Curtis McCluskey is a Counsel in Goodwin’s Technology and Life Sciences group. Curtis has extensive experience advising businesses on all aspects of privacy and cybersecurity. Curtis has built on the broad experience of his previous roles and after almost a decade of experience, Curtis has substantial expertise in all matters related to privacy and cybersecurity in the UK and Europe. In particular, Curtis counsels clients across all industry sectors from emerging to global companies, including businesses with a focus in technology, life sciences, fintech, corporate, and funds.

Curtis manages and guides companies on their global privacy and cybersecurity strategies. In addition, Curtis works with private equity and corporate investors and acquirers and advises on privacy and cybersecurity related issues in the context of investments, mergers and acquisitions. Curtis has also managed and guided companies on their responses to security breaches (from minor to global incidents), including providing guidance and practical support to businesses on their handling of such incidents as well as managing any notifications to authorities and affected individuals.

Given Curtis’ previous inhouse role at the Financial Ombudsman Service and a secondment at a global pharmaceutical company, Curtis has developed a unique, in-depth understanding of the financial and life sciences industry with a particular and unique focus on clients with a core focus in these areas. Curtis’ broad and unique experience enables him to provide practical support and guidance to businesses of all sizes. He provides them with the advice and support required to implement appropriate privacy measures which are tailored to their specific requirements. In particular, Curtis’ experience inhouse means he has a pragmatic approach to solving his client’s problems.

In addition, Curtis has published articles on privacy and cybersecurity for key industry publications such as PDP Journals and Lexology which are widely recognized in this field. Curtis has been a speaker for PDP training sessions on data breach and cybersecurity management. Curtis also leads privacy and cybersecurity discussions on webinars hosted by Goodwin.





  • Guiding a global medical device manufacturer (supporting weight loss), and its connected health and fitness tracker App, on its strategy to ensure privacy compliance on a global scale. Preparing and managing a full privacy compliance program, including preparing the App privacy policy, advising on solutions for App integrations (specifically for sharing data with clinics), cross-border data transfers to manage the company’s fast expanding business, advising on privacy by design methods, documenting security and impact assessments to identify risk gaps, and providing inhouse privacy training to high-risk business areas
  • Advising US-based clinical trial sponsors on the launch of their clinical trials in the EU, the UK and other jurisdictions globally, including drafting privacy language in patient consent forms (including navigating and guiding companies with addressing local member state requirements), leading contract negotiations with clinical research organizations, clinical sites, laboratories and other third parties who personal data is shared with and regularly providing internal training on privacy and cybersecurity related issues
  • Providing support and guidance to financial sector business on all aspects of its privacy compliance in connection with its platform and web application, including conducting a GDPR audit, managing the privacy compliance program to address its GDPR obligations, including drafting and preparing a website privacy statement to cover its global operations, preparing template data sharing agreements with its customers, advising and navigating solutions to implement practical solutions to manage transfers of personal data from the UK, EU, Switzerland to the United States, particularly in response to EU court rulings (Schrems II) which highlight the high risk nature of transfers to the United States
  • Advising and guiding US-based medical research company on privacy compliance in connection with its collaborations with third party institutions (based in Germany, France, Italy, UK, Netherlands and Poland) on the sharing of personal data subject to EU and UK privacy laws. In particular, counselling companies on notice requirements, conditions for processing health data, as well as appropriate techniques for pseudonymizing and anonymizing datasets
  • Supporting global brand development provider with supplier reviews for GDPR compliance, including preparing supplier due diligence questionnaires, guiding business on incorporating data processing terms in agreements with suppliers and negotiating contract terms
  • Coordinating data protection due diligence review in connection with the purchase of a multi-million pound portfolio company. Assessing and advising on compliance measures in connection with cross-border transfers of personal data between seller and buyer, preparing data protection and liability provisions for purchase agreements
  • Advising and supporting company on acquisition of global AdTech business (“target company”). Conducting a full strategic review of compliance position in the AdTech space; analyzing consent management controls and transparency with respect to the IAB framework. Providing company with strategic advice on target company’s compliance with evolving UK and EU guidance and providing overall risk rating
  • Advising FinTech company on the collection of personal data concerning employees who could be exposed to Material Nonpublic Information. Preparing a data protection impact assessment, legitimate interests assessment and appropriate privacy notices as well as negotiating contracts with third party agents and coordinating the cross-jurisdictional privacy review
  • Advising international company on ransomware attack and requirements to notify supervisory authorities in the EU and UK. Following advice on cyber attack, preparing notifications and managing ongoing dialogue with supervisory authorities
  • Acting for a UK health and beauty retailer in connection with security incident involving access to personal data, including advising on notifications to supervisory authority and individuals affected. Also preparing pre-action responses to subsequent proposed claims brought by individuals
  • Advising worldwide financial services company on its data protection obligations in carrying out marketing activities across 15 jurisdictions, including preparing overview of local law requirements
Professional Activities

Curtis is an active member of the International Association of Privacy Professionals and is CIPP/E certified. He is also a member of the Society for Computers and Law.

Professional Experience
Curtis has gained significant experience working in-house. He practiced at the Financial Ombudsman Service for a number of years, advising on the service’s information law obligations (in connection with data protection laws and freedom of information), procurement law and defending the service against challenges to jurisdiction decisions and final determinations in all areas of business; he has also defended civil claims and responded to freedom of information appeals to Tribunal.


In testimonials published in the Legal 500 2022, clients stated that: 

  • “Curtis McCluskey is very client oriented and provides clear input and advice”
  • “I have had the pleasure of working with Curtis McCluskey over the past 18 months as my primary GDPR and data privacy advisor. I have come to rely upon his counsel and partnership for all data privacy matters.”
  • “Gretchen Scott and Curtis McCluskey are personable, friendly and helpful. I value their opinion and also really enjoy interacting with them as there is mutual respect and an openness to learn and adapt.”

In The News









BPP Professional Education, London
Bar Vocational Course
BPP Law School
(Inner Temple Exhibition Award, BVC scholarship)
LLB, 2008
University of East Anglia



Solicitor of the Senior Courts of England and Wales
Profile Image
Get In Touch
Our clients rely on us for world-class advisory services, counsel on complex transactional work and high-stakes litigation. Specializing in matters involving the financial, life sciences, private equity, real estate, and technology industries, we use a collaborative, cross-disciplinary approach to resolve our clients’ most challenging issues. To find out more, please contact us.


Nos équipes interviennent aux côtés de nos clients, industriels, fonds d’investissement, startups, institutions financières et dirigeants, dans le cadre de transactions et de contentieux complexes, et apportent des conseils de tout premier plan dans les secteurs financiers, des Sciences de la Vie, du Private Equity, de l’immobilier et des technologies. Nous traitons les dossiers juridiques de manière intègre, ingénieuse, souple et audacieuse pour répondre efficacement aux enjeux propres à chacun de nos clients, quels que soient la taille de l’opération et le secteur d’activité. Pour en savoir plus, contactez-nous.

Unsere Kunden verlassen sich auf unsere erstklassige Beratung, vor allem im Hinblick auf komplexe Transaktionen und High-Stakes-Prozesse. Spezialisiert auf Angelegenheiten der Finanz-, Life-Sciences-, Private-Equity-, Immobilien-und Technologie-Branchen, verwenden wir einen kooperativen und interdisziplinären Ansatz, um Fragen unserer Kunden auch in extremen Spezialsituationen einer Lösung zuzuführen. Sie wollen mehr erfahren? Kontaktieren Sie uns gerne.

Search Other Lawyers
Recherche par Pratique