Henry Pelling

Senior Associate
He’s extremely responsive to our requests and he offers practical and actionable advice. He is always available for emergencies as well which gives us a great sense of security in urgent situations.
CPO for Global Pharmaceutical Company
London
About

Henry is known for supporting clients through complex data breaches and cyber security incidents, as well as advising clients on a range cyber assurance mandates (from the application of cyber security laws and incident preparedness).

He is a go-to advisor for complex data privacy mandates and is frequently parachuted in to advise on clients' most high-risk processing activities and/or those with potential regulatory exposure.

Henry’s experience is underpinned by significant in-house exposure, having completed a 12-month secondment to Goldman Sachs and a secondment to the ICO's legal services team, focusing on regulatory enforcement and high-profile investigations. This enables him to have a unique perspective when working with in-house lawyers.

He has acted as part of the core incident response team on the most material cyber response mandates the firm has advised on including the largest IT outage in history as well as incident response mandates for a number of listed businesses.

His practice spans incident response, regulatory investigations, complex compliance projects, and accompanying advisory work with a focus on the Financial Services, Life Sciences and Technology sectors.

Inevitably this involves guiding clients through lifecycle of cyber incidents, from immediate response (investigation, risk assessments, regulatory notification and e-discovery) through to regulatory engagement and remediation.

Areas of FocusData, Privacy and CybersecurityFinancial ServicesLife SciencesTechnology
Professional QualificationsSolicitor of the Senior Courts of England and Wales

EXPERIENCE

  • Supporting a listed business with all legal related aspects of a significant incident response mandate (immediate incident response, regulatory strategy, e-discovery and reconstitution).
  • Supporting a critical national infrastructure client with its response to a sizeable cyber incident and subsequent regulatory investigations (UK GDPR and the NIS Regulations). This mandate was multi-faceted but has included advising on immediate incident response, drafting regulatory submissions, conducting risk assessments following the completion of e-discovery, working with King's Counsel on the drafting of written representations and generally advising the client on its legal obligations/strategy throughout the life cycle of the incident.
  • Acting as a core team member in supporting an IT vendor in response to one of the largest IT outages in history, which included supporting with extensive regulatory engagement and analysis regarding the application of various data/cyber laws to the outage.
  • Acting as incident response counsel for a global payroll provider, in respect of an incident impacting its customers in the Middle East. This involved extensive regulatory co-ordination and advising in respect of customer communications.
  • Working with a leading technology vendor in respect of a ransomware attack relating to critical national infrastructure information. This involved supporting with all workstreams on the incident response including drafting pre-action communications with relevant counterparties.
  • Spending 12 months on secondment with a leading investment bank advising on all aspect's of the bank's data protection compliance obligations.
  • Advising a global pharmaceutical company on its response to the implementation of NIS2, leading an international team of DLA Piper lawyers.
Languages
  • English

Publications and media