation and GDPR compliance advice.” She is also recognised in Legal 500 in the Data Protection chapter, clients say: ‘Geraldine Scali is a great partner. She is enthusiastic, very adept at finding creative paths forward, is not shy about giving a strong opinion, even if it is not the opinion we were hoping for, and is masterful at synching her advice with the mindset our regulators are coming from. We love Geraldine and are so glad she’s in our corner.’

Geraldine regularly contributes to the data protection and security team’s blogs and alerts and is a contributing author to Financial Regulation: Emerging Themes in 2021 – an extensive collection of articles around the themes of Brexit; Regulatory Change; Regulatory and Litigation Risk; Technology; Governance; and Sustainability and People. She also regularly speaks on data protection and security including at IAPP’s conferences and writes for several journals including Data Protection Leader Magazine and Data Guidance. Geraldine is an active member as a mentor in the mentoring programme of the W@Privacy platform which aims at bringing together privacy experts and enthusiasts to share, connect and engage on data protection and privacy topics.

Prior to joining BCLP, Geraldine practised in the UK in an American law firm for 9 years focusing on data protection and cybersecurity and started her career in France in leading French and English law firms focusing on IP/IT, data protection and communication law. She is a dual-qualified lawyer, admitted as a Solicitor in England and Wales and as a French lawyer admitted to the Paris bar.

Professional Affiliations

  • Women in Privacy®, an international networking group for women data protection and privacy professionals
  • IAPP (International Association of Privacy Professionals)
  • W@Privacy, a platform for women privacy professionals

The Growth of Class Actions: What’s next?

Admissions

  • Paris
  • England and Wales

Related Practice Areas

  • Data Privacy, Telecommunications & Collections

  • General Data Protection Regulation

  • Cryptocurrency & Digital Assets

  • M&A & Corporate Finance

  • Insurance

  • BCLP Data Breach Hotline

  • Payment Systems

  • Technology Transactions

  • Real Estate Sector

  • AdTech

  • Marketing & Advertising

  • Crypto and Digital Assets

  • Banking Sector

  • Special Investigations

  • Retail & Consumer Products

  • Sports & Entertainment

  • Data Privacy & Security

  • Fintech

  • Corporate

  • Finance

  • Investigations

  • Regulation, Compliance & Advisory

  • Sports & Entertainment Contract, Endorsement & Celebrity Representation Practice

  • Anti-Doping Practice

  • Sports & Event Venue Real Estate Infrastructure and Operation

  • Naming Rights & Sponsorship Practice

  • Sports & Entertainment M&A Practice

  • Sports & Entertainment Specialty Counseling Practice

  • Entertainment Industry Practice

  • Sports & Event Financing

  • Olympic & National Governing Body Practice

  • Professional Sports Team Practice

Experience

Geraldine’s experience includes advising:

  • Numerous international companies in the financial services, life sciences and retail on compliance with the UK/EU GDPR including on cross-border data transfers;
  • Various organisations on dealing with personal data breaches including ransomware attacks;
  • Various international banks in the context of a cross-border investigations in the context of whistleblowing procedure or on the data protection implications of the mirroring of mobile devices;
  • An investment management firm on employee monitoring and the rollout of monitoring software;
  • Multiple clients in relation to the design and launch of diversity and inclusivity initiatives including multi-jurisdictional employee surveys; and
  • Multiple clients in relation to updating their intra-group data transfer agreements to take into account the rollout of the new EU Standard Contractual Clauses and UK International Data Transfer Agreement and Addendum.

Related Insights

View All Related Insights

Insights
Mar 08, 2024

What is FemTech and how can it meet the privacy needs of its users?

In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some commercially-minded approaches to address users’ privacy needs.
Insights
Feb 13, 2024

English Court decides Covid-19 is a “catastrophe”

The English Court has, for the first time, considered the meaning of a “catastrophe”, as well as how Hours Clauses work in the context of non-damage business interruption losses claimed under two Property Catastrophe Excess of Loss Reinsurance Treaties.  While the Covid-19 pandemic may feel like a distant memory to some, disputes about the recovery of Covid-19 losses continue to trouble many reinsureds and reinsurers.  The two key issues considered by the Commercial Court in determining appeals from arbitration awards made in Unipol Re v Covéa and Markel v Gen Re may bring welcome, and valuable, guidance to those in the reinsurance industry debating these terms. Those underwriting or purchasing “catastrophe” covers may also want to carefully consider this judgment and whether the Court’s approach to the meaning of that word aligns with their coverage expectations.
Insights
30 January 2024

Employee Monitoring: Lessons from CNIL’s EUR 32M fine against Amazon France Logistique

Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses. The CNIL's investigation focused on the monitoring of employees’ activity and video surveillance systems. Below are the key takeaways from the CNIL’s decision to fine Amazon.
Insights
Nov 30, 2023

Data and Cybersecurity - European Union Legislation and Proposals

The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity. The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. In our tracker we (1) provide a snapshot, (2) explain who is impacted and (3) confirm the status and timeline for each of: the Digital Services Act, the Digital Markets Act, the Data Governance Act, the Data Act, the NIS2 Directive, the Cybersecurity Act and the Cybersecurity Resilience Act.
Insights
Nov 30, 2023

EDPB explains EU ePrivacy cookie rules apply to emerging online tracking tools

On 14 November 2023, the European Data Protection Board (EDPB) adopted guidelines on the technical scope of Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC, as amended) (ePD). This reflects the EDPB's intent to ensure that privacy laws keep pace with the rapidly evolving digital environment and helps fill a lacuna left by the stalled draft EU ePrivacy Regulation, intended to reform and update the ePD. The guidelines also anticipate an acceleration in new online tracking techniques being developed to address the withdrawal of support for third party cookies, which are at the core of the current AdTech ecosystem. 
Insights
Nov 14, 2023

Understanding the Data Governance Act: key aspects and challenges

A few weeks ago, on 24 September 2023, the Data Governance Act (Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance) (“DGA”) came into force.  The DGA aims to bolster the data economy by encouraging public sector bodies to share certain categories of protected data (e.g., personal data and commercially confidential data) and promote data altruism. We set out below an overview of the key aspects of the DGA.
Insights
Oct 25, 2023

CNIL publishes ‘AI How-To Sheets’ on Aligning Artificial Intelligence Systems with GDPR

A few days ago, the French Data Protection Authority (CNIL) published its first draft guidelines for the use of AI systems in the form of "AI How-To Sheets" with the aim to “help professionals reconcile innovation with respect of people’s rights”. These guidelines aim to guide industry stakeholders on the alignment of artificial intelligence with the General Data Protection Regulation (GDPR). In particular, it sheds light on how AI databases can adhere to principles of data purpose, minimisation and retention. Following a public consultation period that will end on 16 November 2023, the CNIL is scheduled to release the finalised guidelines in early 2024.

Related Insights

Insights
Mar 08, 2024
What is FemTech and how can it meet the privacy needs of its users?
In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some commercially-minded approaches to address users’ privacy needs.
Insights
Feb 13, 2024
English Court decides Covid-19 is a “catastrophe”
The English Court has, for the first time, considered the meaning of a “catastrophe”, as well as how Hours Clauses work in the context of non-damage business interruption losses claimed under two Property Catastrophe Excess of Loss Reinsurance Treaties.  While the Covid-19 pandemic may feel like a distant memory to some, disputes about the recovery of Covid-19 losses continue to trouble many reinsureds and reinsurers.  The two key issues considered by the Commercial Court in determining appeals from arbitration awards made in Unipol Re v Covéa and Markel v Gen Re may bring welcome, and valuable, guidance to those in the reinsurance industry debating these terms. Those underwriting or purchasing “catastrophe” covers may also want to carefully consider this judgment and whether the Court’s approach to the meaning of that word aligns with their coverage expectations.
Insights
30 January 2024
Employee Monitoring: Lessons from CNIL’s EUR 32M fine against Amazon France Logistique
Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses. The CNIL's investigation focused on the monitoring of employees’ activity and video surveillance systems. Below are the key takeaways from the CNIL’s decision to fine Amazon.
Insights
Dec 12, 2023
A GDPR for AI? Political agreement reached on the EU AI Act
Insights
Dec 05, 2023
Watching employers watching their workers
Insights
Nov 30, 2023
Data and Cybersecurity - European Union Legislation and Proposals
The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity. The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. In our tracker we (1) provide a snapshot, (2) explain who is impacted and (3) confirm the status and timeline for each of: the Digital Services Act, the Digital Markets Act, the Data Governance Act, the Data Act, the NIS2 Directive, the Cybersecurity Act and the Cybersecurity Resilience Act.
Insights
Nov 30, 2023
EDPB explains EU ePrivacy cookie rules apply to emerging online tracking tools
On 14 November 2023, the European Data Protection Board (EDPB) adopted guidelines on the technical scope of Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC, as amended) (ePD). This reflects the EDPB's intent to ensure that privacy laws keep pace with the rapidly evolving digital environment and helps fill a lacuna left by the stalled draft EU ePrivacy Regulation, intended to reform and update the ePD. The guidelines also anticipate an acceleration in new online tracking techniques being developed to address the withdrawal of support for third party cookies, which are at the core of the current AdTech ecosystem. 
Insights
Nov 14, 2023
Understanding the Data Governance Act: key aspects and challenges
A few weeks ago, on 24 September 2023, the Data Governance Act (Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance) (“DGA”) came into force.  The DGA aims to bolster the data economy by encouraging public sector bodies to share certain categories of protected data (e.g., personal data and commercially confidential data) and promote data altruism. We set out below an overview of the key aspects of the DGA.
Insights
Oct 25, 2023
CNIL publishes ‘AI How-To Sheets’ on Aligning Artificial Intelligence Systems with GDPR
A few days ago, the French Data Protection Authority (CNIL) published its first draft guidelines for the use of AI systems in the form of "AI How-To Sheets" with the aim to “help professionals reconcile innovation with respect of people’s rights”. These guidelines aim to guide industry stakeholders on the alignment of artificial intelligence with the General Data Protection Regulation (GDPR). In particular, it sheds light on how AI databases can adhere to principles of data purpose, minimisation and retention. Following a public consultation period that will end on 16 November 2023, the CNIL is scheduled to release the finalised guidelines in early 2024.