meet the team

Meet the Team Nigel Gooding


LLM (Information Rights Law & Practice)

Chief Data Protection Officer

Nigel is founder of the Data Privacy Advisory Service, and he plays a vital part in our success. Due to his extensive experience, Nigel is recognised as a leading expert in the industry.

A hugely experienced Data Protection Officer (DPO), Nigel has held a number of senior roles in private and public sector. These include a national board role with NHS Direct as Chief Operating Officer, along with a recent DPO role at South Western Ambulance NHS.

Nigel is the DPO at Macmillan Cancer support, Bristol Airport and several other organisations.  He has also worked in a number of local authorities, and was DPO at Teignbridge and Watford Council.

He also has experience in working and liaising with the ICO and other EU supervisory authorities. Nigel has worked with clients in multiple jurisdictions, including those outside the EU and the GDPR adequacy arrangements. He was also the strategic Data Protection Subject Matter Expert advising the Government of Jersey in Health, Social Care and Children’s Service including Safeguarding and Education.

Nigel has also recently led the development of a Global Data Strategy with one of the largest companies in the world. This covers legislative compliance, data and information governance and data value.

Nigel holds Master’s degrees in Data Protection and Information Governance, Information Rights Law with a speciality in Children’s and Young Person’s data sharing, Freedom of Information, and Environmental Information regulations law. He also holds practitioner level qualifications, wrote the first UK DPO CPD Accredited Training Course, and is the lead trainer for the DVLA.

Meet the Team Melanie Garnett



Melanie is currently responsible for day to day running of DPAS. She leads our financial planning, operational decision-making, and our business strategy. 

Melanie is also responsible for the project management of our International Data Compliance and Data Strategy projects.

Having joined DPAS at the start of our journey, Melanie has continued to work closely with Nigel, growing the business to what it is now. She has a passion for all things business, and is continually striving to ensure DPAS is leading the field in data protection consultancy services. 

With the recent success of DPAS becoming an accredited BCS training provider, she has worked with our Training Manager, Megan, to develop the training arm of the business. 

DPAS is now considered a market leader in data protection training, working with one of the largest public sector organisations as their only training supplier.

Melanie also plays a key part in the success of our tender bids within the Public Sector.

Meet the Team Louise Cafferty



Louise is a compliance specialist in a number of areas, including Data Protection, Information Security, and Information Governance.  Having worked in different businesses Louise is an experienced practitioner so can give pragmatic advice and real-world experiences.

As a professional, Louise has experience in GDPR and the Data Protection Act, Information Security including the implementation and management of ISO 27001 and Business Continuity ISO 22301 and Information Governance in both private and public sectors.

Having produced training materials in a number of roles, she keeps training interesting and plain speaking while integrating best practice and practical examples throughout.

Louise also has experience in undertaking internal and external audits and gap analysis against a number of compliance areas.

Outside of work Louise’s passion involves family and the love to travel.

Meet the Team Natalie Bennett



Natalie is an Exeter University graduate, with a background in teaching Mathematics at GCSE & A-Level. After switching careers from education to Data Privacy, Natalie makes use of her academic skills in the world of data protection.

Natalie holds the BCS Practitioner Certificate in Data Protection and supports Nigel with our outsourced DPO services

Using her teaching background, Natalie also helps to deliver some of our accredited training courses. She offers a practical approach to data protection.

Meet the Team Andy Ledger



Andy leads our Business Development within the public sector. He specialises in change management, project management and providing data protection services to local authorities and their partners. 

Andy leads the sales division at DPAS, discussing with potential customers the benefits our outsourced services can provide their organisation. 

Meet the Team Sarah Wilson


Senior business analyst

Sarah has worked with DPAS as an Associate Senior Business Analyst since 2018. During this time, she has worked with key clients to deliver high quality information assets. Sarah has over 15 years experience as a Senior Business Analyst, across both Public and Private Sector Organisations.

Alongside Nigel, Sarah leads the Information and Cyber Security division of DPAS. She works with a variety of clients to protect their information and minimise data risks.

Meet the Team Helen Kukor


Subject access requests officer

Helen provides outsourced subject access requests redaction services to our public and private sector organisations. 

Her expertise sits with health and social care redactions, applying exemptions where applicable.

Helen also runs a personal training company in Exeter in the evenings. 

Meet the Team Charlotte Bolt



Charlotte is our Data Protection Paralegal, having studied law at Cardiff University. She has worked in public and private sectors in Cardiff and the South West, and has experience in audits and providing legal services.  

Charlotte’s ambition is to qualify as a Solicitor, specialising in data protection law. Alongside Sandy, Charlotte will assist in providing our clients with advice on complying with the GDPR and UK Data Protection Act.
In her spare time, Charlotte loves keeping active, regularly hitting the gym and playing tennis. 
Meet the Team Megan Black



Megan is our Training Manager, responsible for the day to day running of all our courses at DPAS. Having studied Events Managements at  university, Megan uses her skills and knowledge to set up, and deliver, high quality training courses to our clients.

 Alongside the training programme, Megan will develop her Data Protection knowledge to expand her expertise in this industry. 

Jemma Jones Bio Avatar


Subject Access requests officer

Jemma works as part of the Subject Access Request team providing redaction services to various organisations.

Having previously worked as a Legal Executive for regional law firms where she specialised in residential property she has now transferred her background legal knowledge and skills to processing subject access requests.

In her spare time Jemma enjoys long walks with her dogs and cake decorating.



Ellen currently works as part of the Subject Access Request Team to provide redaction services for a number of organisations. 

She previously worked in the healthcare industry for NHS 111. 

In her spare time, Ellen enjoys riding her horse and keeping active at the gym. 

Matt Cuthbert Meet the Team



Matt currently works as part of the Subject Access Request Team to provide redaction services for a number of organisations.
Alongside this work, Matt is currently studying his Masters in Computing and Information Systems at the University of South Wales. This follows on from his BSc in Applied Mathematics from Cardiff University in 2018.
Having previously worked at DPAS, Matt has a range of experience helping organisations comply with the General Data Protection Regulations (GDPR), Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications Regulations (PECR). 

In his spare time, Matt likes to keep active and is an avid basketball player.




Mark works closely with DPAS, assisting onsite with GDPR projects and training.

Mark is a MBA-qualified Business Consultant with a successful background in managing the impacts of change on organisation design and the target operating model. He has a vast amount of experience with regulatory impacts, divestments and mergers. He has worked in B2B, financial services, banking, consulting, commercial, international and FTSE-100 corporate sectors.

Laura de Vries

Sr. Privacy Consultant

Laura has been working together with DPAS as a Sr. Privacy Consultant and is employed by our partner in the Netherlands, Cuccibu. She is CIPP/e, CIPM and CIPT certified, as well as holding a LLM in International and European Law and a MA in International Relations. Additionally Laura is in possession of a NIMA-A marketing certificate. 

She has extensive experience as a paralegal and as a consultant working as a Data Protection Officer, Privacy Officer and (GDPR implementation) project lead for various organisations in diverse industries. Recently Laura collaborated with DPAS on the development of an overarching P&O data strategy for a large pharmaceutical company, focussing on data compliance, culture and value.

She combines her work experience with excellent communication, research and presentation skills.



As the CEO of Warringtons, Stephen offers Business Consulting services to organisations in the Membership, Publishing and Legal sectors, focusing on business change and big data initiatives. 

By enabling the change of business systems and internal processes, as well as leveraging existing organisational data, Stephen solves his clients’ toughest challenges. This empowers his clients to deliver value more effectively and drive competitive advantage within their sector.



Ralph joins the DPAS team as one of our leading consultants, focusing on audits and training. After two decades of work at the forefront of the privacy sector, Ralph has built his career around making the intricacies of Privacy & Security risk management understandable.

He enjoys passing on his passion for privacy by translating often complicated legal concepts, into sustainable business processes. Ralph uses his knowledge of data protection laws and information governance standards to help businesses develop and grow, engage their stakeholders, and to deliver real value to his clients.

Ralph delivers some of our BCS certified courses along with data protection courses. 



Barry is one of our training consultants. He has years of experience in the field and offers bespoke and off the shelf courses focusing on Information Governance within the Health and Social Care field.

Barry won the ICOs Practitioner Award for Excellence in Data Protection Award 2020. He is a Chair for the Eastern Region IG Forum.

Barry has had a number of successes during his career. He formed the first national Strategic Information Governance Network Group, and supported the development of the former NHS Information Governance Toolkit. He also developed a national career path in the NHS for those working in data protection.

Barry delivers our health focused GDPR training, SIRO and Caldicott Guardian courses.



Nav joins the DPAS team as one of our external training consultants. Nav’s experience is vast specialising in Cyber Security, Security Management and Security Architecture. 

Nav has 23 years’ of experience leading Information Security teams, for International Organisations, all over the World. 

Nav also has experience in the development of Security target operating models to support business and IT global functions. He has exposure to global regulatory change and control implementation with a specific focus on Asia Pacific. More recently focusing on the upcoming changes to European Data Protection Law.

Nav leads our Cyber Security training programme. 



Inga enjoys bringing what some may see as a ‘dry’ subject to life through consultancy and training. She is able to translate complex data protection issues into clear and understandable language, enabling clients to make informed business decisions in relation to data protection.

She has experience of working with a range of public and private sector clients, including: tech start-ups, charities, multi-national organisations, Non-Governmental Organisations, and financial services organisations.  

Inga has a PhD in Science and Technology Studies from University College London (UCL), and an MSc in Science and Technology Policy Research from Manchester University. She is a Certified Information Privacy Professional/Europe (CIPP/E), a Certified Information Privacy Manager (CIPM), and is an ISO 27001 Certified Information Security Management System (ISMS) Lead Implementer.

Bilal Ghafoor Training Image



Bilal is an information governance professional, with more than 9 years’ experience in central and local government in and around London, NHS, regulatory bodies and the voluntary sector. 

Bilal was on the British Standards Institute Committee for the GDPR update to the the data protection standard, BS 10012:2017. He also delivers our BCS Practitioner Certificate in FOI. 

Bilal has also spoken on FOI at the 6th Conference of Scientific Archivists in Brazil; the PDP FOI Conference in London; the National Police Chiefs’ Council FOI/DP conference; trainer for Understanding ModernGov, Civil Service College; TNA IMLG and numerous other conferences.