White Label Consultancy was founded in 2019 in Oslo and has since inception been led by a team with operational experience at an executive level.
The motivation of the WLC founders continues to be to protect corporates from digital risks such as privacy breaches and cybercrime. The founders struggled to receive actionable advice from external consultants while implementing GDPR programs in the corporations they worked for. This motived them to deliver consultancy they felt was missing from the market.
Digital challenges have grown multifaceted due to a proliferation of advanced data processing technologies and the complex cross-functional national data processing in larger organisations. On top of the increased technical complexity, a surge in new legislative requirements means market demand is ever increasing.
The first White Label Consultancy client was a large Scandinavian technology company and since then, WLC has been experiencing a rapid growth as well as sectoral and geographical expansion. WLC has offices in four different jurisdictions, clients in fifteen countries from industries including pharma, telecom, logistics, manufacturing, hospitality, public administration, law firms, event management, retail, and more.
WLC is flexibly organised so that sudden increases in demand can be catered to by recruiting the best possible candidates from a network across Europe. In 2022 André Årnes, the Chief Security Officer of Telenor Group and professor in Cyber Security at the Norwegian Technical University joined White Label Consultancy to head the Cyber Security capacity.

Trusted by clients from industries such as pharma, telecom, logistics, manufacturing, hospitality, public administration, law firms, event management, retail, and more. Operating in multiple geographies including all countries within the European Union.
Our Team
Our path is what makes us

Nicholai Pfeiffer
Managing Partner
Nicholai has 20+ years of experience in the technology and telecommunications industries. He has a successful track record of managing global legal & privacy teams as well as complex large-scale projects.
Prior to joining WLC, he served 5 years as Group Privacy Officer of Telenor Group, where he successfully led one of largest GDPR-projects in Scandinavia. Nicholai has extensive experience with implementation of privacy management programs in global organisations.
In addition to the wide range of top-level roles within the telecom industry, he has served in the office of Danish Telecom regulator.
Nicholai holds a Master of Law degree from the University of Copenhagen.
Dr. Magdalena Góralczyk
Partner, Head of Data Protection
Before joining WLC, Magdalena served as the Global Lead Privacy Counsel for Nokia. Prior to that she was Vice President for Privacy in a global telecom.
She has advised international organisations on legal developments globally, among others on implementation of privacy controls for ad-tech, vendor management efforts, free data flow regulations. In addition, she has led several BCR projects.
Her work in EU funded research includes consulting on consent provisions in the drafting phase of GDPR.
Her data protection experience is rooted in her PhD on the concept of anonymity and identity and previous experience in academia.


André Årnes
Partner, Head of Cyber Security
André joined WLC as a Partner in January 2022, after having served 7 years as the Global CSO of Telenor Group.
He has 20+ years of experience within security leadership, Cyber Security, and digital forensics.
His previous work experience covers working as CIO in Telenor Global Shared Services, a Senior Principal Consultant for Security Architecture with Oracle, and as a Special Investigator the for Norwegian National Criminal Investigation Service.
André is also a part-time Professor at the Norwegian Technical University (NTNU) Department of Information Security and Communication Technology.
Prof. Dr. Marcelo Corrales Compagnucci
Special Counsel, Data Protection
Marcelo is Attorney-at-Law specializing in disruptive technologies, privacy and data protection law. His past activities have included working as a consultant and lawyer for law firms and IT companies. Marcelo has also vast experience in EU funded research projects. He is currently Associate Professor of IT Law at the University of Copenhagen in Denmark. He has a Doctor of Laws (LL.D.) degree from Kyushu University in Japan. He also holds a Master of Laws (LL.M.) in international economics and business law from Kyushu University, and an LL.M. in law and information technology and an LL.M. in European intellectual property law, both from the University of Stockholm in Sweden. He has several publications in the field of IT Law.


Kevin K.K. Khoo
Senior Consultant, Cyber Security
Kevin is an experience Cyber Security professional. In his previous roles he has been directly involved in defining IT-architecture to meet organisational requirements regarding Cyber Security, development, and operations. He has led and deployed Secure End-user Computing Platforms in various organisations and for remote workers. In addition, he has led the implementation of Microsoft’s Office 365 platform including data migration, architecture and implementation in several organisations. Kevin holds an ISO27001 diploma and has supported organisations in preparing for Cyber Security certification.
Federico Marengo
Senior Consultant, Data Protection


Philip Tavares
Senior Consultant, Vendor Management
Philip has over 25 years of international experience in the telecommunications / ICT sector. He has steadily built and managed multiple organizations, achieving consistent results and value-creation. Furthermore, his knowledge of procurement, supply-chain management, third party risk management, and partner management, is extensive.
Prior to WLC Philip served the Telenor Group 11 years. Trusted by his peers and handpicked to take charge of global procurement transformation programs, he is known for his capacity to execute. He held multiple Vice-President roles in group procurement and was central in establishing the Telenor Procurement Company. He served Ericsson 13 years in global executive positions in Business Development, Sales Management, and Strategic Product Management.
Prof. Dr. Tihomir Katulic
Special Counsel, Data Protection
Tihomir is an information technology lawyer and data protection expert with experience as a consultant for business organizations, public administration institutions, and law firms. He is a member of the European Data Protection Board External Pool of Experts and the chair of the Croatian Chapter of the International Association of Privacy Professionals, where he also serves with the IAPP Education Board.
Currently working as an Associate Professor of IT Law at the University of Zagreb, Tihomir chairs the National Panel of Experts of the Croatian State Intellectual Property Office and is an arbiter for the Croatian Domain Name Service Arbitration Body.


Peter Davis
Special Counsel, Data Protection
Peter has enjoyed more than 5 years in legal academia, where he has researched and taught in a variety of fields within information and communication technology law. Since completing his Ph.D. at the Norwegian Centre for Computers and Law at the University of Oslo, he has moved to the University of Copenhagen’s Centre for Innovation and Information Law in a postdoctoral position.
His expertise centers on European data protection law but extends to other fields, such as encryption and artificial intelligence, and to other jurisdictions, including his native Australia.
Merlyn Goveas
Consultant, Data Protection

Cassandra Stead
Consultant
Cassandra graduated from BI Norwegian Business School with a Bachelor of Business Administration, specialising in Finance in Oslo, Norway. She later graduated with an LLM in Law and Legal Practice from BPP University in London, England.
Cassandra has supported companies as their Data Protection Officer. She has experience supporting clients around the globe with various activities, including developing and reviewing comprehensive privacy documentation, breach management, mapping data privacy compliance and legislation, and implementing new privacy programmes.
Przemysław Gruchała
Data Protection Consultant
Przemyslaw is an attorney-at-law (non-practicing) and Certified Information Privacy Professional for Europe with +7 years of professional experience in the field of new technologies, data protection & privacy, and e-commerce.
He is a skillful, solution-oriented advisor and a technology enthusiast. His track record includes advising entities, i.a. deploying AI tools, IoT solutions, or SaaS/PaaS platforms reinforced by cloud computing. He also regularly supports companies in privacy implementations, audits and data processing & sharing contracts negotiations.
In 2023, he was deemed a recommended lawyer in the IT & Telecommunications sector in an international ranking for top lawyers and law firms – Legal500.


Silvina Pezzetta
Special Counsel, Data Protection
Silvina is a lawyer holding a Ph.D. in Law. She has been working as a senior researcher for the leading national research institute in Argentina, CONICET. She specializes in ethical and legal analysis with broad experience in legal education, animal law, and new technologies.
She has been visiting scholar in the U.S. (Wisconsin University), Spain (Pompeu Favra), Germany (Max Planck Institute for Comparative Law and International Public Law), and she is now a visiting scholar at Harvard Law School.
She has several publications in the field of legal philosophy and ethics. Silvina has broad experience leading publicly funded research projects, supervising Ph.D. students, and teaching. She is also engaged in pro bono activities.
Jon Magne Haugli
Senior Security Consultant
Jon Magne has extensive experience in highly exposed and complex organizations, including Telenor Group, Höegh Lng AS, the Norwegian Ministry of Foreign Affairs, and Avinor, as well as from the Norwegian military services.
Jon Magne joined WLC as a Senior Security Consultant in a contractor capacity, specializing in corporate security, emergency preparedness, and crisis management.


Agnieszka Michalik
Senior Data Protection Consultant
Aga is an experienced privacy professional with 10+ years of experience in various privacy/data protection legal and compliance roles.
She joined White Label Consultancy from the Bank of New York Mellon, a global financial institution, where she worked as a Group GDPR Data Protection Officer and EMEA Privacy Compliance Manager. Prior to that, she worked as an in-house data protection lawyer within Credit Suisse’s General Counsel division.
Aga holds an MA in Law and a BA in Philology, both from the University of Silesia in Poland. She completed post-graduate courses in EU Law (University of Silesia) and data protection/DPO (Polish Academy of Sciences). She holds an IAPP Certified Information Privacy Professional/Europe (CIPP/E) certification as well as a DPO-B certification from Maastricht University.
Norman Aasma
Junior Associate, Data Protection
Norman previously worked in an Estonian law firm specializing in privacy and data protection, and he volunteers at an international NGO which advocates for data privacy.
Norman holds a Bachelor’s degree in law (Bachelor of Arts in Social Sciences (law), officially equivalent to LL.B) (cum laude) from Tallinn University of Technology and is currently pursuing a Master’s degree in law (LL.M.) at the University of Oslo, where he has also followed privacy related courses.


Lucrezia Nicosia
Junior Data Protection Associate
Lucrezia is a Junior Data Protection Associate at WLC with a solid European and International Law background.
Her academic journey began at Maastricht University, where she earned her LL.B. degree. Building on her passion for public and private international law, she pursued further studies at Oslo University and is now completing two LL.M. degrees.
Through her academic pursuits and active involvement in external projects, she has attained a specialization in privacy and cybersecurity.
Arina Kostina
Data Protection Associate
Arina is a lawyer specialized in advising on all aspects of European data protection law. Her professional experience includes three years of practice in Belgium and Ukraine and five years researching privacy and data protection matters at Koç University in Türkiye. She also completed a traineeship in the legal service of the EU supervisory authority for data protection.
Her specialties are Data Protection, International Data Transfers, and Breach Management.


Alexandru Runceanu
Financial Controller
Alexandru is a Finance Controller with over 13 years of relevant work experience. Before joining WLC, he worked at several multinational corporations in the automotive industry, covering different roles as a specialist and coordinator. During that period, he covered the finance aspects of several areas: Sales, Operations, Research & Development, Project Management, and Shared Services.
Alexandru has extensive experience in financial reporting, planning, financial analysis, consolidation, and other activities related to Corporate Finance. He holds a Master’s degree in Financial and Banking Management from Transilvania University of Brasov, Romania.
Stefan Buzas
Business Operations Manager
Stefan previously worked as a Product Manager at one of Microsoft’s partners in Budapest. Later, he joined an IT and Marketing startup company as a Customer Success Manager. He highly contributed to the company’s rapid growth, which attracted clients from all over the world. He got promoted to the Operations Manager position, taking care of all the processes and operational aspects throughout the different departments within the company.
He studied economics, English, and music.
