Professionals

Alexander M. Dimitrov

Solicitor (UK)
15-16 St. Helen’s Place
London EC3A 6DQ, United Kingdom

Office: (267) 930-6662

Education

The University of Law
Master of Laws

University of Nottingham
Bachelor of Laws, European Law

Admission

  • England & Wales

Practice Areas

Alexander Dimitrov practices in Mullen Coughlin UK’s Incident Response practice area and is based in London. An experienced legal and cyber insurance professional with experience responding to and investigating hundreds of data privacy and security incidents, he primarily serves as a Breach Coach for organizations who have experienced any type of incident including ransomware attacks, business email compromises (BECs) and fraudulent wire transfers, vendor breaches and inadvertent disclosures of protected information.

Once an incident is detected, Alex coordinates and leads the response alongside third-party incident response stakeholders – such as forensic investigators; law enforcement; cyber insurance carriers and brokers; and the victim organization’s internal incident response team (if applicable). Once the incident is mitigated and any other further intrusion is contained, he counsels the victim organization on any legal, regulatory and/or contractual obligations that stem from the incident. This ranges, depending on the scale and scope of the incident, from law enforcement and regulatory agency reporting and individual and business partner notification, to the procurement of credit/identify monitoring and other post-incident services for the affected organization and populations.

Alex is well-versed in the various European Union (EU) laws and regulations pertaining to data privacy and cybersecurity, including the:

  • General Data Protection Regulation (GDPR);
  • Digital Operational Resilience Act (DORA);
  • Data Act;
  • Data Governance Act (DGA);
  • Digital Markets Act (DMA); and
  • Artificial Intelligence Act (AI Act).

In addition to his incident response practice, Alex also counsels organizations on data privacy and information security Advisory Compliance solutions, particularly as they related to the EU’S GDPR, including with the drafting of Data Processing Agreements (DPAs) and conducting Data Protection Impact Assessments (DPIAs).

Alex honed his incident response experience as a member of the cyber risk team at a large international firm. In addition to his incident response experience, he also worked across commercial and transactional practice areas, advising organizations technology and privacy projects and M&A deals. Alex has a specific interest in the sports sector and its intersection with the fields of cyber risk and data protection.

Alex also was a Cyber Claims Specialist secondee for a major Lloyds-market cyber insurer. There, he handled hundreds of high-valued claims related to data privacy and security incidents across the globe – experience and knowledge he bears when coordinating incident response services for insured organizations and when liaising with cyber insurance partners.

Outside of his practice, Alex is an avid sports enthusiast and is an amateur karting driver and volleyball referee, having officiated the 2018 Men’s World Championship.

Alex received his legal education in the Netherlands and in England. In addition to English, he also is proficient in the Bulgarian, Serbo-Croatian and Russian languages.

REPRESENTATIVE MATTERS

  • Assisted the largest U.S. healthcare insurance provider with a complex systems migration project involving the re-negotiation of over 40 DPAs with major suppliers and providing ad hoc advice on DPIA processes
  • Coordinated the incident response for multiple BEC incidents involving market-leading and regulated professional services organizations
  • Represented a large international financial services organization in its response and investigation into a ransomware incident affecting offices/terminals in multiple jurisdictions
  • Assisted a well-known book publisher with the restoration of access to their hijacked social media accounts
  • Assisted in the defense of numerous privacy-related claims, including a proposed 3,000-member class action against a public authority

SPEAKING ENGAGEMENTS & PRESENTATIONS

  • “GDPR and Sharing Fraud Data,” Music Fights Fraud Alliance, Webinar, November 7, 2024

PUBLICATIONS

  • “Do Crypto Developers Owe Fiduciary Duties: A Centralised Question,” PLC Magazine, March 2023
  • “Data Protection in Emerging Technologies – Blockchain,” LexisNexis Practical Guidance and Legal Research UK, November 2022
  • “Cryptoassets: The Scope of Blockchain Developers,” LexisNexis Practical Guidance and Legal Research UK, June 2022
  • “Right of Publicity,” The Licensing Journal, February 2021