Skip to content

Operational Experience at an Executive Level

White Label Consultancy was founded in 2019 in Oslo and has since inception been led by a team with operational experience at an executive level. 

The motivation of the WLC founders continues to be to protect corporates from digital risks such as privacy breaches and cybercrime. The founders struggled to receive actionable advice from external consultants while implementing GDPR programs in the corporations they worked for. This motived them to deliver consultancy they felt was missing from the market. 

Digital challenges have grown multifaceted due to a proliferation of advanced data processing technologies and the complex cross-functional national data processing in larger organisations. On top of the increased technical complexity, a surge in new legislative requirements means market demand is ever increasing. 

The first White Label Consultancy client was a large Scandinavian technology company and since then, WLC has been experiencing a rapid growth as well as sectoral and geographical expansion. WLC has offices in four different jurisdictions, clients in fifteen countries from industries including pharma, telecom, logistics, manufacturing, hospitality, public administration, law firms, event management, retail, and more. 

WLC is flexibly organised so that sudden increases in demand can be catered to by recruiting the best possible candidates from a network across Europe. In 2022 André Årnes, the Chief Security Officer of Telenor Group and professor in Cyber Security at the Norwegian Technical University joined White Label Consultancy to head the Cyber Security capacity.

1 +
Privacy audits
+ 75
+ 100
WLC Privacy Professionals // Map of Geographical Experience // White Label Consultancy

Trusted by clients from industries such as pharma, telecom, logistics, manufacturing, hospitality, public administration, law firms, event management, retail, and more. Operating in multiple geographies including all countries within the European Union.

Our Team

Our path is what makes us


Nicholai Pfeiffer

Managing Partner

Nicholai has 20+ years of experience in the technology and telecommunications industries. He has a successful track record of managing global legal & privacy teams as well as complex large-scale projects. 

Prior to joining WLC, he served 5 years as Group Privacy Officer of Telenor Group, where he successfully led one of largest GDPR-projects in Scandinavia. Nicholai has extensive experience with implementation of privacy management programs in global organisations.

In addition to the wide range of top-level roles within the telecom industry, he has served in the office of Danish Telecom regulator. 

Nicholai holds a Master of Law degree from the University of Copenhagen.

Dr. Magdalena Góralczyk

Partner, Head of Data Protection

Before joining WLC, Magdalena served as the Global Lead Privacy Counsel for Nokia. Prior to that she was Vice President for Privacy in a global telecom.

She has advised international organisations on legal developments globally, among others on implementation of privacy controls for ad-tech, vendor management efforts, free data flow regulations. In addition, she has led several BCR projects.

Her work in EU funded research includes consulting on consent provisions in the drafting phase of GDPR.

Her data protection experience is rooted in her PhD on the concept of anonymity and identity and previous experience in academia.

André Arnes

André Årnes

Partner, Head of Cyber Security

André joined WLC as a Partner in January 2022, after having served 7 years as the Global CSO of Telenor Group.

He has 20+ years of experience within security leadership, Cyber  Security, and digital forensics.

His previous work experience covers working as CIO in Telenor Global Shared Services, a Senior Principal Consultant for Security Architecture with Oracle, and as a Special Investigator the for Norwegian National Criminal Investigation Service.

André is also a part-time Professor at the Norwegian Technical University (NTNU) Department of Information Security and Communication Technology.

Prof. Dr. Marcelo Corrales Compagnucci

Special Counsel, Data Protection

Marcelo is Attorney-at-Law specializing in disruptive technologies, privacy and data protection law. His past activities have included working as a consultant and lawyer for law firms and IT companies. Marcelo has also vast experience in EU funded research projects. He is currently Associate Professor of IT Law at the University of Copenhagen in Denmark. He has a Doctor of Laws (LL.D.) degree from Kyushu University in Japan. He also holds a Master of Laws (LL.M.) in international economics and business law from Kyushu University, and an LL.M. in law and information technology and an LL.M. in European intellectual property law, both from the University of Stockholm in Sweden. He has several publications in the field of IT Law.


Kevin K.K. Khoo

Senior Consultant, Cyber Security

Kevin is an experience Cyber Security professional. In his previous roles he has been directly involved in defining IT-architecture to meet organisational requirements regarding Cyber Security, development, and operations. He has led and deployed Secure End-user Computing Platforms in various organisations and for remote workers. In addition, he has led the implementation of Microsoft’s Office 365 platform including data migration, architecture and implementation in several organisations. Kevin holds an ISO27001 diploma and has supported organisations in preparing for Cyber Security certification.

Federico Marengo

Senior Consultant, Data Protection

Federico is a data protection consultant that worked for TNP Consultants and Data Business Services. He is a privacy enthusiast who has established himself as a thought-leader on the application of data protection in advanced and complex data privacy domains, such as Artificial Intelligence and Cloud Computing. Federico has an LL.M. (University of Manchester), and is a PhD candidate (Bocconi University, Milano). As a PhD researcher, his research deals with the potential and challenges of the General Data Protection Regulation to protect data subjects against the adverse effects of Artificial Intelligence. He is also a teaching assistant in two courses at Bocconi University.
He is the author of “Data Protection Law in Charts. A Visual Guide to the General Data Protection Regulation“, e-book released in 2021.

Philip Tavares

Senior Consultant, Vendor Management

Philip has  over 25 years of international experience in the telecommunications / ICT sector. He has steadily built and managed multiple organizations, achieving consistent results and value-creation. Furthermore, his knowledge of procurement, supply-chain management, third party risk management, and partner management, is extensive. 

Prior to WLC Philip served the Telenor Group 11 years. Trusted by his peers and handpicked to take charge of global procurement transformation programs, he is known for his capacity to execute.  He held multiple Vice-President roles in group procurement and was central in establishing the Telenor Procurement Company.  He served Ericsson 13 years in global executive positions in Business Development, Sales Management, and Strategic Product Management.  

Prof. Dr. Tihomir Katulic

Special Counsel, Data Protection

Tihomir is an information technology lawyer and data protection expert with experience as a consultant for business organizations, public administration institutions, and law firms. He is a member of the European Data Protection Board External Pool of Experts and the chair of the Croatian Chapter of the International Association of Privacy Professionals, where he also serves with the IAPP Education Board.

Currently working as an Associate Professor of IT Law at the University of Zagreb, Tihomir chairs the National Panel of Experts of the Croatian State Intellectual Property Office and is an arbiter for the Croatian Domain Name Service Arbitration Body.

Peter Davis

Peter Davis

Special Counsel, Data Protection

Peter has enjoyed more than 5 years in legal academia, where he has researched and taught in a variety of fields within information and communication technology law. Since completing his Ph.D. at the Norwegian Centre for Computers and Law at the University of Oslo, he has moved to the University of Copenhagen’s Centre for Innovation and Information Law in a postdoctoral position.

His expertise centers on European data protection law but extends to other fields, such as encryption and artificial intelligence, and to other jurisdictions, including his native Australia.

Merlyn Goveas

Senior Consultant, Data Protection

Merlyn is a seasoned privacy professional committed to providing comprehensive data protection solutions to clients across various industries. Merlyn‘s extensive expertise and insights will be instrumental in helping WLC’s clients ensure their data protection compliance and privacy best practices.
Before joining WLC, Merlyn worked at an international law firm, gaining her privacy and data protection experience, and assisting clients on various projects, from regulatory compliance to data security, governance, and breach response.
Merlyn brings her knowledge of data protection regulations, such as the General Data Protection Regulation (GDPR) and UAE Data Protection Law, including DIFC & ADGM Data Protection regimes. She is a Certified Privacy Professional (CIPP/E) recognized by the International Association of Privacy Professionals (IAPP) that will help clients in the region navigate the complex landscape of data protection and privacy.

Cassandra Stead

Consultant, Data Protection

Cassandra graduated from BI Norwegian Business School with a Bachelor of Business Administration, specialising in Finance in Oslo, Norway. She later graduated with an LLM in Law and Legal Practice from BPP University in London, England.  

Cassandra has supported companies as their Data Protection Officer. She has experience supporting clients around the globe with various activities, including developing and reviewing comprehensive privacy documentation, breach management, mapping data privacy compliance and legislation, and implementing new privacy programmes.  

Przemysław Gruchała

Senior Consultant, Data Protection

Przemyslaw is an attorney-at-law (non-practicing) and Certified Information Privacy Professional for Europe with +7 years of professional experience in the field of new technologies, data protection & privacy, and e-commerce.

He is a skillful, solution-oriented advisor and a technology enthusiast. His track record includes advising entities, i.a. deploying AI tools, IoT solutions, or SaaS/PaaS platforms reinforced by cloud computing. He also regularly supports companies in privacy implementations, audits and data processing & sharing contracts negotiations.

In 2023, he was deemed a recommended lawyer in the IT & Telecommunications sector in an international ranking for top lawyers and law firms – Legal500.

Przemysław Gruchała
Silvina Pezzetta

Silvina Pezzetta

Special Counsel, Data Protection

Silvina is a lawyer holding a Ph.D. in Law. She has been working as a senior researcher for the leading national research institute in Argentina, CONICET. She specializes in ethical and legal analysis with broad experience in legal education, animal law, and new technologies.

She has been visiting scholar in the U.S. (Wisconsin University), Spain (Pompeu Favra), Germany (Max Planck Institute for Comparative Law and International Public Law), and she is now a visiting scholar at Harvard Law School.

She has several publications in the field of legal philosophy and ethics. Silvina has broad experience leading publicly funded research projects, supervising Ph.D. students, and teaching. She is also engaged in pro bono activities.

Jon Magne Haugli

Senior Consultant, Cyber Security

Jon Magne has extensive experience in highly exposed and complex organizations, including Telenor Group, Höegh Lng AS, the Norwegian Ministry of Foreign Affairs, and Avinor, as well as from the Norwegian military services.

Jon Magne joined WLC as a Senior Security Consultant in a contractor capacity, specializing in corporate security, emergency preparedness, and crisis management.

Jon Magne Haugli

Norman Aasma

Associate, Data Protection

Norman previously worked in an Estonian law firm specializing in privacy and data protection, and he volunteers at an international NGO that advocates for data privacy.

Norman holds a Bachelor’s degree in law (Bachelor of Arts in Social Sciences (law), officially equivalent to LL.B) (cum laude) from Tallinn University of Technology and a Master’s degree in law (LL.M.) from the University of Oslo.

Lucrezia Nicosia

Consultant, Data Protection

Lucrezia is a Data Protection Consultant at WLC with a solid European and International Law background.

Her academic journey began at Maastricht University, where she earned her LL.B. degree. Building on her passion for public and private international law, she pursued further studies at Oslo University and is now completing two LL.M. degrees.

Through her academic pursuits and active involvement in external projects, she has attained a specialization in privacy and cybersecurity.

Arina Kostina

Arina Kostina

Consultant, Data Protection

Arina is a lawyer specialised in advising on all aspects of European data protection law. Her professional experience includes three years of practice in Belgium and Ukraine and five years researching privacy and data protection matters at Koç University in Türkiye. She also completed a traineeship in the legal service of the EU supervisory authority for data protection.

Her specialties are Data Protection, International Data Transfers, and Breach Management.

Meredith Primrose Jones

Consultant, Cyber Security

Meredith Primrose Jones is a legal and cybersecurity professional with a Master of Laws in International Security Law from the Australian National University.

Before joining WLC, Meredith worked at top Australian universities as a Researcher and a Lecturer of Law. Areas of law Meredith taught across included cyber law, privacy, artificial intelligence, and technology law. Whilst focused on cybersecurity, Meredith’s research has been published in the fields of cyber and hybrid warfare. She actively contributes to reports relating to warfare, cybersecurity, and hybrid threats and remains closely affiliated to the Centre for Cyber Security Research and Innovation at RMIT University in Melbourne.

Meredith has also had experience in writing government submissions relating to cybersecurity practices and high-level reports detailing recommendations for improved cybersecurity capacity building and legislative reform.

Meredith Primrose Jones
Petruta Pirvan

Petruta Pirvan

Senior Consultant, Data Protection

Petruta is a Lawyer and a Data Protection Professional specializing in interpreting data protection international legislation with more than 16 years of practice in my profession.

She’s a member of the International Association of Privacy Professionals, a Fellow of International Privacy (FIP), a Certified Data Privacy Manager (CIPM), and a Professional for Europe and the US (CIPP/E & CIPP/US).

She holds course certifications in AI Ethics and Digital Policies from the University of Helsinki, among others.

Petruta has been long acting as an in-house data privacy counsel for top multinational companies such as Oracle and Accenture and led the Global Data Privacy Compliance Program in A.P. Moller-Maersk by setting up the group data privacy practices, guidance, and policies.

Alisa Mujanic

Senior Consultant, Cyber Security

Alisa joins us from Sopra Steria, where she has been section manager for cyber security and Splunk, and she has broad experience across multiple roles within cyber security at strategic and leadership levels. She has strong analytical and communication skills and is highly focused on bridging gaps between teams and subject areas.

She brings a holistic perspective and an action-oriented approach. She has gained extensive and global experience from Telenor Group, where she was the project manager for one of the largest global strategic cyber security projects and acted as the Business Security Officer for the Telenor Group Units.

Alisa takes a particular interest in the intersection between security, technology, and policy and has represented Telenor at the United Nations’ Open-Ended-Working-Group on Security, and initiated and led several internal activities on cyber security regulation. 

Alisa Mujanic
Marie Kristine Reyes

Marie Kristine Reyes

Associate, Data Protection

Kristine is a lawyer and a Certified Information Privacy Professional for Europe and the US (CIPP/E and CIPP/US).

She is a member of the International Association of Privacy Professionals (IAPP) and the International Bar Association (IBA). She holds a Master of Laws specialising in Data Protection, Intellectual Property, and Artificial Intelligence from Technische Universität Dresden in Germany and was a recipient of the DAAD Konrad Zuse School of Embedded and Composite A.I. scholarship for her research on the EU AI Act and automated decision making.

Before joining WLC, she had over 6 years of experience as a corporate lawyer handling corporate reorganisation, M&A, and IPO due diligence.

Monika Zieciak

Associate, Data Protection

Monika is a lawyer with experience gained in law firms and as in-house counsel, advising on privacy, information security, IP/IT, and business law. She specialises in drafting and reviewing data protection and information security procedures, data processing agreements, conducting DPIAs, and incident management.

As an experienced practitioner and a graduate of certified DPO courses, she has extensive knowledge of privacy issues in new technologies, particularly in software development using distributed ledger and generative AI (LLM) technologies in organisations.

Monika focuses on providing business-friendly solutions and is passionate about new technologies and language learning.

Monika Zieciak
Jacek Gołdasz

Jacek Gołdasz

Financial Controller

Jacek is a seasoned Finance Controller with over 20 years of experience in the field. Before joining WLC, he held key positions at various multinational corporations, where he managed finance and procurement functions across diverse sectors, encompassing both production and service-oriented enterprises.

Throughout his career, Jacek has demonstrated proficiency in financial reporting, planning, and analysis, among other aspects of corporate finance. He earned his master’s degree from the Leipzig School of Management in Germany.

Stefan Buzas

Business Operations Manager

Stefan is a dynamic and results-driven professional with a rich background in customer sales, product management, and business operations.

After many successful years at Hungarian Telekom as a Customer Sales Specialist, Stefan transitioned to a Product Manager role at a Microsoft partner in Budapest.

His journey continued as a Customer Success Manager at an IT and Marketing startup, where he played a pivotal role in the company’s rapid global growth. His exceptional contributions led to his promotion to Operations Manager, where he expertly managed processes and operational aspects across various departments.

Stefan has studied economics and is fluent in English, Hungarian, and Romanian, combining his background with practical experience to drive business success.