Geraldine Scali

Geraldine Scali
  1. People /

Geraldine Scali

Geraldine Scali

Partner


London
Geraldine Scali
  1. People /

Geraldine Scali

Geraldine Scali

Partner


London

Geraldine Scali

Partner

London

Partner and EMEA Lead of Data Privacy and Security

T: +44 (0) 20 3400 4483

LinkedInLinkedIn
VcardVcard
Download PDFDownload PDF
Print
Share

Biography

Geraldine Scali is the EMEA lead of data privacy and security, and has a focus on data protection and cybersecurity, with a specific emphasis on the financial services, life sciences and retail sectors.

She is a dual-qualified lawyer, admitted as a Solicitor in England and Wales, and as a French lawyer admitted to the Paris Bar, which together with her experience gained at US and International law firms over a period of nearly 20 years, makes her uniquely placed to give the best possible service to her global client base in the UK, Europe and the US.

She advises on all aspects of data privacy and security, with an emphasis on advising clients on the emerging laws that impact the development and implementation of AI solutions including the EU AI Act as well as the implementation of global data protection compliance programmes including UK/EU GDPR. cross-border data transfers, preparedness and management of personal data breaches and reporting. She also regularly advises on data protection issues in the context of complex cross-border investigations and litigation, corporate deals, and Inclusion & Diversity Programmes.

Geraldine Scali is a great partner. She is enthusiastic, very adept at finding creative paths forward… We love Geraldine and are so glad she’s in our corner.

Legal 500 UK 2024

Geraldine is a regular contributor to the firms “Privacy Speaks” series which focuses on data protection and security and writes for several journals including “Data Protection Leader Magazine” and “Data Guidance.” She is a contributing author to Financial Regulation: Emerging Themes in 2021 – an extensive collection of articles around the themes of Brexit; Regulatory Change; Regulatory and Litigation Risk; Technology; Governance; and Sustainability and People.

Geraldine Scali is recommended for her “masterful" knowledge of regulatory matters and authorities.

Legal 500 UK 2024

She also regularly speaks on data protection and security at IAPP’s conferences and at other industry conferences, and regularly gives in-house training to companies and financial institutions.

Geraldine is an active member as a mentor in the mentoring programme of the W@Privacy platform, which aims at bringing together privacy experts and enthusiasts to share, connect and engage on data protection and privacy topics.

Geraldine Scali at BCLP receives effusive praise for her longstanding practice which encompasses security breach responses, data protection litigation and GDPR compliance advice.

Who’s Who Legal: UK Global Elite

Professional Affiliations

  • Women in Privacy®, an international networking group for women data protection and privacy professionals. Geraldine was one of the inaugural members who helped establish the organisation.
  • IAPP (International Association of Privacy Professionals)
  • W@Privacy, a platform for women privacy professionals

Directory Recognition

  • Who’s Who Legal: UK Global Elite- Data Privacy & Protection, and in Data Security, as a leading individual (2018-) and as a thought leader (2020-)
  • Legal 500 2024 in Data Protection, Privacy and Cybersecurity

Admissions

  • Paris
  • England and Wales

Related Practice Areas

  • Data Privacy, Telecommunications & Collections

  • General Data Protection Regulation

  • BCLP Data Breach Hotline

  • AdTech

  • Marketing & Advertising

  • Healthcare & Life Sciences

  • Data Privacy & Security

  • Corporate

  • Finance

  • Investigations

  • Regulation, Compliance & Advisory

Experience

Geraldine’s experience includes advising:

  • Numerous international companies in the financial services, life sciences and retail on compliance with the UK/EU GDPR including on cross-border data transfers;
  • Various organisations on dealing with personal data breaches including ransomware attacks;
  • Various international banks in the context of a cross-border investigations in the context of whistleblowing procedure or on the data protection implications of the mirroring of mobile devices;
  • An investment management firm on employee monitoring and the rollout of monitoring software;
  • Multiple clients in relation to the design and launch of diversity and inclusivity initiatives including multi-jurisdictional employee surveys; and
  • Multiple clients in relation to updating their intra-group data transfer agreements to take into account the rollout of the new EU Standard Contractual Clauses and UK International Data Transfer Agreement and Addendum.

Related Insights

Insights
Dec 10, 2024

AI in HR - what you need to know

BCLP recently hosted a seminar on AI in HR. In this thought-provoking session, we considered how AI is used in HR and its regulation in the EU and the UK, and then engaged in some discussions around two theoretical scenarios. For those who were not able to attend, we have put together a summary of the key takeaways. 
Insights
Dec 06, 2024

Data and Cybersecurity - European Union Legislation and Proposals

The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity. The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. In our tracker we (1) provide a snapshot, (2) explain who is impacted and (3) confirm the status and timeline for each of: the Digital Services Act, the Digital Markets Act, the Data Governance Act, the Data Act, the NIS2 Directive, the Cybersecurity Act and the Cybersecurity Resilience Act.
Insights
Dec 06, 2024

What is the impact of the EU's new Network and Information Systems Directive for Businesses?

Forming part of the EU’s broader digital and cyber security strategy, the new Network and Information Systems Directive 2022/2555 (NIS2) came into effect on 18 October 2024 (this being the deadline by which the directive is required to be implemented into national law, although this process is not yet complete).  It replaces NIS Directive 2016/1148 and complements the EU’s Cyber Resilience Act (discussed in a recent BCLP insight).  The revised directive is intended to cast a wider net and bring more industries and sectors directly within its regulatory remit.  In-scope businesses will therefore need to ensure appropriate risk-management procedures are embedded across their organisations.  Senior management also need to understand the oversight which they are required to exercise, given the personal liability for cybersecurity failings which NIS2 now mandates.   
Insights
Dec 04, 2024

AI Tools in Recruitment – Key Takeaways from the ICO Report

On 6 November 2024, the ICO published an outcomes report on AI tools in recruitment (the “Report”). This Report follows consensual audit engagements carried out by the ICO with developers and providers of AI tools to be used in recruitment between August 2023 and May 2024 and is part of the ICO’s ongoing upstream monitoring of the wider AI ecosystem to ensure compliance with UK data protection law.
Insights
Sep 03, 2024

AI Surveillance and Data Privacy at the Games

As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris this summer for the Games, data security has emerged as a critical concern. To enhance the safety of athletes, spectators and residents, the French government implemented specific measures, including a bill relating to the Games (the “OG law”), a legislative measure passed on 19 May 2023, to bolster security during the Games[1]. The “OG law” introduces advanced security measures, notably the use of experimental algorithmic video surveillance systems. This article focuses on the deployment of these augmented surveillance systems during the Games and examines the associated GDPR compliance and privacy dilemmas that subsequently arise. 
Insights
Mar 08, 2024

What is FemTech and how can it meet the privacy needs of its users?

In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some commercially-minded approaches to address users’ privacy needs.

Related Insights

News
Dec 12, 2024
BCLP advises BGC Group with the sale of Rates Compression business Capitalab
Insights
Dec 10, 2024
AI in HR - what you need to know
BCLP recently hosted a seminar on AI in HR. In this thought-provoking session, we considered how AI is used in HR and its regulation in the EU and the UK, and then engaged in some discussions around two theoretical scenarios. For those who were not able to attend, we have put together a summary of the key takeaways. 
Insights
Dec 06, 2024
Data and Cybersecurity - European Union Legislation and Proposals
The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity. The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. In our tracker we (1) provide a snapshot, (2) explain who is impacted and (3) confirm the status and timeline for each of: the Digital Services Act, the Digital Markets Act, the Data Governance Act, the Data Act, the NIS2 Directive, the Cybersecurity Act and the Cybersecurity Resilience Act.
Insights
Dec 06, 2024
What is the impact of the EU's new Network and Information Systems Directive for Businesses?
Forming part of the EU’s broader digital and cyber security strategy, the new Network and Information Systems Directive 2022/2555 (NIS2) came into effect on 18 October 2024 (this being the deadline by which the directive is required to be implemented into national law, although this process is not yet complete).  It replaces NIS Directive 2016/1148 and complements the EU’s Cyber Resilience Act (discussed in a recent BCLP insight).  The revised directive is intended to cast a wider net and bring more industries and sectors directly within its regulatory remit.  In-scope businesses will therefore need to ensure appropriate risk-management procedures are embedded across their organisations.  Senior management also need to understand the oversight which they are required to exercise, given the personal liability for cybersecurity failings which NIS2 now mandates.   
Insights
Dec 04, 2024
AI Tools in Recruitment – Key Takeaways from the ICO Report
On 6 November 2024, the ICO published an outcomes report on AI tools in recruitment (the “Report”). This Report follows consensual audit engagements carried out by the ICO with developers and providers of AI tools to be used in recruitment between August 2023 and May 2024 and is part of the ICO’s ongoing upstream monitoring of the wider AI ecosystem to ensure compliance with UK data protection law.
Insights
Sep 20, 2024
The EU’s Digital Operational Resilience Act 2022/2554 (DORA)
News
Sep 16, 2024
BCLP advise Burstone on their strategic partnership with Blackstone in relation to its €1.1bn pan-European logistics portfolio
Insights
Sep 03, 2024
AI Surveillance and Data Privacy at the Games
As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris this summer for the Games, data security has emerged as a critical concern. To enhance the safety of athletes, spectators and residents, the French government implemented specific measures, including a bill relating to the Games (the “OG law”), a legislative measure passed on 19 May 2023, to bolster security during the Games[1]. The “OG law” introduces advanced security measures, notably the use of experimental algorithmic video surveillance systems. This article focuses on the deployment of these augmented surveillance systems during the Games and examines the associated GDPR compliance and privacy dilemmas that subsequently arise. 
Insights
Mar 08, 2024
What is FemTech and how can it meet the privacy needs of its users?
In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some commercially-minded approaches to address users’ privacy needs.