ALEKSANDRE MEGRELISHVILI
London,UK
Summary
Privacy & Data Protection Lawyer (England & Wales qualified) with experience advising on UK and EU data protection law in both in-house and advisory settings. Currently at Kroll, supporting contractual, risk, and operational privacy matters within a global organisation.
Over six years’ experience establishing and embedding data protection frameworks and managing regulatory risk across multi-jurisdictional environments. Background in consultancy with Deloitte and BDO, applying legal requirements in business operations and commercial arrangements.
Overview
9
9
years of professional experience
1
1
Certification
Work history
Senior Privacy Specialist
Kroll
London
2025.04 - Current
- Advise business and internal stakeholders on data protection implications in commercial arrangements, including drafting and reviewing privacy terms and addressing cross-border transfer considerations.
- Identify and assess privacy risks within the firm’s risk management framework, supporting the development and implementation of mitigation actions in coordination with legal, technology, and business teams.
- Support incident response processes, including initial risk assessment, stakeholder coordination, and tracking remediation measures.
- Conduct DPIAs and transfer risk assessments (TRAs) for processing activities involving third-party vendors and international data flows.
- Provide day-to-day legal guidance on UK GDPR and related frameworks, translating regulatory requirements into operational practice.
- Contribute to internal privacy training and awareness initiatives.
Privacy & Data Protection Manager
BDO LLP
London, UK
2022.10 - 2025.04
- Acted as outsourced DPO for UK and international clients, advising on high-risk processing activities, international data transfers, and regulatory compliance.
- Advised organisations across multiple sectors on the design and implementation of data protection frameworks, including governance structures, RoPAs, and risk assessment processes.
- Led privacy audits and maturity assessments, identifying regulatory gaps and developing remediation plans aligned to business models and risk appetite.
- Structured and negotiated data processing agreements and cross-border transfer mechanisms (including SCCs), enabling lawful and defensible global data flows.
- Conducted DPIAs, LIAs, and transfer risk assessments; supported breach and notification assessments and complex DSAR responses in regulated sectors.
- Delivered targeted training on GDPR, PECR, and related frameworks, including to European Commission stakeholders.
Legal Associate
Deloitte
Tbilisi, Georgia
2017.03 - 2021.08
- Provided legal advisory support across financial services, technology, and telecommunications sectors, with a focus on data protection compliance and regulatory risk.
- Advised on data protection aspects of M&A transactions, including legal due diligence, risk identification, and integration planning.
- Drafted and negotiated a range of commercial and data protection agreements, including DPAs, vendor contracts, and terms of service.
- Supported clients in structuring data protection compliance frameworks and addressing regulatory requirements across business operations.
Education
Master of Laws - Law & Technology Pathway
King's College London
London, UK 08/2021 - 06/2022
Bachelor of Laws - Law
Tbilisi State University
Tbilisi, Georgia 09/2012 - 06/2016
Skills
- UK GDPR, EU GDPR, PECR and international data transfer frameworks
- Data protection frameworks and governance structures
- DPIAs, LIAs and transfer risk assessments (TRAs)
- Contract drafting and negotiation (DPAs, data sharing and vendor agreements)
- Privacy risk identification, assessment and remediation
- Data subject rights and incident response processes
- Cross-functional advisory (legal, technology, and business stakeholders)
Certification
- FIP, CIPP/E and CIPM (IAPP)
- Solicitor in England & Wales
- Advocate in Georgia
Timeline
Senior Privacy Specialist
Kroll
2025.04 - Current
Privacy & Data Protection Manager
BDO LLP
2022.10 - 2025.04
Legal Associate
Deloitte
2017.03 - 2021.08
Master of Laws - Law & Technology Pathway
King's College London
08/2021 - 06/2022
Bachelor of Laws - Law
Tbilisi State University
09/2012 - 06/2016