Vincent Rezzouk-Hammachi

I am a Privacy, Data & AI Law partner of Bird & Bird in the UK, and co-manager of our San Francisco business office.

I am a privacy and AI lawyer with over 13 years of experience specializing in international AI & data protection law and regulatory strategy. My practice is centered on navigating complex legal frameworks for global organizations, with a particular emphasis on the GDPR, the EU AI Act, the Data Act, and the ePrivacy Directive. I am recognized for a pragmatic, business-oriented approach that translates high-level legal requirements into practical actionable compliance structures across the Technology, Life Sciences, Media, and Financial Services sectors.

Based in San Francisco, I direct international AI, privacy and data protection mandates for a diverse portfolio of global clients. I oversee the delivery of high-stakes regulatory services, including Data Protection Officer (DPO) functions, international data transfer strategies, and GDPR representation. Working closely with our teams across our international offices, I ensure that our clients' global operations remain harmonized with evolving European and international standards.

I am increasingly involved in the integration of AI governance frameworks within global compliance programs. My work includes advising clients on the emerging requirements of the EU AI Act and assisting in the regulatory review of AI-driven products to ensure alignment with principles of transparency, privacy and data integrity. I focus on helping organizations navigate the intersection of privacy and artificial intelligence, developing strategies that address the unique compliance challenges posed by automated processing and algorithmic accountability.

I have acted as a Monitoring Trustee in major M&A transactions before the European Commission and the French Competition Authority, ensuring strict adherence to regulatory commitments. Additionally, in my capacity as lead Data Protection Officer for multinational corporations, I serve as the primary point of contact for Data Protection Supervisory Authorities, representing client interests and managing formal interactions and inquiries with regulatory bodies. I am regularly involved in cross-border data breach reporting.