meet the team


Chief Data Protection Officer

Nigel is founder of the Data Privacy Advisory Service and plays a vital part in our success. Nigel is a hugely experienced Data Protection Officer: recognised as a leading expert in the industry, with a high profile. Nigel is the founder of (DPAS).  He has held a number of senior roles in private and public sector including a national board role with NHS Direct as Chief Operating Officer and a recent Data Protection Officer role (DPO) at South Western Ambulance NHS. Nigel is the Data Protection Officer at Macmillan Cancer support, Bristol Airport and several other organisations.  Nigel has worked in 10 local authorities and was DPO at Teignbridge and Watford Council.

Nigel has considerable experience with working and liaising with the ICO and other EU supervisory authorities in his role as a DPO.  Nigel has worked with clients in multiple jurisdictions including those outside the EU and the GDPR adequacy arrangements. Nigel was also the strategic Data Protection Subject Matter Expert advising the Government of Jersey in Health, Social Care and Children’s service including Safeguarding and Education.

In addition to these statutory and public sector roles, Nigel has recently led, as the founder of DPAS, the development of a Global Data Strategy with one of the largest companies in the world, covering legislative compliance, data and information governance and data value.

Nigel holds master’s level qualifications in Data Protection and Information Governance a master’s level qualification in Information Rights Law with a speciality in Children’s and Young Person’s data sharing, Freedom of Information and Environmental Information regulations law.  Nigel also teaches the BCS Data Protection Practitioner course and holds practitioner level qualifications and wrote the first UK Data Protection Officer CPD Accredited Training Course and is the lead trainer for the DVLA.



Melanie is currently responsible for day to day running of DPAS. She leads our financial planning, operational decision-making and our business strategy. 

Melanie is also responsible for the project management of our International Data Compliance and Data Strategy projects.

 Melanie joined DPAS right at the start of our journey, and has continued to work closely with Nigel growing the business to what it is now. She has a passion for all things business, and continues to strive to ensure DPAS is leading the field in data protection consultancy services. 

With the recent success of DPAS becoming an accredited BCS training provider, Melanie has worked with our Training Manager, Megan, to develop the training arm of the business. 

DPAS is now considered a market leader in data protection training, working with one of the largest public sector organisations as their only training supplier.

Melanie plays a key part in the success of our tender bids within the Public Sector.


Head of Data Protection Consultancy

Sandy is a fully qualified and experienced Data Protection Practitioner and lawyer, holding the BCS Practitioner Certificate in Data Protection and with a decade’s experience in this field.

As a dedicated professional, Sandy has a detailed knowledge of, not only the General Data Protection Regulation (GDPR), but other related data protection legislation as well, including the Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications Regulations (PECR). With excellent practical application of the relevant law, together with an in-depth understanding of the guidance issued by the Information Commissioner’s Office (ICO) and the European Data Protection Board (EDPB), Sandy is well equipped to provide a first rate data protection service.

Sandy’s experience has involved numerous dealings with the ICO on behalf of clients and she, therefore, has a clear and comprehensive understanding of the ICO’s role and how this impacts upon organisations and data subjects. Before becoming a data protection consultant Sandy worked for a local authority for 12 years and, in this time, gathered invaluable experience in relation to some of the challenges faced by the public sector. Since specialising in privacy law and acting as DPO for organisations, Sandy has had the opportunity to undertake numerous roles which involved the development of policy, procedures and guidance in data protection and provide training on the same to the staff of a wide-ranging client base. Other documentation Sandra has a wealth of experience in preparing include Data Protection Impact Assessments, Audits and Gap Analyses, Reports, Privacy Notices, Legitimate Interest Assessments, Data Processing Agreements and Contracts, all of which required close attention to detail. 



Natalie is an Exeter University graduate, with a background in teaching Mathematics at GCSE & A-Level. After switching careers from education to Data Privacy, Natalie made use of her academic skills transferring them into the world of data protection. Natalie holds the BCS Practitioner Certificate in Data Protection and supports Nigel with our outsourced DPO services. 

Natalie also helps to deliver some of our accredited training courses, using her teaching background to offer a practical approach to data protection.



Andy leads our Business Development within the public sector, specialising in change management, project management and providing data protection services to local authorities and their partners. 

Andy leads the sales devision at DPAS, discussing with potential customers what benefits our outsourced services can provide their organisation. 


Senior business analyst

Sarah has worked with DPAS as an Associate Senior Business Analyst since 2018, working with key clients to deliver high quality information assets. Sarah has over 15 years experience working as a Senior Business Analyst across both Public and Private Sector Organisations.

Alongside Nigel, Sarah leads the Information and Cyber Security division of DPAS, working with a variety of clients to protect their information and minimise data risks.


Subject access requests officer

Helen provides outsourced subject access requests redaction services to our public and private sector organisations. 

Helen’s expertise lie with health and social care redactions, applying exemptions where applicable. Helen also runs a personal training company in Exeter in the evenings. 




Charlotte is our Data Protection Paralegal, having studied law at Cardiff University. Charlotte has worked in both the public and private sector in Cardiff and the South West, with experience in audit and providing legal services.  

Charlotte’s ambition is to qualify as a Solicitor, specialising in data protection law. Alongside Sandy, Charlotte will assist in providing our clients with advice on complying with the GDPR and UK Data Protection Act. In her spare time, Charlotte loves keeping active, regularly hitting the gym and playing tennis. 



Megan is our Training Manager who is responsible for the day to day running of all our training courses at DPAS. Megan Studied Events Managements at University in Cardiff. With her background in Sales and Events Management she has brought over her skills and knowledge to set up and deliver high quality training courses to our clients.

 Alongside the training set up, Megan will develop her Data Protection knowledge to expand her expertise in this industry. 




Mark works closely with DPAS assisting onsite with GDPR projects and training.

Mark is a MBA-qualified Business Consultant with a successful background in managing the impacts of change on organisation design and the target operating model. He has a vast amount of experience with regulatory impacts, divestments and mergers and has worked in B2B, financial services, banking, consulting, commercial, international and FTSE-100 corporate sectors.

Laura de Vries

Sr. Privacy Consultant

Laura has been working together with DPAS as a Sr. Privacy Consultant and is employed by our partner in the Netherlands, Cuccibu.Laura is CIPP/e, CIPM and CIPT certified, as well as holding a LLM in International and European Law and a MA in International Relations. Additionally Laura is in possession of a NIMA-A marketing certificate. 

​Laura has extensive experience as a paralegal and as a consultant working as a Data Protection Officer, Privacy Officer and (GDPR implementation) project lead for various organisation in diverse industries. Recently Laura collaborated with DPAS on the development of an overarching P&O data strategy for a large pharmaceutical company, focussing on data compliance, culture and value. Laura combines her work experience with excellent communication, research and presentation skills.



As the CEO of Warringtons, Stephen offers Business Consulting services to organisations in the Membership, Publishing and Legal sectors focusing on business change and big data initiatives. 

By enabling the change of business systems and internal processes, as well as leveraging existing organisational data, Stephen solves his clients’ toughest challenges. This empowers his clients to deliver value more effectively and drive competitive advantage within their sector.



Ralph joins the DPAS team as one of our leading consultants, focusing on audits and training. After two decades of work at the forefront of the privacy sector, Ralph has built his career around making the intricacies of Privacy & Security risk management understandable.

He enjoys passing on his passion for privacy by translating often complicated legal concepts, into sustainable business processes. Ralph uses his knowledge of data protection laws and information governance standards to help businesses develop and grow, engage their stakeholders, and to deliver real value to  his clients.

Ralph delivers our ISO 27001, ISO 27701 and BCS courses. 



Barry is one of our training consultants. He has years of experience in the field and offers bespoke and off the shelf courses focusing on Information Governance within the Health and Social Care field.

Barry won the ICOs Practitioner Award for Excellence in Data Protection Award 2020. He is a Chair for the Eastern Region IG Forum.

Barry has had a number of successes during his career. He formed the first national Strategic Information Governance Network Group, he supported the development of the former NHS Information Governance Toolkit and developed a national career path in the NHS for those working in data protection.

Barry delivers our health focused GDPR training, SIRO and Caldicott Guardian courses.



Nav joins the DPAS team as one of our external training consultants. Nav’s experience is vast specialising in Cyber Security, Security Management and Security Architecture. 

Nav has 23 years’ of experience leading Information Security teams, for International Organisations, all over the World. 

Nav also has experience in the development of Security target operating models to support business and IT global functions. He has exposure to global regulatory change and control implementation with a specific focus on Asia Pacific. More recently focusing on the upcoming changes to European Data Protection Law.

Nav leads our Cyber Security training programme. 



Inga enjoys bringing what some may see as a ‘dry’ subject to life through consultancy and training. She is able to translate complex data protection issues into clear and understandable language; to enable clients to make informed business decisions in relation to data protection.

She has experience of working with a range of public and private sector clients, including: tech start-ups, charities, multi-national organisations, Non-Governmental Organisations, and financial services organisations.  

Inga has a PhD in Science and Technology Studies from University College London (UCL), and an MSc in Science and Technology Policy Research from Manchester University. She is a Certified Information Privacy Professional/Europe (CIPP/E), a Certified Information Privacy Manager (CIPM), and is an ISO 27001 Certified Information Security Management System (ISMS) Lead Implementer.