Rhiannon Webster
Partner
London
-
Overview
-
Experience
Introduction
Rhiannon is an authority on data law, with significant experience in data protection, cyber security law, privacy implications of AI and responding to cyber incidents.
Rhiannon Webster is a partner in our digital economy transactions practice and has over 20 years' experience advising on data law both in the UK and on international projects. She advises on a full range of data law issues in including privacy, AI, online safety and cyber security to a wide range of clients, including financial services companies and technology companies through to health providers. Rhiannon is recognized for offering strategic commercial advice on compliance obligations, including in the context of new and developing technologies such as AI and the internet of things cs.
Rhiannon also advises on data security obligations, breach management and regulatory enforcement action, particularly in the context of cyber-attacks and this includes representing clients in their communications with the Information Commissioners Office (ICO) and other regulators.
- Meta’s Reality Labs on its data privacy related obligations of AI functionality and other areas such as special category data, biometrics processing and online safety.
- A UK PLC | Advised on all data protection aspects of its response to a large cyber-attack affecting 22 jurisdictions around the world.
- A UK Public Sector Body | Advised on clearing a backlog of 150 data subject requests and implementing a new operating model.
- A FTSE 100 Retail Brand in the UK | Advised on setting up a financial services regulated arm and on all aspects of its data protection compliance.
- Various PLC boards on cyber readiness responsibilities, including running desk-top simulations of cyber-attacks focusing on decision dilemmas for boards.
- A Telecoms Company on usage of privacy enhancing technologies and threshold for anonymization, to enable the sale of data and insights.
- A financial technology firm | Advised on incident response following a DDOS attack which occurred mid-acquisition by a global private equity and investment firm.
Latest thinking
Carousel: clicking the "Previous" or "Next" button changes the content between the buttons.
-
Legal development 
Data Bytes 65: Your UK and European Data Privacy update for March 2026
April 24, 2026
Discover more -
Case studies 
Post-incident cyber governance review - Listed Transport Company
April 08, 2026
Discover more -
Case studies 
Responding to a global cyber incident - Major Multinational Corporation
April 08, 2026
Discover more -
Case studies 
End-to-end cyber incident support - CS Energy
April 08, 2026
Discover more -
Case studies 
Cyber readiness review & simulation - Tier 1 Bank
April 08, 2026
Discover more -
Case studies 
Cyber incident transport & operational disruption - UK Public Transport Authority
April 08, 2026
Discover more -
Case studies 
Critical infrastructure sector resilience - Industry Owned Governance Body
April 08, 2026
Discover more -
Case studies 
Strategic cyber adviser to the CEO & Board - Medibank Private
April 08, 2026
Discover more -
Legal development 
What's ahead 2026 – Technology industry in the EU and UK?
March 24, 2026
Discover more -
Legal development
Data Bytes 64: Your UK and European Data Privacy update for February 2026
March 09, 2026
Discover more -
Legal development
Data Bytes 63: Your UK and European Data Privacy update for November, December 2025 and January 2026
February 12, 2026
Discover more -
Podcasts 
Governance & Compliance 7: The changing nature of cyberattacks and cyber regulation
February 10, 2026
Listen now