• I am a Partner and barrister, specialising in information and privacy law. I have been providing pragmatic, clear and strategic advice on data protection, privacy, confidentiality and access to information since 2005, when working as in house legal advisor within the government legal service. 

    I advise on all areas of data protection, including compliance (audits, policies and accountability), data subject requests - particularly in the context of complex disputes where practical and strategic advice is required, data breaches, the data protection elements of cybersecurity, corporate due diligence, requests for disclosure made by authorities such as the police or courts, international transfers and TRAs, and contractual clauses relevant to information sharing. 

    I also advise in relation to the Freedom of Information Act and Environmental Information Regulations – usually in relation to sensitive or complex matters and the applicability of exemptions and internal reviews, but I have also supervised junior in-house specialist teams and assisted with procedures for dealing with requests. I have experience with the Information Rights Tribunal, in the context of Freedom of Information Act appeals, and regularly contribute articles in the PDP FOI Journal.  

    Other areas of specialism include the Privacy and Electronic Communication Regulations both in terms of the requirements for marketing and the collection and use of data from cookies, and the sharing and use of confidential information for the purposes of research. 

    I advise a wide range of clients, in both the public and private sectors, including both local and central government, general commercial organisations, higher education institutions, healthcare providers, tech start-ups, housing associations – and any other business that uses information. 

    I manage a team of specialist information and privacy lawyers at Bevan Brittan, who all work with a variety of sectors.  This means that the team are well placed to advise on best practice in both our client’s own sector, but can also bring across any helpful initiatives and innovations that others are currently using.

    • Advising a University on general compliance including a detailed review of privacy notices and preparation for an Article 30 ROPA (record of processing activities) project;
    • Advising on the creation of a large research database, where bespoke data deposit and data access agreements were required, including ongoing advice on the expansion of the database, and the use of confidential information under both the NHS COPI regulations and the Digital Economy Act provisions;
    • Assisting with the creation of UK GDPR compliant templates for an organisation based overseas, that contracted with UK and EU customers as a processor.  This involved creating a bespoke data processing agreement, and incorporating the IDTA and SCCs in a way that only one set of documents needed to be produced, with different sections being applicable to different jurisdictions, and some sections not being applicable when the customer was an individual;
    • Continuing advice in relation to a complex employment dispute, where the individual has made requests for disclosure of information by way of a SAR, FOI requests and under the disclosure rules. This has involved working closely with colleagues in the employment team to ensure a consistent approach, that fits with the client's strategy, but also ensures compliance with all relevant regimes;
    • Advising on the contractual requirements for a complex de-merger of an organisation that was splitting it's functions. The marketing database was central to both new functions, but not stored in such a way that it could be easily separated. The advice here included carefully worded contractual provisions so as not to put either party in breach of contract, alongside practical, risk-based advice on how to use and maintain the database going forward in a way that respected the rights of individuals, but also meant that the database continued to be of use.
    • Advising on the implications of PECR and cookie consent where an organisation was collecting information for the purposes of profiling website visitors.
    • Working alongside commercial and litigation colleagues to advise on a data breach by a third party supplier that attempted to position itself as a processor post-breach to avoid responsibility. This advice looked at the position under data protection law, and used this to assist with terminating the contract.
    • Carrying out a data protection audit in relation to a company operating in more than one overseas territory to assess overall compliance, with follow up advice in relation to a bespoke data sharing agreement between entities, which included an IDTA and SCCs to cover both the UK and EEA entities.
    • Strategic advice on requests for information relating to a sensitive external report where the outcomes were in the public interest, but the report contained sensitive personal data.
    • Assisting clients with appeals to the Information Law Tribunal, including advising in relation to permission to appeal a decision to the Upper Tribunal. 

Vicki's areas of expertise

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them. Using this tool will set a cookie on your device to remember your preferences. For more detailed information about the cookies we use, see our Cookies page.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics cookies

We'd like to set Google Analytics cookies to help us to improve our website by collection and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.
For more information on how these cookies work, please see our Cookies page.