Rohan Massey


  • LPC (Pass), College of Law, London, 1998
  • Post Graduate Diploma in Law (Pass), City University, London, 1997
  • BA (Hons), University College, London, 1994


  • England and Wales, Solicitor, 2000
  • Member, Editorial Board, E-Commerce Law and Policy
  • Member, Commercial Law Committee, City of London Law Society
  • Member Association of International Privacy Professionals
  • Member, Data Protection Forum UK
  • Legal 500 2016
  • World Trademark Review 1000 2016-2017 – recognized as being a “licensing and IP transactions cognoscente” who “manoeuvres shrewdly in the heavily regulated alcoholic beverage sector and backs up his IP know-how with expertise in ancillary areas such as privacy”.
  • World Trademark Review 1000 2014 – recognized as a ‘….mastermind’ with commentators lauding Rohan’s “deep understanding of the relevant law and ability to apply it in a practical way – he speaks in plain English and is approachable and energetic”.
  • Chambers UK 2013 – recognized as an “up and coming” individual
  • World Trademark Review 1000 2012 – described as being a “well-versed IP lawyer providing superb advice on difficult points” who “understands the commercial context well and knows the law extremely thoroughly”.
  • Chambers UK 2012 - ranked as a leader in his field based on his excellent reputation in the commercialisation of IP, his straightforward approach is described by clients as “to the point and business-focused; he combines a brief overview with sound advice, not reams of legal opinions.”
  • Legal 500 UK 2011 - recommended his focus on commercial IP, he is described as “approachable, friendly and knowledgeable”

Rohan Massey


Rohan Massey leads the firm’s privacy and cybersecurity practice in Europe and focuses his practice on data protection, data security, brand protection, e-commerce, and IT. As well as advising on global data protection and privacy issues he also advises on intellectual property issues arising in corporate transactions. Rohan specialises in international data transfer issues and advises clients on global compliance programs and reactive solutions, including breach data management and doxing (doxxing) issues. His industry-focused expertise covers life sciences and clinical trials, as well as media, sponsorship, advertising, sales promotions, and intellectual property issues, marketing issues in the sports apparel and food and drink sectors. His client base is international in scope, as he works extensively across Europe and the U.S.

Rohan regularly writes for various industry publications. He is also a member of the editorial board of E-Commerce Law and Policy. Articles Rohan has authored or co-authored include: “The UK’s Proposed Framework Code of Practice for Sharing Information,” World Data Protection Report; “Transfers of Clinical Research Data from the European Union to the United States,” BNA’s Medical Research Law and Policy Report; “The Growing Concerns of Identity Theft,” Electronic Business Law; “Sales Promotion in The International Sales and Marketing Practice,” Practical Law Company; “Ambush Marketing,” International Chamber of Commerce UK Handbook; “The Distance Marketing of Financial Services – A UK Overview,” Journal of Financial Services Marketing. Rohan also contributes to “Law in Action” on BBC Radio 4. World Trademark Review 1000 2016 – Recognized Rohan as being a “licensing and IP transactions cognoscente” who “manoeuvres shrewdly in the heavily regulated alcoholic beverage sector and backs up his IP know-how with expertise in ancillary areas such as privacy”.


  • Acting for Bain Capital on its acquisition of NGA UK, a UK payroll and HR Business from NGA Human Resources
  • Acting for Oakley Capital on the acquisition of TechInsights, a technology patent analysis business

Notable transactions in which Rohan has been involved prior to joining the firm include:

  • Advised a UK client on the handling and reporting of a data breach relating to a customer database, which lead to the arrest of an individual charged with a criminal offence under the UK’s Data Protection Act.
  • Advising multinational client on global data privacy strategies, as well as drafting and implementing data privacy policies and procedures
  • Conducting e-commerce compliance audits for various international banks, multinationals and internet start-ups, and advising on website creation and disclaimers, online contracting and digital distribution as well as e-procurement, outsourcing and security issues
  • Advising on the intellectual property and technology issues arising in corporate transactions ranging from public market flotations to sale and acquisition of business
  • Advising corporate clients on the structuring of intra-group licensing to maximise the commercial benefit from the exploitation of group-wide and subsidiary based intellectual property
  • Advising on promotion and marketing matters, including promotions and labelling, as well as trademarks, copyright, licensing and distribution issues
  • Negotiating sponsorship deals for major sports teams and events



  • Speaker, “Complying With the EU GDPR Requirements in Clinical Trials,” Ropes & Gray Roundtable Discussion (December 2017)
  • Panelist, “Practical considerations and impact of the proposed E-privacy Regulation,” Thomson Reuters Future of Data Protection Conference, London, UK (October 5, 2017) 
  • Presenter, “The Ever-Changing Privacy and Cybersecurity Landscape and its Impact on Health Care Companies,” Ropes & Gray Webinar (July 20, 2017) 
  • Moderator, “The Ever-Changing Privacy and Cybersecurity Landscape and its Impact on Private Equity Firms,” Ropes & Gray Roundtable (May 9-10, 2017)
  • Moderator, “How to GDPR-ify Your Vendor Management Program,” IAPP Global Privacy Summit (April 20, 2017)
  • Moderator, “OBA: All Cards on the Table or Is There Too Much that Cannot Stand in the Daylight?” Forum on International Privacy Law, Konigstein, Germany (March 22, 2017)
  • Moderator, “Cybersecurity – the reality, the challenge and the May ’18 deadline,” Enterprise GC (March 13-14, 2017)
  • Speaker, “The EU GDPR and International Dataflows – What, When, and Where Should You Be Now,” ACC-SFBA CLE Lunch Seminars (September 19-20, 2016)
  • Speaker, “Cybersecurity Law (NIS) and the GDPR Together: A Perfect Regulatory Storm?,” IAPP Privacy. Security. Risk., San Jose, CA (September 15, 2016)
  • Co-Presenter, “The General Data Protection Regulation (GDPR), its practical implications from the perspectives of a data controller and data processor, and what companies should be doing to prepare,” IAPP KnowledgeNet Boston (January 2016)
  • Co-Presenter, “Privacy—A Brand Value and Value to the Brand,” IAPP Europe Data Protection Intensive, London, UK (April 29-May1, 2014)
  • Co-Presenter, “Fraud Investigations & Navigating the European Legal Landscape,” ISMG Fraud Summit, London, UK (September 23, 2014)
  • Co-Presenter, “State of the Union for Global Data Privacy Regimes,” IAPP Global Privacy Summit, Washington DC (March 2013)
  • Co-Presenter, “Be Careful What You Wish For: Lessons Learned on Security Breach Response,” IAPP Europe: Data Protection Congress 2012, London, UK (November 13, 2012)
  • Contributor, “Law in Action,” BBC Radio 4


Ropes & Gray International LLP is a limited liability partnership registered in Delaware, United States of America and is a recognised body regulated by the Solicitors Regulation Authority (with registered number 52100).