People Detail | Setfords
Mark Rhodes

Mark Rhodes
Senior Consultant Solicitor

Mark is a privacy and data protection specialist solicitor and has been practising privacy and data protection since 2006, long before GDPR.  As such, he brings a rare depth of experience to draw upon when providing advice.  Mark has spent most of his career in-house and has lived and breathed the wider commercial context and imperative to be pragmatic. He has worked within both the financial services and the life sciences industries.

Mark’s experience includes: 

  • Chief Privacy Officer and Data Protection Officer for a company delivering the world’s first and only multi-condition software as a medical device;
  • Chief Privacy Officer and Data Protection Officer for a household FTSE 100 plc in financial services in 32 countries; and, 
  • Group Head of Privacy at a division of a top 15 global brand.

More substantively, he has advised on:

  • Inventory - mapping data used, by whom, why and when, and qualifying the material associated risk and the relevant controls (and documentation).
  • Consent and consent management - privacy policies and notices, cookies policies, not collecting data that should be collected or using data outside of permissions.
  • Privacy contract terms - negotiating of privacy contractual terms for commercial agreements; application of which standard contract terms.
  • Operationally handing personal data from privacy by design, data privacy impact assessments, transfer impact assessments, through to complaints handling, enquiries and data subject access requests.
  • Over retention and destruction of data – ensuring retention requirements are proportionate and applied; finding and fixing where there is insufficient deletion of data.
  • Governance - reviewing internal policies (not just to be compliant but also actually understandable), appropriate governance and audit requirements of a business as well as both their business customers and any third-party providers or subcontractors; due diligence on acquisitions;
  • Risk management and reporting – spotting trends and translating the impact of new laws;
  • Training and awareness – the single biggest control an organisation can wield;
  • Regulators, law enforcement & various other government departments - successfully engaging and responding or steering engagement. This also extends to successfully managing engagement by privacy activists;
  • Breaches - 100% successful closure of data breaches without fines or other sanctions; 
  • Privacy risk management programmes - designing, structuring, embedding and reviewing sustainable privacy programmes to appropriately manage risk to business risk appetite.

Getting Privacy and Data Protection compliance right, pragmatically, and proportionate to the risk is key to commercial success.  It also best positions a business to take advantage of market opportunities sooner, for example, by implementing AI systems. 

If an initial call could be useful, please call.

Practice areas

Business LawIntellectual property

    Speak to our team

    Call our team on 0330 058 4011 or fill out the form below and we will get back to you as soon as possible.

    Contact our team

    General / 0330 058 4012

    New Business / 0330 058 4011

    Payments / 01483 375 690

    Telephone opening hours

    Monday to Saturday / 9:00am – 5:00pm

    Closed Sunday & Bank Holidays


    74 North Street



    GU1 4AW

    DX / 2401 Guildford

    Office opening hours

    Monday to Thursday / 9:00am – 5:30pm

    Friday / 9:00am – 5:00pm

    Closed Saturday, Sunday & Bank Holidays

    * notes a required field. We normally respond within 30 minutes during working hours. Read our privacy statement here