I am a specialist data privacy lawyer who has practised in this area for many years helping clients across various sectors and industries. I advise on the full range of data protection and privacy compliance matters including GDPR implementation (see our GDPR HealthCheck offering), employee privacy compliance, and privacy issues connected with the online environment and mobile apps.
As a data privacy lawyer, I’ve spent time in-house on secondments as well as a short stint in Silicon Valley helping US organisations directly with their EU operations. I also spent several years as part of the team advising the Government of Bermuda on the drafting and implementation of the Personal Information Protection Act 2016 in Bermuda.
I authored two chapters in the International Association of Privacy Professionals’ 2019 (2nd ed) European Data Protection Law and Practice on Lawful Processing Criteria and Employment Relationships. I help all types of organisations from global corporates, global non-profits/ charities to tech companies and smaller charities with their compliance with GDPR, data protection and e-privacy requirements. I head up the team of data privacy lawyers at Bates Wells.
Additionally I have supported organisations with data privacy compliance issues when setting up grant arrangements to help charities and others cope with the emergency
The client was a global online platform with worldwide customers who experienced a data security breach that became public. It was investigated by regulators in multiple jurisdictions including the UK. We supported the client in their dealings with the ICO including drafting responses to the ICO’s questions, advising on the strategic approach to handling the breach, and considering the report from the digital forensic investigators. The ICO confirmed in due course that it was taking no further action against the client.
The client was a global campaigning and grant making organisation which transfers personal data about grantees and other individuals on a daily basis. Recognising the need to implement an approach to meet the requirements of the GDPR, we mapped the different importer and exporter organisations and data flows. We then drafted an intra-group data transfer agreement based on the European Commission approved contractual clauses as the mechanism for the client to rely on.
The charity was a campaigning and advocacy organisation that can be involved in undercover investigations which involve the collection of personal data. We advised the client on the requirement to carry out a Data Protection Impact Assessment and helped to complete the DPIA.