Calum Docherty advises EU and global clients across all market sectors on privacy, data protection, cybersecurity, and information law.

Mr. Docherty provides comprehensive advice on regulatory compliance and investigations related to:

  • Privacy and data security compliance and program management, in particular relating to the General Data Protection Regulation (GDPR)
  • Privacy and data security-related regulatory enforcement
  • Complex data breach incidents, including forensic investigations
  • Advertising and marketing practices, as well as other consumer protection issues

Mr. Docherty advises clients on all aspects of European data protection law, including data subject rights requests, online advertising and adtech strategies, use of sensitive data and children’s data, international data transfers, data sharing arrangements, internal and external policy creation and implementation, training programs, and strategic management of security incidents and breach notification procedures.

Mr. Docherty also has substantial expertise in M&A transactions, advising on privacy, data protection, and other deal-related requirements to assist deal teams.

Prior to joining Latham, Mr. Docherty spent two years working on Google’s public affairs team in Mountain View, California, and Singapore.

Mr. Docherty’s experience includes advising:

  • A significant social media company in matters before the Irish Data Protection Commission and other international regulatory bodies on issues related to privacy and security, including in connection with a data breach affecting tens of millions of users.
  • A publicly listed China-headquartered technology and internet group on global data privacy compliance for cross-border products, including products across the social media, gaming, cloud, television, and advertising space. This project has included a specific focus on data privacy compliance relating to the GDPR as well as across Asia.
  • A variety of multinational clients on compliance with current data protection laws in a number of EU Member States and GDPR.
  • A US gaming company in relation to a personal data breach before the UK Information Commissioner’s Office.
  • A chain of hospitals in relation to its use of sensitive personal data.
  • A leading online retailer in relation to its GDPR compliance program.
  • On contentious data subject rights requests for clients at all stages of the business life cycle, from emerging companies to global market leaders.

Bar Qualification

  • California
  • England and Wales (Solicitor)


  • Master of Law, University of Cambridge, 2014
  • Legal Practice Course, BPP Law School, 2012
  • Graduate Diploma in Law, City University of London, 2011
  • BA in Government, Harvard University, 2007