David Whelan
Privacy made practical.
I help organisations turn data protection from a compliance headache into a working business function. No jargon, no theatre — just programmes that hold up.
About
I help organisations navigate data protection law and turn it into something that works day-to-day. With a background in legal practice and years advising financial services and healthcare clients, I bring a practical, business-minded approach to GDPR compliance.
My work spans the full scope of privacy operations — building frameworks, running impact assessments, managing incident response, and engaging with supervisory authorities. Before moving into data protection full-time, I practised as a solicitor, giving me a strong foundation in risk, contracts, and regulatory compliance. I'm a certified CIPP/E and Europrivacy Implementer.
Experience
Serving as Data Protection Officer for Ireland's national public service broadcaster, overseeing GDPR compliance across the organisation. Responsible for advising on data protection obligations, conducting impact assessments, managing data subject rights requests, and acting as the point of contact with the Data Protection Commission.
Led privacy operations for clients in financial services and healthcare. Acted as outsourced DPO, conducted data protection assessments, managed high-risk incident response, and served as the point of contact with the Data Protection Commission for a pillar bank.
Developed GDPR compliance strategies for SMEs, drafted data protection policies and controller/processor agreements, and led data breach incident planning. Also practised in corporate law, litigation, and employment law.
Credentials
Get in touch
Have a data protection challenge? Let's talk about what practical support looks like for your organisation.