Open navigation
Search
Search
Languages
  • Dutch
  • English
Social media

Masha Ooijevaar is a Legal Director in the Technology, Media and Telecom (TMT) Practice at CMS, based in Dubai. She is a dual-qualified (England & Wales, California) TMT/commercial lawyer specialising in data protection, privacy and cybersecurity. Masha advises clients across the MENA region on digital regulation and technology-related legal matters, including data governance, compliance programmes, cross-border transfers, data processing agreements, breach response and emerging AI laws and issues. She has been based in the region since 2019 and acts for multinational corporates, government entities and tech providers. She is ranked as Up & Coming in Chambers and Partners and as a Leading associate in legal 500 UAE for TMT.

Before joining CMS, Masha worked at leading international law firms in London and Dubai, as well as with KPMG and in-house at Warner Bros. Entertainment in the UK and US. She holds Certified Information Privacy Professional Europe (CIPP/E) and Certified Information Privacy Manager (CIPM) accreditations from the International Association of Privacy Professionals, and a Practitioner Certificate in Data Protection awarded by BCS, the Chartered Institute for IT.

Awards & Recognitions
01
  • Quote
    Masha Ooijevaar is a rising star with noteworthy expertise in data protection. She regularly advises big-name corporate clients on matters in this field, including the completion of company data protection handbooks.
    Chambers, 2025
  • Quote
    Masha knows the country's laws like the back of her hand.
    Chambers, 2025
  • Quote
    Masha Ooijevaar delivers top-level service and respects the agreed timelines. She is a trusted adviser who is always available.
    Chambers, 2025

Relevant experience

  • A Dubai government authority on a multi-jurisdictional data protection implementation programme covering the GCC and key strategic international markets, including compliance reporting, risk assessments, implementation roadmaps, policy localisation, governance frameworks, training, compliance monitoring and regulatory filings support. 
  • An international consumer platform on regulatory enforcement matters in Saudi Arabia and Qatar, including regulatory strategy, audit support, defence submissions, regulator engagement and data subject complaints handling.
  • A leading real estate group on GDPR applicability assessments across multiple business units, including subsequent training and advice on data protection impact assessments.
  • A Saudi electric vehicle business on implementation of its privacy compliance framework, including gap analysis, policy development and advice on data governance structures.
  • A national airline on privacy implementation, outstation expansion analysis, template development, DPIAs and transfer impact assessments.
  • A global technology and e-commerce company on a range of Middle East privacy matters, including third party processing arrangements, payments-related data migration issues and Saudi/Egyptian advice for advertising operations.
  • A UAE bank on an AI proof-of-concept agreement for vendor testing, with a focus on privacy, confidentiality and risk allocation.
  • A multinational technology provider on the launch of an AI-enabled healthcare product in the UAE, including advice on data transfers and UAE healthcare data restrictions.
  • Coordinating end-to-end legal response on cyber incidents for insurers and insureds, including managing forensic and technical vendors, and advising on regulatory notification obligations.
  • Qatar Financial Centre (QFC) Data Protection Office on the development of an AI data protection standard, guiding companies operating in the QFC on compliance with the QFC Data Protection Regulations when utilising AI technologies.*

*Prior to joining CMS.

Publications

  • Masha contributes articles and comments on the subject of data privacy, including global regulatory research platform OneTrust DataGuidance and international academic journal Privacy Laws & Business.
  • Contributor author -  “Drone Law and Policy: Global Developments, Risk, Regulation and Insurance,” Chapter 16: Data Protection, Privacy and Big Data - 1st Ed, Routledge, 2021.

Memberships & Roles

  • International Association of Privacy Professionals (IAPP).
  • International Bar Association.
  • California Lawyers Association.
  • Society for Computers & Law.
  • BCS, the Chartered Institute for IT.
  • Women in AI Governance.

Education

  • 2016 - Admitted as solicitor in England & Wales.
  • 2016 - Attorney-at-law, State Bar of California.
  • 2014 - LLM in Entertainment, Media and Intellectual Property Law, University of California, Los Angeles (UCLA), Los Angeles.
  • 2012 - Graduate LLB, BPP Law School, London.
  • 2011 - MA in Art Business, University of Manchester/Sotheby’s Institute of Art, London.
  • 2010 - LLM in European Law, Leiden University, Netherlands.
  • 2009 - BA, Columbia University, New York. 

Insights by Masha

Kingdom of Saudi Arabia issues new Cybersecurity Controls for the Private Sector

Kingdom of Saudi Arabia issues new Cybersecurity Controls for the Private Sector

27 Mar 2026 8 min read
Oman personal data protection law: entering the enforcement phase

Oman personal data protection law: entering the enforcement phase

11 Feb 2026 6 min read
Middle East TMT - 2025 in review

Middle East TMT - 2025 in review

20 Jan 2026 17 min read
Egypt’s PDPL: Executive regulations issued – one year compliance countdown begins

Egypt’s PDPL: Executive regulations issued – one year compliance countdown begins

13 Jan 2026 9 min read
Back to top Back to top
You will now find all Law-Now content on CMS.law
Opens in new window