Legal Guidance and Research / Experts / Nuria Pastor
Nuria Pastor#7503
LinkedIn External

Nuria Pastor , CIPP/E

Fieldfisher
Nuria is a UK based Director in Fieldfisher's Data & Privacy team. She has advised global organisations on data protection compliance matters for over 20 years. She provides strategic advice, including acting as DPO to some clients.
 
Nuria advises global clients rolling out their products and services into the UK and EEA markets as well as UK and EEA based clients. She has a particular interest and experience in advising clients on new product roll out risk assessments, including for products incorporating AI/Gen AI technologies. Nuria has extensive experience in advising on international data transfers matters including the deployment of SCCs and the application for DPF and UK and EU BCRs. Nuria supports clients handling personal data security breaches, data subject requests and regulatory investigations. 
 
Nuria works for a varied range of clients and sectors with a focus on life sciences and digital health and medical devices and other sectors such as technology, gaming and travel.
 
Nuria is a dual-qualified (England & Wales / Spain) lawyer and holds CIPP/E and CIPM certifications.
 
Nuria is rated as a 'Key Lawyer' of the Fieldfisher Data team by UK Legal 500 and as a Thought Leader by Who's Who Legal in the area of Data Privacy & Protection 2023 edition. She is also recognised on Best Lawyers 2024 edition (Privacy and Data Protection). 

Practice Area

Panel

  • Contributing Author

Qualified Year

  • 2008

Experience

  • Fieldfisher (Senior Associate) (2010 - 2017)
  • Fieldfisher (Associate) (2007 - 2010)
  • Landwell (PwC) (2003 - 2007)

Membership

  • IAPP (International Association of Privacy Professionals)

Qualifications

  • Birmingham University. MJur (Copyright Law) (2001-2003)
  • University of Leicester. LLM in European and International Trade Law (Distinction) (2000-2001)
  • Pompeu Fabra University (Barcelona). Law Degree (1994–1999)
  • CIPP/E
  • CIPM

Education

  • Birmingham University. MJur (Copyright Law) (2001-2003)
  • University of Leicester. LLM in Law (Distinction) (2000-2001)
  • Pompeu Fabra University (Barcelona). Law Degree (1994-1999)

1 Contributions by Nuria Pastor

EU GDPR Binding Corporate Rules: controller and processor BCRs, Schrems II, EDPB guidance, and practical steps for cross-border transfers, approval, liability and enforcement
PRACTICE NOTES
EU GDPR Binding Corporate Rules: controller and processor BCRs, Schrems II, EDPB guidance, and practical steps for cross-border transfers, approval, liability and enforcement
FORTHCOMING CHANGE: On 15 January 2026, the European Data Protection Board put out for public consultation its Recommendations 1/2026 on applications for approval and on the core elements and principles to be included in Processor Binding Corporate Rules (Article 47 GDPR). These Recommendations annul and supersede—while substantively building on—in particular Working Party Guidance WP 257 rev.01 (Working Document on BCRs for processors) and Working Party Guidance WP 265 (Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data). The consultation runs until 2 March 2026, with the text taking effect upon publication of the final version following the public consultation process. For further details, see Practice Note: EU GDPR—EDPB supranational level guidance tracker. This Practice Note addresses Binding Corporate Rules (BCRs) as one of the mechanisms that permits the transfer of personal data outside the EEA in line with Chapter V of the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). In brief, BCRs allow corporate groups to evidence suitable safeguards when making intra-group international personal data transfers. As outlined further in Practice Note: EU GDPR—transfers of personal...
EU Law
Expert page AD
If you expected to see yourself on this page, click here.