Nikolaos Theodorakis is a partner in the London and Brussels offices of Wilson Sonsini Goodrich & Rosati, where his practice focuses on privacy and cybersecurity. Nikolaos regularly counsels on matters of EU data protection law, GDPR compliance, UK GDPR preparedness, cybersecurity, advertising, and marketing and offers a full cycle of services that includes both non-contentious matters and investigations with supervisory authorities.
Nikolaos represents multinational companies across a wide range of industries, including technology, financial services, healthcare, hospitality, food and beverage, insurance, pharmaceuticals, chemicals, and automotive. He also works with start-ups and established companies in the EMEA region and, in particular, the EU and the UK. Having advised on a broad spectrum of corporate matters, Nikolaos has developed an expert insight into the increasing interplay between data protection, financial services (PSD2), competition law, and international trade law. He is at the forefront of advising on emerging privacy challenges on matters of AI, biotech, fintech, and blockchain.
In addition, Nikolaos is an associate professor of law at the University of Oxford, an assessor at the University of Cambridge, and a fellow at Stanford Law School, focusing on technology and intellectual property issues. Previously, Nikolaos taught and conducted research at the University of Cambridge, Harvard Law School, and Columbia Law School. He also gained professional experience at the U.S. Committee on Capital Markets Regulation, the Kluge Center at the U.S. Library of Congress, and the UK Ministry of Justice.
Nikolaos has received awards from several bodies, including the State Council of the People's Republic of China, the UK Economic and Social Research Council (ESRC), British Academy, and the Greek Parliament. He has been widely published and frequently receives invitations for public engagements, including guest lectures across the world, international symposia, and TEDx conferences.
Prior to joining the firm, Nikolaos was counsel in the Brussels office of Alston and Bird LLP. He also worked as an associate in the Brussels office of Sidley Austin LLP.
Nikolaos is fluent in English, Greek, and French.
Nikolaos Theodorakis is a partner in the London and Brussels offices of Wilson Sonsini Goodrich & Rosati, where his practice focuses on privacy and cybersecurity. Nikolaos regularly counsels on matters of EU data protection law, GDPR compliance, UK GDPR preparedness, cybersecurity, advertising, and marketing and offers a full cycle of services that includes both non-contentious matters and investigations with supervisory authorities.
Nikolaos represents multinational companies across a wide range of industries, including technology, financial services, healthcare, hospitality, food and beverage, insurance, pharmaceuticals, chemicals, and automotive. He also works with start-ups and established companies in the EMEA region and, in particular, the EU and the UK. Having advised on a broad spectrum of corporate matters, Nikolaos has developed an expert insight into the increasing interplay between data protection, financial services (PSD2), competition law, and international trade law. He is at the forefront of advising on emerging privacy challenges on matters of AI, biotech, fintech, and blockchain.
In addition, Nikolaos is an associate professor of law at the University of Oxford, an assessor at the University of Cambridge, and a fellow at Stanford Law School, focusing on technology and intellectual property issues. Previously, Nikolaos taught and conducted research at the University of Cambridge, Harvard Law School, and Columbia Law School. He also gained professional experience at the U.S. Committee on Capital Markets Regulation, the Kluge Center at the U.S. Library of Congress, and the UK Ministry of Justice.
Nikolaos has received awards from several bodies, including the State Council of the People's Republic of China, the UK Economic and Social Research Council (ESRC), British Academy, and the Greek Parliament. He has been widely published and frequently receives invitations for public engagements, including guest lectures across the world, international symposia, and TEDx conferences.
Prior to joining the firm, Nikolaos was counsel in the Brussels office of Alston and Bird LLP. He also worked as an associate in the Brussels office of Sidley Austin LLP.
Nikolaos is fluent in English, Greek, and French.
- PG.C., University of Oxford, 2015
- Ph.D., University of Cambridge, 2014
- PON, Harvard Law School, 2012
- LL.M., University College London, 2011
- M.Phil., University of Cambridge, 2010
- J.D., University of Athens, 2009
-
Selected for inclusion in the 2024-2026 editions of the Lawdragon’s 500 Leading Global Cyber Lawyers guide
-
Recognized as a key lawyer for privacy and data protection in the 2023-2024 editions of The Legal 500 EMEA
- Senior Legal Expert, European Commission (DG FISMA) for the completeness and conformity assessment of the Institutions for Occupational Retirement Provision Directive (IORPs) in the EU28 Member States, March 2019
- Senior Legal Expert, European Commission (DG FISMA) for the completeness and conformity assessment of the Insurance Distribution Directive (IDD) in the EU28 Member States, August 2018
- Senior Legal Expert, European Commission (DG FISMA) for the implementation of the Payment Services Directive II across the 28 EU Member States, June 2018
- Athens Bar Association
- Solicitor, England and Wales
- Brussels Bar E-List
- PG.C., University of Oxford, 2015
- Ph.D., University of Cambridge, 2014
- PON, Harvard Law School, 2012
- LL.M., University College London, 2011
- M.Phil., University of Cambridge, 2010
- J.D., University of Athens, 2009
-
Selected for inclusion in the 2024-2026 editions of the Lawdragon’s 500 Leading Global Cyber Lawyers guide
-
Recognized as a key lawyer for privacy and data protection in the 2023-2024 editions of The Legal 500 EMEA
- Senior Legal Expert, European Commission (DG FISMA) for the completeness and conformity assessment of the Institutions for Occupational Retirement Provision Directive (IORPs) in the EU28 Member States, March 2019
- Senior Legal Expert, European Commission (DG FISMA) for the completeness and conformity assessment of the Insurance Distribution Directive (IDD) in the EU28 Member States, August 2018
- Senior Legal Expert, European Commission (DG FISMA) for the implementation of the Payment Services Directive II across the 28 EU Member States, June 2018
- Athens Bar Association
- Solicitor, England and Wales
- Brussels Bar E-List
Select Representations
- Advised multinational companies in a wide range of sectors (e.g., logistics, technology, hospitality, financial services, food and beverage, insurance services, start-ups, online marketing, cloud computing services, healthcare, chemicals, automotive, etc.) on issues of EU data protection law, privacy, and cybersecurity
- Governed projects on GDPR compliance, including issues of external facing and internal facing policies, vendor management, information security policies, system inventory and supervisory authority facing records, data subject rights management, consent management, incident response plan, data protection officer appointment, and audit procedures
- Advised companies on data breach classification and response, and communication with supervisory authorities and data subjects
- Advised corporations on marketing issues, e-commerce, and profiling based on the ePrivacy Directive and the upcoming ePrivacy Regulation
- Advised companies on Privacy Shield Certification and alternative adequate data transfer mechanisms
- Counselled clients regarding supervisory authority investigations and queries on GDPR compliance
- Managed projects on cross-border corporate transactions and regulatory issues
- Counselled a number of firms from financial services on potential mergers and related issues of PSD, PSD2, and the eMoney Directive
- Advised companies from the technological and medical sector regarding regulatory compliance and data privacy, including issues on GDPR
- Advised a company from the health sector regarding potential application for Binding Corporate Rules (BCR)
- Advised on regulatory compliance and data protection issues companies from the pharmaceutical, cosmetics, technology, and banking services sectors
Select Representations
- Advised multinational companies in a wide range of sectors (e.g., logistics, technology, hospitality, financial services, food and beverage, insurance services, start-ups, online marketing, cloud computing services, healthcare, chemicals, automotive, etc.) on issues of EU data protection law, privacy, and cybersecurity
- Governed projects on GDPR compliance, including issues of external facing and internal facing policies, vendor management, information security policies, system inventory and supervisory authority facing records, data subject rights management, consent management, incident response plan, data protection officer appointment, and audit procedures
- Advised companies on data breach classification and response, and communication with supervisory authorities and data subjects
- Advised corporations on marketing issues, e-commerce, and profiling based on the ePrivacy Directive and the upcoming ePrivacy Regulation
- Advised companies on Privacy Shield Certification and alternative adequate data transfer mechanisms
- Counselled clients regarding supervisory authority investigations and queries on GDPR compliance
- Managed projects on cross-border corporate transactions and regulatory issues
- Counselled a number of firms from financial services on potential mergers and related issues of PSD, PSD2, and the eMoney Directive
- Advised companies from the technological and medical sector regarding regulatory compliance and data privacy, including issues on GDPR
- Advised a company from the health sector regarding potential application for Binding Corporate Rules (BCR)
- Advised on regulatory compliance and data protection issues companies from the pharmaceutical, cosmetics, technology, and banking services sectors
Select Publications
-
Co-author, “EDPB Issues First Guidelines on the Interplay Between the Digital Services Act and the GDPR,” Wilson Sonsini Alert, September 22, 2025
-
Co-author, “UK Introduces New Legislation Amending Privacy Laws,” Wilson Sonsini Alert, July 1, 2025
- Co-author, “The UK’s Online Child Safety Duties Are Coming into Force: Steps to Take Now,” Wilson Sonsini Alert, April 25, 2025
- Co-author, “Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements,“ Wilson Sonsini Alert, January 24, 2025
- Co-author, “The UK’s Online Safety Regime Is Coming into Force: Steps to Take Now,“ Wilson Sonsini Alert, January 23, 2025
-
Co-author, “DORA: New EU Cybersecurity Requirements for the Financial Sector Enter into Force,” Wilson Sonsini Alert, January 17, 2025
- Co-author, "UK Brings Forward Bill to Reform UK Privacy Laws," Wilson Sonsini Alert, November 5, 2024
- Co-author, “EU Lawmakers Reach Political Agreement on the AI Act,” Wilson Sonsini Alert, December 11, 2023
- Co-author, “Flagship Online Safety Bill Moves Closer to Enactment in the UK: Who Will Be in Scope and What Will It Require?” Wilson Sonsini Alert, October 10, 2023
- Co-author, “UK-U.S. Data Bridge Commencement Date Announced,” Wilson Sonsini Alert, September 22, 2023
- Co-author, “EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified,” Wilson Sonsini Alert, July 10, 2023
- Co-author, “European Commission Proposes New Rules on Financial Data Access and Use,” Wilson Sonsini Alert, July 6, 2023
- Co-author, “Europe Prepares for a New Era in AI Regulation,” Wilson Sonsini Alert, June 15, 2023
- Co-author, “European Commission Seeks Companies' Input on GDPR Enforcement,” Wilson Sonsini Alert, March 7, 2023
- Co-author, “EU Regulators Adopt Opinion on Draft EU-U.S. Data Privacy Framework,” Wilson Sonsini Alert, March 3, 2023
- Co-author, “CJEU Finds That Companies Must Provide Individuals with the Identity of Data Recipients When Responding to Data Access Requests,” Wilson Sonsini Alert, January 27, 2023
- Co-author, “EU Court Opinion: Competition Authorities May Consider Data Protection Breaches in Their Investigations,” Wilson Sonsini Alert, November 10, 2022
- Co-author, “President Biden Signs Executive Order to Implement the New EU-U.S. Data Privacy Framework,” Wilson Sonsini Alert, October 10, 2022
- Co-author, “Council of the EU Adopts Its Text on the ePrivacy Regulation,” Wilson Sonsini Alert, March 5, 2021
- Co-author, “European Commission Proposes New Rules for Digital Platforms,” Wilson Sonsini Alert, January 12, 2021
- Co-author, “EDPB Issues Guidelines on Social Media Targeting Under GDPR,” Wilson Sonsini Alert, September 15, 2020
- Co-author, “Initial Reaction of European Data Protection Regulators to Schrems 2.0 Judgment,” Wilson Sonsini Alert, July 22, 2020
- Author, “ECJ Invalidates EU-U.S. Privacy Shield and Upholds the Standard Contractual Clauses,” Wilson Sonsini Alert, July 17, 2020
- Co-author, “Schrems 2.0: AG Opines That Data Transfers to U.S. Are Valid Under Standard Contractual Clauses,” Wilson Sonsini Alert, December 20, 2019
- “Blockchain Technology Regulatory Standards in the EU and the US: Smooth Sailing, or Iceberg Ahead?" Stanford-Vienna Transatlantic Technology Law Forum (TTLF)
- "The European Commission Issues Draft Legislation on E-Evidence," Stanford-Vienna Transatlantic Technology Law Forum (TTLF), Working Paper No. 33
- "The Use of Cryptocurrencies for Illicit Activities and relevant Legislative Initiatives," The Art of Crime, November 2018
- "The 2018 Buzzword: 'GDPR,' and how it practically affects corporations in the EU and the U.S.," Stanford-Vienna Transatlantic Technology Law Forum (TTLF), Working Paper No. 32, February 2018
- "Legitimacy, effectiveness, and alternative nature of sanctioning procedures in the UN Sanctions Committees and the EU Common Foreign and Security Policy Council" chapter, Intersentia
- "The Limits of Criminal Law, The intersection between criminal and administrative law," chapter, Intersentia, December 2017
- "UK Introduces Draft Data Protection Bill," Cyberspace Lawyer, Thomson Reuters, October 2017
- "Digital Market Liberalization in the EU and the U.S.: Where competition law, trade law, and privacy meet," Stanford-Vienna Transatlantic Technology Law Forum (TTLF), Working Paper No. 30, September 2017
- "The UK issues guidance on GDPR consent," Transatlantic Antitrust and IPR Developments, Stanford Law School, March 2017
- "EU Commission Publishes a Preliminary Report on the E-Commerce Sector Inquiry," Transatlantic Antitrust and IPR Developments, Stanford Law School, November 2016
- Co-author, "Dispute Resolution Mechanism for the Belt and Road," Blue Book, International Academy of the Belt and Road, September 2016
- "Liberalization of Trade in Technology-Related Services in the EU and the US: Unraveling the Gordian Knot of Regulatory Challenges and the Use of Open Data," Stanford-Vienna Transatlantic Technology Law Forum (TTLF), Working Paper No. 24, August 2016
- "Corruption Risk Assessment Tools in Customs and Trade," OECD Integrity Forum Winning Academic Papers Series, April 2016
- "The UNCITRAL Rules of Transparency as a Tool against Institutional Corruption," Amicus Curiae, Issue 102, Spring 2016, April 2016
- "Transparency in Investor-State Dispute Settlement: Law, Practice, and Emerging Tools Against Institutional Corruption, Monograph published by the Center for Ethics," Harvard University Law School, June 2015
Select Speaking Engagements
- Panelist, “From Standard Contractual Clauses to Data Free Flow with Trust: The Latest on Data Transfers,” Brussels Privacy Hub, November 28, 2024
- Moderator, “The Ecosystem of New Data Regulations in Europe: What’s the scoop?” IAPP KnowledgeNet Meeting, November 10, 2022
- Panelist, “Practicalities of Compliance with EU International Transfer Rules following Schrems II,” Privacy Salon’s CPDP 2021, January 27, 2021
- External Examiner, Kuwait International Law School, May 2018
- International Consultant, Technical Support on Anti-Corruption in Greece, OECD, June 2017
- TEDxKomotini Speaker, "Suggestions to Restart Greece," May 2017
- Guest Lecturer, University of Buenos Aires, Pontifical Catholic University of Chile, University of Montevideo, Javeriana University Bogota, and University of Piura Lima, 2017
- International Consultant and Legal Trainer, United Nations Interregional Crime and Justice Research Institute (UNICRI), May 2016
- Appointed Arbitrator, Hangzhou International Arbitration Court, China, April 2016
- Rapporteur, Belt and Road (B&R) Initiative, February 2016
- TEDxChania Speaker, "Engaging Communities and Fighting Inequality," June 2015
- Country Assessor and Peer Reviewer, Transparency International, Government Defense Anti-Corruption Index, March 2014
Select Publications
-
Co-author, “EDPB Issues First Guidelines on the Interplay Between the Digital Services Act and the GDPR,” Wilson Sonsini Alert, September 22, 2025
-
Co-author, “UK Introduces New Legislation Amending Privacy Laws,” Wilson Sonsini Alert, July 1, 2025
- Co-author, “The UK’s Online Child Safety Duties Are Coming into Force: Steps to Take Now,” Wilson Sonsini Alert, April 25, 2025
- Co-author, “Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements,“ Wilson Sonsini Alert, January 24, 2025
- Co-author, “The UK’s Online Safety Regime Is Coming into Force: Steps to Take Now,“ Wilson Sonsini Alert, January 23, 2025
-
Co-author, “DORA: New EU Cybersecurity Requirements for the Financial Sector Enter into Force,” Wilson Sonsini Alert, January 17, 2025
- Co-author, "UK Brings Forward Bill to Reform UK Privacy Laws," Wilson Sonsini Alert, November 5, 2024
- Co-author, “EU Lawmakers Reach Political Agreement on the AI Act,” Wilson Sonsini Alert, December 11, 2023
- Co-author, “Flagship Online Safety Bill Moves Closer to Enactment in the UK: Who Will Be in Scope and What Will It Require?” Wilson Sonsini Alert, October 10, 2023
- Co-author, “UK-U.S. Data Bridge Commencement Date Announced,” Wilson Sonsini Alert, September 22, 2023
- Co-author, “EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified,” Wilson Sonsini Alert, July 10, 2023
- Co-author, “European Commission Proposes New Rules on Financial Data Access and Use,” Wilson Sonsini Alert, July 6, 2023
- Co-author, “Europe Prepares for a New Era in AI Regulation,” Wilson Sonsini Alert, June 15, 2023
- Co-author, “European Commission Seeks Companies' Input on GDPR Enforcement,” Wilson Sonsini Alert, March 7, 2023
- Co-author, “EU Regulators Adopt Opinion on Draft EU-U.S. Data Privacy Framework,” Wilson Sonsini Alert, March 3, 2023
- Co-author, “CJEU Finds That Companies Must Provide Individuals with the Identity of Data Recipients When Responding to Data Access Requests,” Wilson Sonsini Alert, January 27, 2023
- Co-author, “EU Court Opinion: Competition Authorities May Consider Data Protection Breaches in Their Investigations,” Wilson Sonsini Alert, November 10, 2022
- Co-author, “President Biden Signs Executive Order to Implement the New EU-U.S. Data Privacy Framework,” Wilson Sonsini Alert, October 10, 2022
- Co-author, “Council of the EU Adopts Its Text on the ePrivacy Regulation,” Wilson Sonsini Alert, March 5, 2021
- Co-author, “European Commission Proposes New Rules for Digital Platforms,” Wilson Sonsini Alert, January 12, 2021
- Co-author, “EDPB Issues Guidelines on Social Media Targeting Under GDPR,” Wilson Sonsini Alert, September 15, 2020
- Co-author, “Initial Reaction of European Data Protection Regulators to Schrems 2.0 Judgment,” Wilson Sonsini Alert, July 22, 2020
- Author, “ECJ Invalidates EU-U.S. Privacy Shield and Upholds the Standard Contractual Clauses,” Wilson Sonsini Alert, July 17, 2020
- Co-author, “Schrems 2.0: AG Opines That Data Transfers to U.S. Are Valid Under Standard Contractual Clauses,” Wilson Sonsini Alert, December 20, 2019
- “Blockchain Technology Regulatory Standards in the EU and the US: Smooth Sailing, or Iceberg Ahead?" Stanford-Vienna Transatlantic Technology Law Forum (TTLF)
- "The European Commission Issues Draft Legislation on E-Evidence," Stanford-Vienna Transatlantic Technology Law Forum (TTLF), Working Paper No. 33
- "The Use of Cryptocurrencies for Illicit Activities and relevant Legislative Initiatives," The Art of Crime, November 2018
- "The 2018 Buzzword: 'GDPR,' and how it practically affects corporations in the EU and the U.S.," Stanford-Vienna Transatlantic Technology Law Forum (TTLF), Working Paper No. 32, February 2018
- "Legitimacy, effectiveness, and alternative nature of sanctioning procedures in the UN Sanctions Committees and the EU Common Foreign and Security Policy Council" chapter, Intersentia
- "The Limits of Criminal Law, The intersection between criminal and administrative law," chapter, Intersentia, December 2017
- "UK Introduces Draft Data Protection Bill," Cyberspace Lawyer, Thomson Reuters, October 2017
- "Digital Market Liberalization in the EU and the U.S.: Where competition law, trade law, and privacy meet," Stanford-Vienna Transatlantic Technology Law Forum (TTLF), Working Paper No. 30, September 2017
- "The UK issues guidance on GDPR consent," Transatlantic Antitrust and IPR Developments, Stanford Law School, March 2017
- "EU Commission Publishes a Preliminary Report on the E-Commerce Sector Inquiry," Transatlantic Antitrust and IPR Developments, Stanford Law School, November 2016
- Co-author, "Dispute Resolution Mechanism for the Belt and Road," Blue Book, International Academy of the Belt and Road, September 2016
- "Liberalization of Trade in Technology-Related Services in the EU and the US: Unraveling the Gordian Knot of Regulatory Challenges and the Use of Open Data," Stanford-Vienna Transatlantic Technology Law Forum (TTLF), Working Paper No. 24, August 2016
- "Corruption Risk Assessment Tools in Customs and Trade," OECD Integrity Forum Winning Academic Papers Series, April 2016
- "The UNCITRAL Rules of Transparency as a Tool against Institutional Corruption," Amicus Curiae, Issue 102, Spring 2016, April 2016
- "Transparency in Investor-State Dispute Settlement: Law, Practice, and Emerging Tools Against Institutional Corruption, Monograph published by the Center for Ethics," Harvard University Law School, June 2015
Select Speaking Engagements
- Panelist, “From Standard Contractual Clauses to Data Free Flow with Trust: The Latest on Data Transfers,” Brussels Privacy Hub, November 28, 2024
- Moderator, “The Ecosystem of New Data Regulations in Europe: What’s the scoop?” IAPP KnowledgeNet Meeting, November 10, 2022
- Panelist, “Practicalities of Compliance with EU International Transfer Rules following Schrems II,” Privacy Salon’s CPDP 2021, January 27, 2021
- External Examiner, Kuwait International Law School, May 2018
- International Consultant, Technical Support on Anti-Corruption in Greece, OECD, June 2017
- TEDxKomotini Speaker, "Suggestions to Restart Greece," May 2017
- Guest Lecturer, University of Buenos Aires, Pontifical Catholic University of Chile, University of Montevideo, Javeriana University Bogota, and University of Piura Lima, 2017
- International Consultant and Legal Trainer, United Nations Interregional Crime and Justice Research Institute (UNICRI), May 2016
- Appointed Arbitrator, Hangzhou International Arbitration Court, China, April 2016
- Rapporteur, Belt and Road (B&R) Initiative, February 2016
- TEDxChania Speaker, "Engaging Communities and Fighting Inequality," June 2015
- Country Assessor and Peer Reviewer, Transparency International, Government Defense Anti-Corruption Index, March 2014
Fellowships
- Honorary Fellow, State Council of People’s Republic of China—Belt and Road Initiative
- Visiting Scholar, Berkeley Law School
- Visiting Fellow, Georgetown Law School
- Fellow, Stanford Law School
- Fellow, Harvard Law School
- Fellow, Queen Mary University of London
- Visiting Research Fellow, British Institute of Comparative and International Law
- Visiting Research Fellow, Max Planck Institute for Foreign and International Criminal Law
- Visiting Fellow, Institute of Advanced Legal Studies
- Visiting Scholar, Columbia University School of Law
Fellowships
- Honorary Fellow, State Council of People’s Republic of China—Belt and Road Initiative
- Visiting Scholar, Berkeley Law School
- Visiting Fellow, Georgetown Law School
- Fellow, Stanford Law School
- Fellow, Harvard Law School
- Fellow, Queen Mary University of London
- Visiting Research Fellow, British Institute of Comparative and International Law
- Visiting Research Fellow, Max Planck Institute for Foreign and International Criminal Law
- Visiting Fellow, Institute of Advanced Legal Studies
- Visiting Scholar, Columbia University School of Law
- Privacy Policy
- Terms of Use
- Accessibility