Profile

Nathalie is a data protection, cybersecurity & AI partner at Kennedys, member of the global cyber & data team, in London. She is a dual qualified lawyer in the UK and in France.

She is a well-known and trusted adviser in the global privacy and data protection world, who brings 20 years of experience and extensive knowledge to clients across sectors and jurisdictions.

She has a broad-based UK and international practice working with a diverse range of clients, including household multinational corporations to high growth businesses.

Her focus is on data rich industry sectors, including technology, financial services, healthcare & life sciences, retail & consumer, hospitality & leisure, advertising & marketing, automotive, media & publishing.

Nathalie’s practice encompasses the full range of data protection, e-privacy and cybersecurity issues including global data protection audits and compliance implementation programmes, policies, data processing/ sharing arrangements, vendor management, data protection impact assessments, privacy by design, marketing permissions, data collection and commercial exploitation, and data subject rights.

She is regularly advising on data governance and legal requirements in connection with the use of new technologies (AI, Gen AI, IoT, etc.). She also helps clients navigate the regulation of AI under the EU AI Act and of IoT devices under the EU Data Act.

She regularly provides strategic advice in relation to multi-jurisdictional data transfers including on the implementation of the new EU Standard Contractual Clauses (EU SCCs); the UK Addendum to the EU SCCs, BCRs, the EU-US Data Privacy Framework, intra-group data sharing arrangements, etc.), and in relation to conflicts between different applicable privacy laws.

Nathalie also advises on cybersecurity matters ranging from data breach response, forensic investigations and remediation, to system infrastructure and network security, the NIS Regulations/Directive, data security governance and standards.

Having been part of the European Commission and the World Bank, earlier in her career, she combines a strong regulatory expertise with commercial pragmatic solutions when it comes to advising clients on compliance with data protection laws or representing them in their dealings with the UK, the EU regulators or the EDBP.

Nathalie has several external appointments including:

  • as a member of the panel of the External Expert Reviewer (EER)to the World Bank in Washington DC (https://www.worldbank.org/en/programs/accountability/data-privacy#eer)
  • Member of the Technology working group of the French Foreign Trade Advisory Committee in the UK which is currently focusing on the regulation of technology platforms (AI & ethics, online harm, fake news and transparency in political advertising).
  • Chair of the Cybersecurity Committee of the Society for Computer and Law

Qualifications:

  • Qualified in the UK in 2012 and in France in 2000.

Education

  • July 1998 - Doctorate in Law, University of Pantheon-Assas, Paris II, France
  • June 1995 - Harvard Law School, LL.M. (Masters), Cambridge, Massachusetts

Languages

  • Nathalie is fluent in English, Spanish and French.  Basic Italian and Russian.

Market recognition

  • Ranked for data protection
    "Nathalie Moreno – is able to take quite complex issues and break them down, solutionise them and give practical ways to resolve them, without hesitation she steps us and gives us support, always willing to go that extra bit to make sure everything is as it should be."
    "Nathalie Moreno is cool, calm, and collected, which is always appreciated."
    Legal 500 UK 2016-2024
  • Nominated in the category Privacy Lawyer of the Year.
    Piccaso Privacy Award 2022