This month, we introduce you to David Hall, Partner in HCR Law’s Technology and Innovation team, based in Birmingham.
David joined HCR Law in October 2025. With nearly 25 years’ experience advising on technology and data-driven projects, he works with organisations across the private, public and third sectors to help them buy, sell and use digital technology – from computing and telecoms hardware, firmware and software to cloud technology and related services, including cyber security.
What first attracted you to a career in law?
The bar! I did a mini-pupillage at Gatehouse Chambers (back then it was called Hardwicke Building) and loved it. But by the time I’d finished university, I was married and wanted stable income, so I decided to become a solicitor.
Technology has been a constant thread throughout most of my life and all of my career. Growing up in the 1980s, there were always computers and industrial (production line) microprocessors in my house and I programmed them. From then on, I’ve been fascinated by how computers, networks and devices work and how people use them in commerce and industry – both the benefits and the risks.
I keep close to tech by using it. I built my first law firm’s website (it was pretty whizzy for the time!), developed time-saving Word gadgets for its support staff and managed its desktop PC refresh project. When I moved to a larger firm towards the end of my training contract and started to specialise in commercial, IP and regulatory work, I realised there were few lawyers who understood digital technology to the same extent.
Over the ensuing 25 years, I’ve kept pace with mainstream technology as well as law, staying close to it by continuing to develop gadgets. Recent projects include a laser game for my children, simple projects in Amazon Web Services and using single-board computers (I like the Raspberry Pi), web (JavaScript) and smartphone apps.
As a commercial lawyer, I’m on the same wavelength as founders and business leaders. My tech insight enables me to work closely with CTOs and CISOs and even with technical engineers, so I can act as a bridge between technicians, business and legal leaders.
What type of legal advice do you provide? And to what sorts of clients?
I’m a commercial, IP and regulatory specialist and advise on technology development, tech supply, distribution and supply chain contracts, licensing and IP exploitation, cyber security and data protection compliance. I also often advise on the movement and sharing of sensitive information, like personal data, between health and care sector organisations or overseas for international clients or projects. I advise across sectors (private, public and voluntary) and supply chains – from developers and suppliers to commissioners, buyers and users.
In the last 10 years, I have particularly advised clients in the health, education, cloud and advanced manufacturing sectors, and tech businesses that supply to those sectors. My clients are diverse and include NHS Trusts, UK universities in the Russell Group, providers of SaaS, users of ERP business management software, Internet of Things device manufacturers, tech resellers, e-commerce businesses and providers of managed IT or digital security services.
A typical project for me is advising a mid-market organisation (£100m turnover) on its contract and licence for supply of a key software or SaaS application and related digital transformation project. I advised a leading UK university on a project like that in autumn 2025.
Much of my work involves helping clients understand and manage the cost, risk and legal impact of buying, selling or using digital technology and data, or leveraging it to create revenue. I also support suppliers in scaling their businesses, act as a kind of outsourced in-house counsel for SMEs and work for founders and owners in preparing for smoother exits. For example, I helped our client Nexum AI prepare for sale by improving its contracts and compliance. This ensured the business was marketable and would achieve a good price and sale terms. The sale completed in 2025 and I still advise Nexum on its large customer contracts.
What is your most memorable legal experience? And why?
Although I advise on cyber security, I don’t normally get involved with the immediate response when an incident hits. I advise before that, and after, to help ensure our client has appropriate, strong policies and contracts to get them through the incident. But that isn’t a strict rule for me and my most memorable experience involved being right there in the thick of it, responding to a major cyber security incident from the day after it started.
The incident affected large parts of the UK health system in autumn 2024. I parachuted in to provide on-the-ground support for the in-house legal team for a business that was at the centre of the incident. It was incredibly high pressure, dealing with key corporate customer stakeholders, health sector and data regulators and rising tides of enquiries from suppliers, other corporate customers and patients, as well as putting in place reactive contracts for supplies to keep the affected services running.
It was frantic! Incident response nearly always is. But it gave me a really privileged insight into the real impact of attacks, and several pennies dropped for me. I’ve brought those with me to HCR Law and I’m very excited to be working on the HCR Resilience product with Dr Kerry Beynon and Steven Murray, to help our clients get ready for attacks so they can survive them and get up and running faster (as well as helping them with the immediate incident response – although I hope I can wriggle out of that bit!)
What is your number one top tip for clients?
For any digital technology product, project, contract or business initiative: get advice early and keep it practical. Technology moves quickly and legal issues can become expensive and disruptive if they’re addressed too late.
It’s a really bad idea to start project discussions or a tender without legal input, with the aim of getting a contract just in time for when it’s needed. Commercial and IP lawyers have a role to play at the outset, outlining broad options and advising on which ones to focus on and broader activities (outside the main contract, project or opportunity) to protect IP and establish a good position.
Early involvement also means we can plan the contract drafting and programme it so it’s actually available when needed. If we’re involved at the last minute, it doesn’t leave enough time – and we’ll cause a delay.
It sounds likely to be more costly, but our fee isn’t necessarily higher when we’re involved from an early stage – there are things we can do to contain it. Even if the fee is a little higher, this way of involving us results in wiser spend and better value overall: more robust outcomes, delivered to planned and managed timescales, with more effective service.
And finally – what do you enjoy outside of work?
I enjoy balance-based activities including motorcycling, cycling, surfing and snowboarding, as well as music and creative pursuits. I also spend plenty of time ferrying my children to their activities, as well as (of course!) building my little technology projects.
How can we help you?
Related articles
Article
3 December 2025
3 minute read
Mexican Supreme Court limits copyright for AI-generated works
Read more
Article
28 November 2025
9 minute read
Initial insights on the Cyber Security and Resilience (Network and Information Systems) Bill
Read more
Article
26 November 2025
15 minute read
Everyday AI: reflections on the artificial intelligence in agriculture forum
Read more
Article
31 October 2025
7 minute read
Trust, tech and transparency: navigating AI’s data risks
Read more
Article
30 October 2025
16 minute read
When cyber becomes commercial: Lessons from JLR and a tough year for UK business
Read more
Article
16 October 2025
5 minute read
Protecting your brand’s reputation against cyber-attacks
Read more
Article
2 October 2025
5 minute read
Is it ok to enforce non-UK intellectual property rights in the UK?
Read more
Article
25 September 2025
5 minute read