Tuğhan Thuraisingam, partner at DWF, discusses his unconventional journey into law, the importance of client exposure, developing the next generation of data protection experts and the impact of AI on the legal sector
As privacy, security, and regulatory landscapes evolve at a rapid pace, data protection lawyers are navigating unprecedented challenges. At the forefront is Tuğhan Thuraisingam, a partner at DWF’s London office, where he leads in the firm’s data protection and cyber security practice. In an interview with Legal Cheek Careers, Tuğhan discussed his unique career journey, the complex task of embedding data protection within organisations, his views on how AI is transforming the way legal services are delivered and DWF’s newly launched “Data Protection Extend & Accelerate” service which is paving the way for the next generation of data protection experts.
Early career: the twists and turns
Tuğhan’s path to data protection wasn’t a straightforward one. With roots stretching from Turkey to Malaysia, his early experiences across different cultures fuelled his interest in international opportunities. Initially seeing himself in shipping, he pursued his law degree at the University of Southampton, a university known for its maritime law courses. Despite his strong international ambitions, securing a training contract was no easy feat. Faced with a competitive job market and a limited network, he took an unconventional route, pursuing work experience in Germany while living with his parents.
Looking back on his early career, Tuğhan laughs, saying, “I took on any work experience I could find!” Through persistence and a chance meeting with the founder of a German law firm during a two-week internship, he eventually secured a paralegal role in litigation at the London office of an international law firm. His exposure to data protection work there was a fortunate twist. “They had a fantastic data protection team that got me involved in their work, and this was before the General Data Protection Regulation (GDPR) had been introduced, so the subject matter wasn’t as high-profile at the time,” he recalls.
What started as a general interest soon evolved into a passion, particularly as he found himself dealing directly with clients and helping them interpret evolving data protection regulations. “I just got exposed to a lot of client-facing work very early on as a paralegal,” he says, adding that this early responsibility built both his confidence and his interest in data protection. “As I started getting more and more involved in data protection law, my interest in pursuing a career in shipping started to fade away,” he reflects.
From a budding shipping lawyer to now specialising in data protection, Tuğhan draws the parallels between the two. “Like shipping law, which governs the trade of physical goods globally, data protection governs the trade of information.” So, do you think data protection is the internet’s equivalent of shipping law? I ask. “Pretty much, yes,” he replies. “If you think about the development of shipping, it’s always been about facilitating global trade. The systems and technologies that process our data operates in a similar way — it enables and facilitates a huge portion of trade across various industries and economies. But most importantly, it’s crucial in the digital age we now live in from the delivery of products and services through to the way we build relationships and communicate via channels such as social media — everything is interconnected in this highly digital world.”
The importance of ‘operationalising’ data protection
Tuğhan subsequently moved to the legal arm of a Big 4 accountancy firm where he secured a training contract and qualified into the firm’s data protection & cyber security team at a time when organisations were getting prepared for the GDPR. “It was during this period where I was exposed to working with multi-disciplinary teams in areas such as consulting, strategy and project management to help clients navigate the operational outcomes that the GDPR was introduced to achieve. This required me to think about data protection compliance more holistically and made me a better lawyer”, he recalls.
Now a partner in DWF’s data protection & cyber security team, Tuğhan continued to explain how the complexities of data protection go far beyond legal interpretations; it’s about making those interpretations actionable for clients. For example, the GDPR mandates organisations to implement appropriate security measures to safeguard personal data, but it doesn’t specify these measures nor does it precisely dictate how organisations should implement them. “Part of our role is not only the legal side, but actually making regulation ‘live’ inside each organisation”, Tuğhan says.
His team’s work in operationalising data protection often involves close collaboration with clients’ technology, product and innovation teams, guiding them on achieving compliance with the requirements in a manner that still meets business objectives. This business-centric approach, he believes, is critical for anyone interested in this area of law. “If you really want to be a good practitioner in this space,” he advises, “you have to apply a pragmatic, commercial lens to guide clients through the complexities and ‘grey areas’ of data protection law.”
The “operationalising” aspect of data protection became especially prominent as the GDPR came into effect, prompting companies to create large programmes of work to overhaul their data protection policies, procedures and processes to meet the regulation’s requirements in a manner that reflected the way in which personal data were being handled in day-to-day business operations. From issues such as incident response, facilitating data subject rights requests, third party supplier management and international transfers of personal data, Tuğhan and his team help clients navigate a host of operational challenges to ensure compliance without stifling business innovation.
Beyond the day-to-day legal, strategic and consulting work, Tuğhan’s team is deeply involved in contentious data protection matters, including high-profile data breach cases. One notable example is the landmark Morrisons case, where DWF acted for Wm Morrison Supermarkets in their successful defence of a group action for vicarious liability arising out of a mass employee data theft carried out by a rogue employee — the first mass data breach claim of its kind before the Supreme Court.
With the stakes high in data breaches and regulatory compliance, Tuğhan’s team provides crucial support to clients as they work to address these incidents, manage reputational risks, and ultimately navigate the complex legal landscape around data protection.
Data Protection Extend & Accelerate: developing the next generation of experts
As the privacy field evolves, Tuğhan and his team are committed to cultivating the next generation of data protection experts. Recognising a growing demand for privacy-savvy professionals, DWF has launched an initiative called Data Protection Extend & Accelerate. This programme offers solicitor apprentices, paralegals, and other entry-level professionals intensive training in data protection, preparing them for certifications like the IAPP’s Certified Information Privacy Professional Europe (CIPP/E) and helping them secure on-site client secondments.
This initiative, he notes, not only addresses a crucial need within the data protection market but also provides valuable on-the-ground experience for young professionals, helping them gain the practical skills needed to operate in a business environment. “We realised that clients face pressure in terms of cost and in-house staffing,” he says. “With this programme, we’re able to provide a low-cost, quality assured solution while also giving young professionals the chance to work with clients early in their careers. It’s also part of our team’s Diversity & Inclusion initiative — at its core, we are supporting alternative career pathways for juniors into the legal and data protection profession.”
The firm’s approach has garnered positive feedback, and Tuğhan is excited to see how it will shape the careers of those entering the data protection space. “Clients become invested in the juniors’ careers,” he says, noting that this collaborative atmosphere benefits both clients and emerging legal talent alike.
AI: will it change the way legal services are delivered?
Amid the recent surge in AI technologies, Tuğhan acknowledges its potential to disrupt the legal profession—though not necessarily in the ways people might expect. While some might fear that AI will replace lawyers, Tuğhan is more optimistic. “Yes, it may replace some automated work, but I don’t think it will remove lawyers altogether,” he says. Instead, he believes that those who learn to work with AI tools will gain a competitive edge.
“Clients still want human interaction,” he emphasises. The human touch, he argues, is irreplaceable, particularly when it comes to the nuances of client service, empathy, and building trust—qualities that AI cannot replicate. “It’s still a people business. People want to work with people… it’s about how you deliver your services, not just what you know,” he adds, affirming that AI is more likely to augment than replace human interactions in law.
However, the rise of AI also poses unique challenges for data protection lawyers. With clients increasingly utilising AI for data processing, Tuğhan’s team must grapple with issues like transparency, data quality, and algorithmic bias. He points out that the EU has been proactive in addressing these concerns through the EU AI Act, a regulatory framework aimed at governing AI systems and models. Meanwhile, the UK has yet to adopt a similar approach, leaving open questions about how AI will be regulated domestically.
A message to aspiring lawyers
Tuğhan’s final message to aspiring lawyers is one of curiosity and depth. Reflecting on his own journey, he acknowledges that the term “commercial awareness” often gets used as a buzzword, but he believes it’s about much more than surface-level knowledge. “Having an intellectual curiosity about how the world works — especially how politics, law, and technology intersect — is key,” he advises.
For those interested in data protection, he suggests looking beyond headlines to explore how developments in emerging technologies such as AI, political shifts, and legislative changes will shape the future. “If someone can connect these dots,” he says, “they’ll stand out in a field that’s only getting more complex and interesting.”
DWF will be speaking at ‘The Big Commercial Awareness Themes of 2024-25 — with DWF, Goodwin Procter, Irwin Mitchell, Lewis Silkin, Morrison Foerster, TLT and ULaw’, a virtual student event taking place THIS AFTERNOON (Tuesday 12 November). Apply now to attend.
About Legal Cheek Careers posts.
