Victoria Hordern

Partner & Head of Data Privacy

Experience

I am a specialist data privacy lawyer who has practised in this area long before it became fashionable! I’ve been helping clients decipher the requirements of data protection law for over 14 years.

 

As a data privacy lawyer, I’ve spent time in-house on secondments as well as a short stint in Silicon Valley helping US organisations directly with their EU operations. I also spent several years as part of the team advising the Government of Bermuda on the drafting and implementation of the Personal Information Protection Act 2016 in Bermuda.

I help all types of organisations from global corporates, global non-profits/ charities to smaller tech companies and smaller charities with their compliance with GDPR, data protection and e-privacy requirements. I head up the team of data privacy lawyers at Bates Wells.

Recent projects

  • Advising an online platform on an investigation into its processing by the ICO following a data security breach

    The client was a global online platform with worldwide customers who experienced a data security breach that became public. It was investigated by regulators in multiple jurisdictions including the UK. We supported the client in their dealings with the ICO including drafting responses to the ICO’s questions, advising on the strategic approach to handling the breach, and considering the report from the digital forensic investigators. The ICO confirmed in due course that it was taking no further action against the client.

  • Advising a global organisation on its approach to data transfers

    The client was a global campaigning and grant making organisation which transfers personal data about grantees and other individuals on a daily basis. Recognising the need to implement an approach to meet the requirements of the GDPR, we mapped the different importer and exporter organisations and data flows. We then drafted an intra-group data transfer agreement based on the European Commission approved contractual clauses as the mechanism for the client to rely on.

  • Advising a charity involved in carrying out undercover investigations

    The charity was a campaigning and advocacy organisation that can be involved in undercover investigations which involve the collection of personal data. We advised the client on the requirement to carry out a Data Protection Impact Assessment and helped to complete the DPIA.

  • Drafting a guide to the GDPR for use within a global marketing, communications and advertising company and providing associated training
  • Drafting a contracts playbook for a controller negotiating GDPR compliant agreements with processors
  • Assisting a global company with the roll out of a third party threat intelligence system processing employee data
  • Supporting a professional body structure its data privacy approach across its organisation including rolling out data use principles and data processing agreements.
  • Advising organisations on their marketing consent wording and associated privacy notices to comply with GDPR
  • Advising on the privacy issues associated with the merger of two charities
  • Carrying out GDPR Healthchecks for a number of organisations seeking to understand their level of compliance with the GDPR requirements

Qualifications and career

  • University of Oxford, BA (Hons) English
  • BPP London, PGDL and LPC
  • Training Contract at Field Fisher Waterhouse LLP, 2001
  • Qualified as a solicitor at Field Fisher Waterhouse LLP, 2003
  • Director at Field Fisher Waterhouse LLP, 2013
  • Joined Hogan Lovells International LLP, 2014
  • Counsel at Hogan Lovells International LLP, 2017
  • Joined Bates Wells in 2018
  • Partner at Bates Wells from 2019
  • CIPP/E and CIPT qualifications from the International Association of Privacy Professionals

Pro bono, memberships, and appointments

  • International Association of Privacy Professionals, Member of the Privacy Faculty
  • Trustee of RENEW Foundation (Recovery Empowerment Networking and Employment for Women)