meet the team


Meet the Team Nigel Gooding


LLM (Information Rights Law & Practice)

Chief Data Protection Officer

Nigel is the founder of the Data Privacy Advisory Service, and he plays a vital part in our success. Due to his extensive experience, Nigel is recognised as a leading expert in the industry.

A hugely experienced Data Protection Officer (DPO), Nigel has held a number of senior roles in private, and public, sector. These include a national board role with NHS Direct as Chief Operating Officer, along with a DPO role at South Western Ambulance NHS.

Nigel is the DPO at Macmillan Cancer support, Bristol Airport, and several other organisations. He has also worked in a number of local authorities and was DPO at Teignbridge and Watford Council.   

Nigel is also the External Examiner, Master of Laws (LLM), Cyber, Information, Technology, and Innovation, Law degree at Robert Watson University in Aberdeen.

He also has experience in working and liaising with the ICO and other EU supervisory authorities. Nigel has worked with clients in multiple jurisdictions, including those outside the EU and the GDPR adequacy arrangements. He was also the strategic Data Protection Subject Matter Expert advising the Government of Jersey in Health, Social Care, and Children’s, Services including safeguarding and education.

Nigel has also recently led the development of a Global Data Strategy with one of the largest companies in the world. This covers legislative compliance, data and information governance, and data value.

Nigel holds master’s degrees in Data Protection, Information Governance, and Information Rights Law, with a speciality in Subject Access Requests, Children’s and Young Person’s data sharing, Freedom of Information, and Environmental Information regulations law. He also holds practitioner level qualifications, wrote the first UK DPO CPD Accredited Training Course, Nigel is also an Information Security expert, a fellow of the British Computer Society (Institute of IT), and delivers their Information Security programmes.

Meet the Team Melanie Garnett




Melanie is currently responsible for day to day running of DPAS. She leads our financial planning, operational decision-making, sales team and our business strategy. 

Melanie comes from primarily a sales and project management background having spent most of her working life in travel. 

Melanie is also responsible for the project management of our International Data Compliance and Data Strategy projects.

Having joined DPAS at the start of our journey, Melanie has continued to work closely with Nigel, growing the business to what it is now.

She has a passion for all things business and is continually striving to ensure DPAS is leading the field in data protection consultancy services. 

Melanie holds a BCS practitioner certificate in Data Protection along with the APM Project Management Qualification (PMQ). Melanie also holds a CMI Level 5 Award in Management and Leadership.

DPAS is now considered a market leader in data protection training, working with one of the largest public sector organisations as their only training supplier.

Melanie also plays a key part in the success of our tender bids within the Public Sector.

In her spare time Mel loves taking Coco (one of our resident office dogs) out and about exploring Devon and Cornwall. She is also a keen skier, having worked in France and Lapland and has skied in over 40 ski resorts. During the summer months you will often see Mel wakeboarding or relaxing on a boat. 


Emma Richards Meet the Team



Emma is our Office and Training Manager. Working closely with Melanie, she is not only responsible for assisting with the day to day running of DPAS, to ensure the business is able to run smoothly and continue to grow as it has done to date, but also facilitate the training courses, providing delegates with a warm welcome and a consistent point of contact.

Emma has gained a variety of skills over the years working in compliance based roles within the Financial Services sector that enable her to tackle any challenge that comes her way.

She has been successful in; managing several projects integrating new Training & Competency tracking systems and customer review platforms within previous employers’ businesses, leading a team of trainers and competency assessors and, being the ‘go to’ Compliance sounding board.

In her spare time, Emma likes to keep fit but, conversely, is just as happy to be curled up with a good book and her cat.

Meet the Team Megan Black



Megan is our Account Manager, responsible for managing client accounts to ensure DPAS is always providing a 5-star service. Megan is the point of contact for many of our customers, new and old. 

Having studied Events Managements at university, Megan uses her skills and knowledge to build and maintain strong, long lasting customer relationships. This experience also lends itself to assisting with the training programme when needed.

In her spare time, she enjoys taking her two young children out for walks and adventures.


Natalie Bennett Meet the Team



Natalie joined DPAS in our Subject Access Requests team and from then her career with DPAS has flourished. Nat spent a year managing our SAR team and from there was promoted to a Senior Data Protection Consultant. Nat leads on our DPAS consultancy projects, liaising with our privacy and public sector organisations, ensuring that our work exceeds their expectations. Nat also looks after, alongside Nigel,  some of our outsourced DPO clients, supporting the organisations to continually maintain compliance with the law.

Natalie holds the BCS Practitioner Certificate in Data Protection and CMI Level 5 Award in Management and Leadership.

Nat recently gained her BCS Foundation certificate in Information Security Management Principles and is always striving to further develop her skill set.

Using her teaching background, Natalie also helps to deliver some of our accredited training courses. She offers a practical and pragmatic approach to data protection and brings to her courses her years of experience in the Industry.

Meet the Team Charlotte Bolt



Charlotte is our Data Protection Paralegal, having studied law at Cardiff University. She has worked in public and private sectors in Cardiff and the South West, and has experience in audits and providing legal services.  

Charlotte’s is in the process of qualifying as a Solicitor, specialising in data protection law.
Alongside Gary, Charlotte will assist in providing our clients with advice on complying with the GDPR and UK Data Protection Act.
In her spare time, Charlotte loves keeping active, attending Exteter Chiefs matches regularly hitting the gym and playing tennis. 



Kunbi is our data privacy officer – paralegal.

He is currently studying commercial law at the University of Exeter after qualifying as a lawyer in Nigeria, then working at a law firm and a fintech company.

His main role within DPAS is to provide clients with guidance on international data transfers.

Outside work, Kunbi can typically be found at the gym or cycling around the countryside.  


Privacy Solicitor

Gary joined DPAS in June 2021 and is a regulatory and privacy solicitor with over 15 years’ experience in all areas of risk and compliance, as well as serious fraud and litigation, and was involved in some highly publicised national cases (including the Mid-Staffordshire inquiry and the horse racing corruption scandal).

Gary is also experienced in advising organisations on worldwide data protection and privacy law issues.

As an MBA graduate Gary can also bring his business acumen to DPAS clients.

In addition to general data protection, clients can also avail of Gary’s legal expertise in areas of commercial law, public law, contracts, healthcare and compliance, ensuring DPAS can provide a one-stop-shop for all business legal matters.

Georgina Daugherty


Senior Business Analyst

Georgina joined DPAS in July 2021 to bring her prior experience with public and private sector organisations to projects. She will work with a variety of clients to protect their information and minimise data risks. She holds the BCS Practitioner Certificate in Data Protection.

Georgina worked as a business analyst for a software company in London before moving back home to Devon (where she grew up). During the pandemic, Georgina worked for the NHS in a variety of roles on the staff bank, most notably as a vaccinator for the Exeter COVID-19 Mass Vaccination Centre.

In her spare time, Georgina likes to stay active, including playing tennis and wakeboarding. She studied Economics and Politics at Cardiff University where she was the President of the Politics Society from 2014-2016.




Zack currently works as part of the Subject Access Request Team to provide redaction services for a number of organisations. He holds the BCS Practitioner Certificate in Data Protection.

Zack has previously worked in administration and operations in the beverage, microbiology and charity sectors.

In his spare time Zack enjoys gardening and the occasional round of golf.

Jemma Jones Bio Avatar


Subject Access requests officer

Jemma works as part of the Subject Access Request team providing redaction services to various organisations, and holds the BCS Foundation Certificate in Data Protection.

Having previously worked as a Legal Executive for regional law firms where she specialised in residential property she has now transferred her background legal knowledge and skills to processing subject access requests.

In her spare time Jemma enjoys long walks with her dogs and cake decorating.



Kathryn works as part of the Subject Access Request Team providing redaction services to various organisations.

Kathryn currently lives in Wales, she has worked in the financial sector for 16 years, and as an operations manager for the past 10 years.

She would deal with the day to day running of a busy finance office, and also the HR for the business, for which she has taken the CIPD level 3 qualification.

In her spare time Kathryn enjoys walks and baking the occasional cake


Subject Access requests officer

Alex works as part of the Subject Access Request (SAR) team at DPAS. His role currently consists of assessing and redacting documents on behalf of our clients.

Alex has worked in information governance for a while, previously working at EDF.

Alex is a keen fitness enthusiast and plays for a local Saturday football team, as well as regularly going to the gym and taking part in half marathons and 10k runs.



Ellen currently works as part of the Subject Access Request Team to provide redaction services for a number of organisations. 

She previously worked in the healthcare industry for NHS 111. 

In her spare time, Ellen enjoys riding her horse and keeping active at the gym. 



Alisha currently works as part of the Subject Access Requests Team as DPAS to provide redaction services.


In her spare time, Alisha enjoys going on dog walks and swimming.



Jacks role is to assist the SAR team in processing and redacting data that data subjects request from our clients. Jack is responsible for helping to redact data belonging to persons other than the data subject thereby ensuring compliance with the GDPR. It is an interesting and engaging role that should keep challenging me throughout my time at DPAS, and will help to relieve a great deal of pressure from our client’s own data protection officers.

Jack comes to DPAS with a degree in Law from the University of Plymouth. In his spare time Jack loves to take up new practical skills and read books. 



Alex currently works as part of the Subject Access Request Team, processing and redacting data on that data subjects request from our clients. 

He previously worked in the electrical wholesale industry as a Stores Manager and is currently studying for a degree in Law with Business at Exeter University’s Penryn Campus. 


Alex enjoys spending his spare time with his head in a book.


Meet the Team Andy Ledger



Andy leads our Business Development within the public sector. He specialises in change management, project management and providing data protection services to local authorities and their partners. 

Andy leads the sales division at DPAS, discussing with potential customers the benefits our outsourced services can provide their organisation. 

Andy manages the DPAS Northern sales team, coaching and supporting Lottie and Ella. 

Andy has years of experience in his field and has fantastic relationships with organisations in the Public Sector.

Whilst he isn’t working Andy loves to get out and about for long walks and spend time with his family.


Lottie is part of the marketing team at DPAS. She writes our blogs, updates our social media and works on our marketing plans.

She recently graduated from Leeds University with a BA in History and volunteers in the digital marketing department for Solace Women’s aid.

In her spare time, she enjoys painting, attending metafit classes and spending time with her son Joe Joe.




Mark works closely with DPAS, assisting onsite with GDPR projects and training.

Mark is a MBA-qualified Business Consultant with a successful background in managing the impacts of change on organisation design and the target operating model. He has a vast amount of experience with regulatory impacts, divestments and mergers. He has worked in B2B, financial services, banking, consulting, commercial, international and FTSE-100 corporate sectors.

Laura de Vries

Sr. Privacy Consultant

Laura has been working together with DPAS as a Sr. Privacy Consultant and is employed by our partner in the Netherlands, Cuccibu. She is CIPP/e, CIPM and CIPT certified, as well as holding a LLM in International and European Law and a MA in International Relations. Additionally Laura is in possession of a NIMA-A marketing certificate. 

She has extensive experience as a paralegal and as a consultant working as a Data Protection Officer, Privacy Officer and (GDPR implementation) project lead for various organisations in diverse industries. Recently Laura collaborated with DPAS on the development of an overarching P&O data strategy for a large pharmaceutical company, focussing on data compliance, culture and value.

She combines her work experience with excellent communication, research and presentation skills.



As the CEO of Warringtons, Stephen offers Business Consulting services to organisations in the Membership, Publishing and Legal sectors, focusing on business change and big data initiatives. 

By enabling the change of business systems and internal processes, as well as leveraging existing organisational data, Stephen solves his clients’ toughest challenges. This empowers his clients to deliver value more effectively and drive competitive advantage within their sector.



Ralph joins the DPAS team as one of our leading consultants, focusing on audits and training. After two decades of work at the forefront of the privacy sector, Ralph has built his career around making the intricacies of Privacy & Security risk management understandable.

He enjoys passing on his passion for privacy by translating often complicated legal concepts, into sustainable business processes. Ralph uses his knowledge of data protection laws and information governance standards to help businesses develop and grow, engage their stakeholders, and to deliver real value to his clients.

Ralph delivers some of our BCS certified courses along with data protection courses. 



Frank is a cyber security professional with over 16 years professional experience working for SMEs, government bodies and alongside the NHS.
His experience includes securing mental health systems for NHS Trusts and private healthcare, leading on security programs for national defence capabilities and consulting for global investment firms. He has extensive experience navigating ISO27001, Cyber Essentials, DTAC and DSPT as well as NIST, NCSC and CSA security assessment frameworks.
Frank holds engineering certifications from Amazon Web Services, Microsoft, Google and Cisco – as well as security certifications from ISC2, the Cloud Security Alliance and IBM. He is an Agile Alliance Certified Scrum Master and has been an Agile Product Owner for several years.
Frank is also a speaker at data protection and cyber security conferences, as well as guest lecturer at software and cyber security academies.



Barry is one of our training consultants. He has years of experience in the field and offers bespoke and off the shelf courses focusing on Information Governance within the Health and Social Care field.

Barry won the ICOs Practitioner Award for Excellence in Data Protection Award 2020. He is a Chair for the Eastern Region IG Forum.

Barry has had a number of successes during his career. He formed the first national Strategic Information Governance Network Group, and supported the development of the former NHS Information Governance Toolkit. He also developed a national career path in the NHS for those working in data protection.

Barry delivers our health focused GDPR training, SIRO and Caldicott Guardian courses.

Bilal Ghafoor Training Image



Bilal is an information governance professional, with more than 9 years’ experience in central and local government in and around London, NHS, regulatory bodies and the voluntary sector. 

Bilal was on the British Standards Institute Committee for the GDPR update to the the data protection standard, BS 10012:2017. He also delivers our BCS Practitioner Certificate in FOI. 

Bilal has also spoken on FOI at the 6th Conference of Scientific Archivists in Brazil; the PDP FOI Conference in London; the National Police Chiefs’ Council FOI/DP conference; trainer for Understanding ModernGov, Civil Service College; TNA IMLG and numerous other conferences.

Bilal leads our Freedom of Information training courses, creating and delivering bespoke material for our public sector clients and delivering our FOI accredited courses. 



Nav joins the DPAS team as one of our external training consultants. Nav’s experience is vast specialising in Cyber Security, Security Management and Security Architecture. 

Nav has 23 years’ of experience leading Information Security teams, for International Organisations, all over the World. 

Nav also has experience in the development of Security target operating models to support business and IT global functions. He has exposure to global regulatory change and control implementation with a specific focus on Asia Pacific. More recently focusing on the upcoming changes to European Data Protection Law.

Nav leads our Cyber Security training programme. 



Coco, is CEO of Doggy DPAS. She is the more placid one of the bunch, and is happy to sleep most of her day away. 

That is unless there is an opportunity to have a swim, because no matter how deep, stinking, dirty, or green, Coco will go for a dip. Which does not always improve the aroma in the office! 

Her favourite place is on the beach and she would spend hours on end digging holes if she could. Like Beau, she loves the water and is often found outside of the office swimming in the very smelly pond.



Beau is the old girl owned by Nigel, not that you would ever know!

She can be found in the bosses office, enjoying her very own armchair and scenic views like a true country girl. Don’t let it fool you though, if there is a ball in sight then Beau will be the first one to the scene. 

She loves to be chasing a ball or running around outside. She takes herself for a walk to the local church now and then, which has caused several moments of panic.



Bailey is the resident fugitive. Her rap sheet includes theft, evading arrest, and escaping custody. 

She is generally found sleeping in one of the larger dog’s beds and refusing to move, or wherever there may be a crumb going spare. 
She loves a game of hide and seek in the carpark, much to the frustration of the team at DPAS. But despite her criminal reputation, she is happy with a cuddle and a lap to sleep on. 

Don't just take our word for it

Our Clients

“I was extremely relieved to find the friendly team and excellent service at DPAS. They went out of their way to support me in a short timeframe, not only to fulfill my data privacy criteria – which included more complex special category data processing – but also with trusted legal support, which – being all under one DPAS roof – was easier to access and significantly more time and cost effective”.