Chris Cartmell

Chris Cartmell

Co-lead Data Protection Strategy, Legal and Compliance Services, PwC United Kingdom

Legal advisor to businesses on cyber security, data protection and compliance. Member of EMEA Privacy Senior Leaders Team and former APAC Legal Driver for cyber security and data protection.

Chris is an England & Wales and Hong Kong (non-practicing) Solicitor who co-leads PwC’s UK Data Protection Strategy, Law and Compliance Services practice. Now based in the UK, prior to this Chris was in Greater China for nearly three years where he was PwC’s APAC regional legal driver for Cyber Security & Data Privacy.

“The global legal and regulatory landscape for cyber security and data protection is ever evolving and increasingly challenging. Our legal experts, as part of PwC’s multidisciplinary practice, can help you navigate this maze. Providing you local and international solutions to your data protection needs.”

Chris has over 15 years’ experience advising clients on the full cyber and data protection legal and regulatory cycle, from prevention to investigation to response. By working with his multidisciplinary colleagues across the PwC global network, Chris provides clients with a one stop solution to their cyber security and data protection needs. Due to Chris’ international experience, he is particularly well known for his global mindset advising clients on cross-border compliance as well as managing global investigations into data breaches and cybercrime, providing clients with local and international advice.


  • Data Protection, Cyber Security, Data Breach, Compliance, Fraud, Asset Recovery, Investigations, Data Strategy, Business Ethics

Recent work

  • Advising a UK pharma company on its China cyber security and data protection compliance, including cross border data transfers and localisation requirements
  • Acting for a financial services client to design and implement a bespoke tool to assist with the transfer impact assessments as part of its EU cross border data transfer compliance
  • Supporting a US tech co investigate a data breach in Asia, including cross border legal advice around mitigation and reporting requirements
  • Advising a UK media company on assessing data protection and employment law risks associated with their HR systems across 10 jurisdictions
  • Acting for a US tech co on the data protection compliance considerations of their proposed rollout of AI driven ANPR technology in the UK
  • Supporting a luxury hospitality client with a range of services, including advice on new tech implementation (e.g. new finance systems and facial recognition) and third-party relationships (e.g. DPAs and cross-border data transfers).

Area of focus

  • Data Protection
  • Cyber Security
  • Data Breach
  • Compliance
  • Fraud
  • Asset Recovery
  • Investigations
  • Data Strategy
  • Business Ethics
Follow us