Wayne Cleghorn

Wayne is a Partner in Excello Law’s London-based Data Protection and Information Governance team, specialising in cybersecurity, data breach response, data protection, global data privacy and artificial intelligence.

Wayne’s work includes helping businesses and organisations comply with cybersecurity laws and responding to data breaches, including ransomware and critical national infrastructure cyber attacks. He also advises on regulator investigations and enforcement measures. He drafts and negotiates technology contracts, data processing agreements, and international data transfers via Standard Contractual Clauses, Binding Corporate Rules, and other tools. His work includes advice on the EU AI Act, global AI governance standards and emerging EU technology laws including NIS2, DORA, DMA, DSA, Data Act and the EU cybersecurity legal framework. His practice includes advising UK, European, US, and international companies and organisations. He has advised a wide range of sectors, including financial services, fintech, technology, manufacturing, retail, ecommerce, health, biotechnology, universities, and government bodies.

Wayne is a Certified Information Privacy Professional FIP (Fellow), CIPP/E (Europe), CIPP/US (USA) and CIPT (Technology). He has advised three UK Secretaries of State for Health as a member of the National Information Governance Board, on the National Programme for IT (NPfIT), NHS, health data innovation, IG Toolkit and related information governance. He was also a Data Protection and Information Consultant at the London 2012 Olympic and Paralympic Games. At BCS, The Chartered Institute for IT, he chaired the Information Privacy Expert Panel (IPEP), part of the Security Community of Expertise. Between 2024 and 2025, he was appointed by the European Commission to the General-Purpose Artificial Intelligence Code of Practice Working Groups, under the EU AI Act, administered by the EU AI Office in Brussels. 

Prior to joining Excello law. Wayne began his career at DAC Beachcroft. He has worked as an international in-house lawyer, a Data Protection Officer and a Management Consultant.