Geraldine Scali

Geraldine Scali
  1. People /

Geraldine Scali

Geraldine Scali

Partner


London
Geraldine Scali
  1. People /

Geraldine Scali

Geraldine Scali

Partner


London

Geraldine Scali

Partner

London

Partner and EMEA Lead of Data Privacy and Security

T: +44 (0) 20 3400 4483

LinkedInLinkedIn
VcardVcard
Download PDFDownload PDF
Print
Share

Biography

Geraldine Scali is the EMEA lead of data privacy and security, and has a focus on data protection and cybersecurity, with a specific emphasis on the financial services, life sciences and retail sectors.

She is a dual-qualified lawyer, admitted as a Solicitor in England and Wales, and as a French lawyer admitted to the Paris Bar, which together with her experience gained at US and International law firms over a period of nearly 20 years, makes her uniquely placed to give the best possible service to her global client base in the UK, Europe and the US.

She advises on all aspects of data privacy and security, with an emphasis on advising clients on the emerging laws that impact the development and implementation of AI solutions including the EU AI Act as well as the implementation of global data protection compliance programmes including UK/EU GDPR. cross-border data transfers, preparedness and management of personal data breaches and reporting. She also regularly advises on data protection issues in the context of complex cross-border investigations and litigation, corporate deals, and Inclusion & Diversity Programmes.

Geraldine Scali is a great partner. She is enthusiastic, very adept at finding creative paths forward… We love Geraldine and are so glad she’s in our corner.

Legal 500 UK 2024

Geraldine is a regular contributor to the firms “Privacy Speaks” series which focuses on data protection and security and writes for several journals including “Data Protection Leader Magazine” and “Data Guidance.” She is a contributing author to Financial Regulation: Emerging Themes in 2021 – an extensive collection of articles around the themes of Brexit; Regulatory Change; Regulatory and Litigation Risk; Technology; Governance; and Sustainability and People.

Geraldine Scali is recommended for her “masterful" knowledge of regulatory matters and authorities.

Legal 500 UK 2024

She also regularly speaks on data protection and security at IAPP’s conferences and at other industry conferences, and regularly gives in-house training to companies and financial institutions.

Geraldine is an active member as a mentor in the mentoring programme of the W@Privacy platform, which aims at bringing together privacy experts and enthusiasts to share, connect and engage on data protection and privacy topics.

Geraldine Scali at BCLP receives effusive praise for her longstanding practice which encompasses security breach responses, data protection litigation and GDPR compliance advice.

Who’s Who Legal: UK Global Elite

Professional Affiliations

  • Women in Privacy®, an international networking group for women data protection and privacy professionals. Geraldine was one of the inaugural members who helped establish the organisation.
  • IAPP (International Association of Privacy Professionals)
  • W@Privacy, a platform for women privacy professionals

Directory Recognition

  • Who’s Who Legal: UK Global Elite- Data Privacy & Protection, and in Data Security, as a leading individual (2018-) and as a thought leader (2020-)
  • Legal 500 2024 in Data Protection, Privacy and Cybersecurity

Admissions

  • Paris
  • England and Wales

Related Practice Areas

  • Data Privacy, Telecommunications & Collections

  • General Data Protection Regulation

  • Cryptocurrency & Digital Assets

  • M&A & Corporate Finance

  • Insurance

  • BCLP Data Breach Hotline

  • Payment Systems

  • Technology Transactions

  • Real Estate Sector

  • AdTech

  • Marketing & Advertising

  • Crypto and Digital Assets

  • Financial Institutions

  • Special Investigations

  • Healthcare & Life Sciences

  • Retail & Consumer Products

  • Sports & Entertainment

  • Data Privacy & Security

  • Fintech

  • Corporate

  • Finance

  • Investigations

  • Regulation, Compliance & Advisory

  • Sports & Entertainment Contract, Endorsement & Celebrity Representation Practice

  • Anti-Doping Practice

  • Sports & Event Venue Real Estate Infrastructure and Operation

  • Naming Rights & Sponsorship Practice

  • Sports & Entertainment M&A Practice

  • Sports & Entertainment Specialty Counseling Practice

  • Entertainment Industry Practice

  • Sports & Event Financing

  • Olympic & National Governing Body Practice

  • Professional Sports Team Practice

Experience

Geraldine’s experience includes advising:

  • Numerous international companies in the financial services, life sciences and retail on compliance with the UK/EU GDPR including on cross-border data transfers;
  • Various organisations on dealing with personal data breaches including ransomware attacks;
  • Various international banks in the context of a cross-border investigations in the context of whistleblowing procedure or on the data protection implications of the mirroring of mobile devices;
  • An investment management firm on employee monitoring and the rollout of monitoring software;
  • Multiple clients in relation to the design and launch of diversity and inclusivity initiatives including multi-jurisdictional employee surveys; and
  • Multiple clients in relation to updating their intra-group data transfer agreements to take into account the rollout of the new EU Standard Contractual Clauses and UK International Data Transfer Agreement and Addendum.

Related Insights

Insights
Sep 03, 2024

AI Surveillance and Data Privacy at the Games

As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris this summer for the Games, data security has emerged as a critical concern. To enhance the safety of athletes, spectators and residents, the French government implemented specific measures, including a bill relating to the Games (the “OG law”), a legislative measure passed on 19 May 2023, to bolster security during the Games[1]. The “OG law” introduces advanced security measures, notably the use of experimental algorithmic video surveillance systems. This article focuses on the deployment of these augmented surveillance systems during the Games and examines the associated GDPR compliance and privacy dilemmas that subsequently arise. 
Insights
Mar 08, 2024

What is FemTech and how can it meet the privacy needs of its users?

In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some commercially-minded approaches to address users’ privacy needs.
Insights
Feb 13, 2024

English Court decides Covid-19 is a “catastrophe”

The English Court has, for the first time, considered the meaning of a “catastrophe”, as well as how Hours Clauses work in the context of non-damage business interruption losses claimed under two Property Catastrophe Excess of Loss Reinsurance Treaties.  While the Covid-19 pandemic may feel like a distant memory to some, disputes about the recovery of Covid-19 losses continue to trouble many reinsureds and reinsurers.  The two key issues considered by the Commercial Court in determining appeals from arbitration awards made in Unipol Re v Covéa and Markel v Gen Re may bring welcome, and valuable, guidance to those in the reinsurance industry debating these terms. Those underwriting or purchasing “catastrophe” covers may also want to carefully consider this judgment and whether the Court’s approach to the meaning of that word aligns with their coverage expectations.
Insights
30 January 2024

Employee Monitoring: Lessons from CNIL’s EUR 32M fine against Amazon France Logistique

Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses. The CNIL's investigation focused on the monitoring of employees’ activity and video surveillance systems. Below are the key takeaways from the CNIL’s decision to fine Amazon.
Insights
Dec 12, 2023

A GDPR for AI? Political agreement reached on the EU AI Act

Political agreement was reached on 9 December in the negotiations on the EU AI Act, arguably the world’s most comprehensive and ambitious AI law to date. Some further steps must take place, including confirmation by the EU Parliament and Council, before the text is adopted and becomes law, but this ambitious legislation is expected to apply throughout the 27 member states of the EU.  The AI Act would apply 24 months following its entry into force (with some exceptions for specific provisions), i.e., from 2026. It does not apply to areas outside the scope of EU law and should not affect member states’ competences in national security.  It will not apply to systems used exclusively for military or defence purposes.
Insights
Nov 30, 2023

Data and Cybersecurity - European Union Legislation and Proposals

The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity. The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. In our tracker we (1) provide a snapshot, (2) explain who is impacted and (3) confirm the status and timeline for each of: the Digital Services Act, the Digital Markets Act, the Data Governance Act, the Data Act, the NIS2 Directive, the Cybersecurity Act and the Cybersecurity Resilience Act.

Related Insights

Insights
Sep 20, 2024
The EU’s Digital Operational Resilience Act 2022/2554 (DORA)
News
Sep 16, 2024
BCLP advise Burstone on their strategic partnership with Blackstone in relation to its €1.1bn pan-European logistics portfolio
Insights
Sep 03, 2024
AI Surveillance and Data Privacy at the Games
As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris this summer for the Games, data security has emerged as a critical concern. To enhance the safety of athletes, spectators and residents, the French government implemented specific measures, including a bill relating to the Games (the “OG law”), a legislative measure passed on 19 May 2023, to bolster security during the Games[1]. The “OG law” introduces advanced security measures, notably the use of experimental algorithmic video surveillance systems. This article focuses on the deployment of these augmented surveillance systems during the Games and examines the associated GDPR compliance and privacy dilemmas that subsequently arise. 
Insights
Mar 08, 2024
What is FemTech and how can it meet the privacy needs of its users?
In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some commercially-minded approaches to address users’ privacy needs.
Insights
Feb 13, 2024
English Court decides Covid-19 is a “catastrophe”
The English Court has, for the first time, considered the meaning of a “catastrophe”, as well as how Hours Clauses work in the context of non-damage business interruption losses claimed under two Property Catastrophe Excess of Loss Reinsurance Treaties.  While the Covid-19 pandemic may feel like a distant memory to some, disputes about the recovery of Covid-19 losses continue to trouble many reinsureds and reinsurers.  The two key issues considered by the Commercial Court in determining appeals from arbitration awards made in Unipol Re v Covéa and Markel v Gen Re may bring welcome, and valuable, guidance to those in the reinsurance industry debating these terms. Those underwriting or purchasing “catastrophe” covers may also want to carefully consider this judgment and whether the Court’s approach to the meaning of that word aligns with their coverage expectations.
Insights
30 January 2024
Employee Monitoring: Lessons from CNIL’s EUR 32M fine against Amazon France Logistique
Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses. The CNIL's investigation focused on the monitoring of employees’ activity and video surveillance systems. Below are the key takeaways from the CNIL’s decision to fine Amazon.
Insights
Dec 12, 2023
A GDPR for AI? Political agreement reached on the EU AI Act
Political agreement was reached on 9 December in the negotiations on the EU AI Act, arguably the world’s most comprehensive and ambitious AI law to date. Some further steps must take place, including confirmation by the EU Parliament and Council, before the text is adopted and becomes law, but this ambitious legislation is expected to apply throughout the 27 member states of the EU.  The AI Act would apply 24 months following its entry into force (with some exceptions for specific provisions), i.e., from 2026. It does not apply to areas outside the scope of EU law and should not affect member states’ competences in national security.  It will not apply to systems used exclusively for military or defence purposes.
Insights
Dec 05, 2023
Watching employers watching their workers
Insights
Nov 30, 2023
Data and Cybersecurity - European Union Legislation and Proposals
The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity. The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. In our tracker we (1) provide a snapshot, (2) explain who is impacted and (3) confirm the status and timeline for each of: the Digital Services Act, the Digital Markets Act, the Data Governance Act, the Data Act, the NIS2 Directive, the Cybersecurity Act and the Cybersecurity Resilience Act.