Aadya Misra

Aadya is a Counsel with the Technology, Media, and Telecommunications team at Spice Route Legal, and leads India’s largest data practice – a team of 14+ lawyers, working almost exclusively on data-heavy matters, with an additional 5 fintech lawyers that spend half their time on data. She is well-reputed for being able to provide sophisticated multi-jurisdictional advisory and has assisted numerous companies that are exporting data to India, with transfer impact assessment for their cross-border data flows into India in the wake of the Schrems II judgement, and the resultant European Data Protection Board (EDPB) guidelines. She has also assisted a number of her clients with their expansion into over 100 global jurisdictions, and in 2021 alone, advised on over 40 cybersecurity incidents, including how to respond to and manage threats of ransomware.

In addition to her ‘Rising Star’ status for Data Protection in The Legal 500 Asia Pacific, Aadya is also recognised for her expertise across the globe by leading publications including OneTrust’s Data Guidance, Chambers & Partners, Asialaw andIndian Business Law Journal. She is an International Association of Privacy Professionals (IAPP) certified lawyer, with significant cross-jurisdictional experience.

Her recent accomplishments include – 

  • advising European Union clients on financial services data transfers to India, after the Schrems II decision, and assisting various such clients with managing cybersecurity incidence as well as the RBI’s localisation requirements;
  • advising an international shipping conglomerate, that uses blockchain technology to democratise the shipping industry, on data protection and privacy risks in India;
  • assisting a leading telecom player on a 40-jurisdiction analysis of cross border data transfer risks; 
  • advising companies on the collection, and handling of patient, visitor and donor data, in the wake of the Covid-19 pandemic;
  • advising multiple regulated entities and SaaS companies within the telecom sector on the implications of data localisation;
  • advising multiple companies on privacy-related employment issues, including the use of monitoring software, cross border data transfers, employment verification processes, and diversity practices;
  • assisting a global manufacturing and services conglomerate, among several other clients, with the management of a growing number of cybersecurity threats and breaches, in recent months;
  • assisting the largest Indian service-based unicorn, with the implementation of data protection practices and procedures for launches in Australia, Singapore, UAE and the Kingdom of Saudi Arabia, on the collection, storage, and localisation related obligations of storing body temperature and vaccination status data of its listed service professionals, and on the management of a ransomware attack and making disclosures to the Indian Computer Emergency Response Team; and
  • advised over 40 global companies over a myriad of industries, on complying with India’s upcoming data protection laws.

School of Law, Christ University


English, Hindi, Oriya


aadya.misra @spiceroutelegal.com

Representative Matters