Marcus Evans
Marcus Evans
Biography
Marcus Evans is a data protection, privacy and cybersecurity lawyer based in London. As a partner in the communications media and technology team, Marcus leads our European Information Governance, Privacy and Cyber Security Group and our Artificial Intelligence Group and is a member of our International Outsourcing Group.
Marcus regularly coordinates multijurisdictional data privacy projects covering all aspects of data privacy compliance, including the roll out of privacy programmes, adoption of new technologies and working practices, cross border data flows, large scale or complex data subject right responses and liaison with regulators in relation to complaints and breaches. He also advises on artificial intelligence, data protection and freedom of information risks in e-commerce, commercial transactions, M&A and in relation to discovery and regulatory investigations, having had a broad outsourcing and tech practice before becoming focused on data and AI regulatory issues. He counsels clients across sectors.
Marcus has spoken at industry events on AI, data protection, blockchain, outsourcing and open source software issues.
Marcus has been ranked as a leading Data Privacy practitioner by Chambers since 2020. Clients have said "Marcus is astonishingly pragmatic and client-oriented." "I always find Marcus to be very commercially astute, pragmatic, and determined to understand the company, our ambitions and our risk appetite, and to advise a way forward that can work best for us."
Marcus has been recognised in 2025 Best Lawyers individual award categories for The Best Lawyers in the United Kingdom (2025 Edition).
Professional experience
Representative experience
Representative experience
- Advised HSBC UK on a long-term relationship agreement between M&S and HSBC UK that is focused on M&S’ credit offering, payment solutions and bringing together digital payments and loyalty for M&S customers, including advising on all the data protection aspects, such as detailed negotiation of the controller / processor positions of the parties, the appropriate data protection clauses, the achievable milestone dates and dependencies as well as the treatment and sharing of data as an asset (rather than purely as personal data subject to the UK data protection laws).
- Advising a global telecommunications company with significant US operations on the implications of the landmark Schrems II ruling, including strategic board options memos, analysing all services and preparing customer facing information on supplemental measures, updating standard form customer and vendor agreements and playbooks and working with PwC to operationalise changes at scale.
- Advising a global telecommunications company on various issues including the use of biometric authentication technologies and EU Cyber Resilience Act compliance steps.
- The AIG CyberEdge cyber insurance product gives insureds pan-European, UAE and South African data breach coverage for data breach response. We provide a coordinated data breach response service to strict service levels across the UK, 27 EEA countries, Israel, UAE and South Africa (and very frequently in other jurisdictions too, including the US, Asia, Latin America and Australia).
- Advising a telecoms operator on a dispute and subsequent renegotiation of its £1.5bn outsourced network operation and management agreement.
- Advising various companies on AI governance process, including providing overflow resource to review use cases under processes that we set up for the client.
Admissions
Admissions
- Solicitor, qualified in England & Wales
Memberships and activities
Memberships and activities
- International Chamber of Commerce's Taskforce on Data Privacy
- Society for Computers and Law
Insights and news
Insights
News
