Rohan Massey


  • LPC (Pass), College of Law, London, 1998
  • Post Graduate Diploma in Law (Pass), City University, London, 1997
  • BA (Hons), University College London, 1994


  • England and Wales, Solicitor, 2000
  • Member, Editorial Board, E-Commerce Law and Policy
  • Secretary, Commercial Law Committee, City of London Law Society
  • Member Association of International Privacy Professionals
  • Member, Data Protection Forum UK
  • Legal 500 2016
  • World Trademark Review 1000 2016-2017 – recognized as being a “licensing and IP transactions cognoscente” who “manoeuvres shrewdly in the heavily regulated alcoholic beverage sector and backs up his IP know-how with expertise in ancillary areas such as privacy”.
  • World Trademark Review 1000 2014 – recognized as a ‘….mastermind’ with commentators lauding Rohan’s “deep understanding of the relevant law and ability to apply it in a practical way – he speaks in plain English and is approachable and energetic”.
  • Chambers UK 2013 – recognized as an “up and coming” individual
  • World Trademark Review 1000 2012 – described as being a “well-versed IP lawyer providing superb advice on difficult points” who “understands the commercial context well and knows the law extremely thoroughly”.
  • Chambers UK 2012 - ranked as a leader in his field based on his excellent reputation in the commercialisation of IP, his straightforward approach is described by clients as “to the point and business-focused; he combines a brief overview with sound advice, not reams of legal opinions.”
  • Legal 500 UK 2011 - recommended his focus on commercial IP, he is described as “approachable, friendly and knowledgeable”

Rohan Massey


Rohan Massey is a leader of the firm’s Data, Privacy and Cybersecurity practice and focuses his practice on data protection, data security, e-commerce, and IT. As well as advising on complex global data protection and security compliance programs, Rohan also advises on issues of risk and value in relation to data and intellectual property in corporate transactions. Rohan’s expertise focuses on the intersection of the extra-territorial scope of national data protection laws and data transfer issues for multinational organisations.  Rohan has advised on a number of leading breach data management cases, and has assisted clients in successfully obtaining BCR approval from EU regulators. His industry-focused expertise covers asset management and financial services; life sciences and clinical trials; as well as media, sponsorship, advertising, sales promotions, and intellectual property issues, marketing issues in the sports apparel and food and drink sectors. His client base is international in scope, as he works extensively across Europe, the U.S. and Asia.

Rohan has recently been elected to Chair of the Sedona Conference’s 12th Annual Sedona Conference International Programme, and sits on The Sedona Conference’s WG 11. The mission of WG11 is to identify and comment on trends in data security and privacy law, in an effort to help organizations prepare for and respond to data breaches, and to assist attorneys and judicial officers in resolving questions of legal liability and damages.

Rohan is also the Secretary of the City of London Law Society Commercial Committee, and a member and active participant of the IAPP, having spoken at numerous conferences and events.

Rohan regularly writes for various industry publications. He is also a member of the editorial board of E-Commerce Law and Policy.

Articles Rohan has authored or co-authored include: “The UK’s Proposed Framework Code of Practice for Sharing Information,” World Data Protection Report; “Transfers of Clinical Research Data from the European Union to the United States,” BNA’s Medical Research Law and Policy Report; “The Growing Concerns of Identity Theft,” Electronic Business Law; “Sales Promotion in The International Sales and Marketing Practice,” Practical Law Company; “Ambush Marketing,” International Chamber of Commerce UK Handbook; “The Distance Marketing of Financial Services – A UK Overview,” Journal of Financial Services Marketing. Rohan also contributes to “Law in Action” on BBC Radio 4. World Trademark Review 1000 2016 – Recognized Rohan as being a “licensing and IP transactions cognoscente” who “manoeuvres shrewdly in the heavily regulated alcoholic beverage sector and backs up his IP know-how with expertise in ancillary areas such as privacy.”


  • Acting for Integrated Media Company (IMC), a TPG platform dedicated to the new media ecosystem, on the acquisition of a majority stake in Goal from the DAZN Group
  • Acting for Bain Capital on its acquisition of NGA UK, a UK payroll and HR Business from NGA Human Resources
  • A UK client on the handling and reporting of a data breach relating to a customer database, which lead to the arrest of an individual charged with a criminal offence under the UK’s Data Protection Act
  • A multinational client on global data privacy strategies, as well as drafting and implementing data privacy policies and procedures
  • Oakley Capital on the acquisition of TechInsights, a technology patent analysis business
  • Various international banks, multinationals and internet start-ups on e-commerce compliance audits and advising on website creation and disclaimers, online contracting and digital distribution as well as e-procurement, outsourcing and security issues
  • On the intellectual property and technology issues arising in corporate transactions ranging from public market flotations to sale and acquisition of business
  • Corporate clients on the structuring of intra-group licensing to maximise the commercial benefit from the exploitation of group-wide and subsidiary based intellectual property
  • On promotion and marketing matters, including promotions and labelling, as well as trademarks, copyright, licensing and distribution issues
  • Major sports teams and events in negotiating sponsorship deals



  • Panelist, “Governance,” London Stock Exchange: Issuer Services Cyber Security Masterclass, London, UK (October 24, 2018) 
  • Presenter, “Data Governance: Reducing Proprietary & Sensitive Data Risks,” Assent Compliance Supply Chain Summit, London, UK (September 26, 2018)
  • Panelist, “International data security and privacy developments: EU, South America, APAC and Canada,” The Sedona Conference: Working Group 11 Midyear Meeting 2018, Los Angeles, CA (September 13, 2018)
  • Presenter, “Networked Medical Devices and Current Security Risks,” Ropes & Gray Webinar (July 16, 2018)
  • Panelist, “The Full Implementation of the EU General Data Protection Regulation (GDPR): Implementation Challenges and New Guidance,” The 10th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws, Budapest, Hungary (June 18, 2018)
  • Panelist, “Worldwide Trends in Class Action Litigation: Leveraging Global Experience in a Locally Changing Landscape,” Ropes & Gray Privacy & Cybersecurity Summit, New York, NY (February 8, 2018) 
  • Speaker, “Complying With the EU GDPR Requirements in Clinical Trials,” Ropes & Gray Roundtable Discussion (December 2017)
  • Panelist, “Practical considerations and impact of the proposed E-privacy Regulation,” Thomson Reuters Future of Data Protection Conference, London, UK (October 5, 2017) 
  • Presenter, “The Ever-Changing Privacy and Cybersecurity Landscape and its Impact on Health Care Companies,” Ropes & Gray Webinar (July 20, 2017) 
  • Moderator, “The Ever-Changing Privacy and Cybersecurity Landscape and its Impact on Private Equity Firms,” Ropes & Gray Roundtable (May 9-10, 2017)
  • Moderator, “How to GDPR-ify Your Vendor Management Program,” IAPP Global Privacy Summit (April 20, 2017)
  • Moderator, “OBA: All Cards on the Table or Is There Too Much that Cannot Stand in the Daylight?” Forum on International Privacy Law, Konigstein, Germany (March 22, 2017)
  • Moderator, “Cybersecurity – the reality, the challenge and the May ’18 deadline,” Enterprise GC (March 13-14, 2017)
  • Speaker, “The EU GDPR and International Dataflows – What, When, and Where Should You Be Now,” ACC-SFBA CLE Lunch Seminars (September 19-20, 2016)
  • Speaker, “Cybersecurity Law (NIS) and the GDPR Together: A Perfect Regulatory Storm?,” IAPP Privacy. Security. Risk., San Jose, CA (September 15, 2016)
  • Co-Presenter, “The General Data Protection Regulation (GDPR), its practical implications from the perspectives of a data controller and data processor, and what companies should be doing to prepare,” IAPP KnowledgeNet Boston (January 2016)
  • Co-Presenter, “Privacy—A Brand Value and Value to the Brand,” IAPP Europe Data Protection Intensive, London, UK (April 29-May1, 2014)
  • Co-Presenter, “Fraud Investigations & Navigating the European Legal Landscape,” ISMG Fraud Summit, London, UK (September 23, 2014)
  • Co-Presenter, “State of the Union for Global Data Privacy Regimes,” IAPP Global Privacy Summit, Washington DC (March 2013)
  • Co-Presenter, “Be Careful What You Wish For: Lessons Learned on Security Breach Response,” IAPP Europe: Data Protection Congress 2012, London, UK (November 13, 2012)
  • Contributor, “Law in Action,” BBC Radio 4


Ropes & Gray International LLP is a limited liability partnership registered in Delaware, United States of America and is a recognised body regulated by the Solicitors Regulation Authority (with registered number 52100).
  • LPC (Pass), College of Law, London, 1998
  • Post Graduate Diploma in Law (Pass), City University, London, 1997
  • BA (Hons), University College London, 1994
Cookie Settings