Partners

David N. Alfred

Director, Corporate & Finance
Co-Head, Data Protection, Privacy & Cybersecurity
Co-Head and Programme Director, Drew Data Protection & Cybersecurity Academy

Key Practices

Qualifications

  • LL.B. (Hons), National University of Singapore (1997)
  • LL.M. in Intellectual Property and Technology Law, National University of Singapore (2004)
  • MBA, University of Chicago (2012)
  • Advocate & Solicitor, Singapore (1998)
  • Solicitor, England and Wales (2006) (non-practising)
  • Fellow of Information Privacy, International Association of Privacy Professionals
  • Certified Information Privacy Professional / Asia (CIPP/A)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Technologist (CIPT)
  • WSQ Advanced Certificate in Learning and Performance (ACLP)

David is Co-Head of the Drew & Napier’s Data Protection, Privacy and Cybersecurity Practice and Co-Head of the Drew Data Protection and Cybersecurity Academy.

David is a senior data protection, cybersecurity and technology lawyer with over 25 years’ experience advising on a broad range of matters relating to digital technology, telecommunications and the Internet. David is also an accomplished speaker and trainer who has spoken widely on global aspects of data protection, privacy and cybersecurity, development of data protection law in Southeast Asia, data protection management and compliance, AI regulation, digital trust, and various other technology-related topics.

Prior to joining the firm, David was the first Chief Counsel to Singapore’s Personal Data Protection Commission (from 2013 to 2020). He has also worked with Singapore’s Info-communications Media Development Authority and its predecessor, the Info-communications Development Authority of Singapore.

David’s experience includes a substantial stint as an in-house counsel and he has held General Counsel or equivalent positions for over 10 years. He is familiar with corporate governance, legal risk management and the development and management of the in-house legal function. He has been recognised as a Senior Accredited Specialist in Data & Digital Economy Law by the Singapore Academy of Law.

David has deep experience in data protection, privacy, cybersecurity and various aspects of regulation of digital technology and data. He has advised on the development, implementation and enforcement of data protection laws, data protection management and compliance, data breach management and response and competency and ecosystem development (amongst other areas).

David has also conducted courses and training sessions on data protection and cybersecurity for organisations in diverse sectors (for example, telecommunications, banking, insurance, media, retail, hospitality, manufacturing and government).

Some matters he has advised on include:

  • Public policy and development of data protection laws in Singapore and Brunei Darussalam
  • Numerous enforcement cases under Singapore’s Personal Data Protection Act 2012 (PDPA)
  • Cybersecurity incidents and data breaches in various sectors (for example, e-commerce, hospitality, healthcare, telecommunications and not-for-profit)
  • Cybersecurity reviews and audits for a wide range of systems and applications
  • Cross-border transfers of personal information, data transfer agreements and transfer impact assessments
  • Outsourcing of data processing activities including related contracts and security requirements
  • Compliance with the PDPA’s data protection, Do Not Call and accountability requirements
  • Development of data protection policies, notices and related documentation including regional and global policies
  • Classification of data, conduct of data inventories and maintaining records of data processing activities
  • Conduct of data protection impact assessments
  • Development of the data protection function and data protection management programme
  • Compliance requirements for Singapore’s Data Protection Trustmark
  • Compliance requirements for Singapore’s implementation of the Asia-Pacific Economic Cooperation (APEC) Cross-border Privacy Rules system (CBPRs) and Privacy Recognition for Processors system (PRPs)

The Legal 500 Asia Pacific

Data Protection and Cyber Security 2024 – Leading Individual

TMT 2024 – Recommended Lawyer for 4 consecutive years

  • “critical thinking, solid drafting and excellent legal strategy”
  • “David Alfred possesses a deep understanding of the nuances and intricacies of data protection and can be relied on to provide sound advice and practical guidance at each stage of the matter.”

Global Data Review 

GDR 100 2022 

  • “quickly analyse complex issues and provide robust analysis on compliance processes”

asialaw Leading Lawyers 2023/24 

  • “He is very knowledgeable, prompt, able to offer solutions, understands business concerns, practical, and has a good network with regulators.”

Best Lawyers International: Singapore

Telecommunications Law 2024 – Endorsed Individual

  • Senior Accredited Specialist (Data and Digital Economy Law), Singapore Academy of Law
  • Honorary Secretary, Digital Trust Chapter, SGTech
  • Adjunct Associate Professor, Faculty of Law, National University of Singapore
  • Member, Singapore Academy of Law
  • Member, Law Society of Singapore
  • Member, Law Society of England and Wales
  • Member, International Association of Privacy Professionals
  • Lim Chong Kin, David N. Alfred & Albert Pichlmaier, Chambers Global Practice Guide – Singapore: Cybersecurity (2021 – 2023)
  • Lim Chong Kin, David N. Alfred & Albert Pichlmaier, ICLG – Singapore: Cybersecurity (2021 – 2023)
  • David N. Alfred and Janice Lee, Individual Rights under the Amended Personal Data Protection Act: Balancing Individual Control and Organisational Accountability [2021] PDP Digest 205
  • World Legal Summit (WLS) Special Edition e-zine published by the Legal Business World Publications: Regulatory Developments in AI, Decentralised Technologies, Data Protection and Cybersecurity in the Asia-Pacific 2020
  • David N. Alfred & Lanx Goh, Cross-border Issues in Data Protection (Chapter) in Data Protection Law in Singapore, 2nd ed. (Singapore Academy of Law, 2018)
  • David N. Alfred, Development of Singapore Data Protection Law: International Influences and Local Needs [2017] PDP Digest 241