Vishnu Shankar, a partner in our London and Brussels offices, brings advisory, incident response, and regulatory defense capabilities in complex EU and UK data protection (GDPR; EU Data Act), artificial intelligence (EU AI Act), privacy, cybersecurity (NIS; Cyber Resilience Act), international data transfers, content moderation (EU Digital Services Act; UK Online Safety Act), and other digital regulatory matters. Until recently, he served as Head of Legal (Regulatory Enforcement) at the Information Commissioner’s Office (ICO), a leading European data protection regulator. Vishnu has defended clients in landmark EU GDPR enforcement actions involving AI/machine learning. He is admitted in England and Wales, Brussels, and New York. Active in the firm’s India Initiative, Vishnu serves as a strategic counselor to leading India-based companies.
Vishnu represents clients in high-stakes EU and UK privacy and cybersecurity advisory, compliance, enforcement defense, crisis management, data breach and incident response, and litigation matters. The Legal 500 UK has noted that Vishnu has “excellent attention to detail, an amazing work ethic and tremendous research skills.” Vishnu is also a member of Morgan Lewis’s AI Task Force, Global Conflicts Task Force, and India initiative, where he serves as a strategic counsellor in a variety of industries.
Vishnu represents clients in multiple industries and sectors, including financial services (banking, payments, and fintech); life sciences, medical devices, and pharmaceuticals; transportation and travel; technology and telecommunications; retail and ecommerce; asset management and private equity; and sports, media, and entertainment. Notably, in private practice, he has defended clients in GDPR enforcement actions involving artificial intelligence and machine-learning (AI/ML) technologies in an EU member state.
As the ICO’s former head of Legal (Regulatory Enforcement) and a member of its legal leadership team, Vishnu helped drive certain of the ICO’s key investigations and enforcement actions involving the GDPR, the Privacy and Electronic Communications Regulations (PECR), and cybersecurity. Vishnu’s experiences, including with multi-regulator enforcement actions via the UK Digital Regulatory Cooperation Forum (DRCF), which brings together the ICO, CMA, OfCom, and FCA, and as a liaison with government and law enforcement agencies such as the UK NCSC and NCA, inform his practice.
He is regularly invited to speak at industry and academic conferences and provides commentary to the media about privacy, cybersecurity, AI/ML, and other technology regulatory law issues. Prior to joining the ICO, Vishnu practiced (including as a partner) for more than a decade at leading law firms in London, New York, and Dublin, where he focused on technology, data privacy, and cybersecurity law as well as intellectual property transactional matters.
EU/UK Data Protection and Digital Regulation Counseling
EU/UK Cybersecurity Incident Response and Remediation
EU/UK Regulatory Defense and Litigation
Recommended, Risk Advisory: Privacy & Cybersecurity, The Legal 500 UK (2018, 2024, 2025)
Recommended, Risk Advisory: Data Protection, The Legal 500 UK (2024, 2025)
Recommended, Technology, Media & Telecommunications, The Legal 500 UK (2023)
Recommended, Sports Groups, The Legal 500 UK (2022)
Recognized, Thought Leader in Privacy, DataGuidance (2018)