I am an information law specialist and advise clients on a broad range of data and privacy issues. My practice includes advising on the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications (EC Directive) Regulations 2003, Freedom of Information Act 2000, Environmental Information Regulations 2004, Access to Health Records Act 1990 and the common law duty of confidence.
I regularly advice on all aspects of information law, including large scale data sharing arrangements, privacy and cookies policies, direct marketing compliance, subject access requests, audits, and data breaches and enforcement action taken by the ICO.
I also assist clients with managing and responding to requests for information under the Freedom of Information Act 2000 and Environmental Information Regulations 2004, and provide ongoing support to clients on identifying exemptions, drafting responses, conducting internal reviews and advising on reputational risks.
- Advising a local authority in relation to vexatious requests received under the FOIA 2000.
- Advising clients on complex and large scale subject access requests under the GDPR and Data Protection Act 2018.
- Managing and responding to complex and wide ranging FOIA and EIR requests, including in relation to ongoing employee investigations, and disclosure of commercial contracts between Local Authorities and private sector contractors.
- Conducting a data protection audit on behalf of a housing association to assess their compliance with GDPR.
- Providing in-person training to an NHS Trust on how to handle subject access requests made under the GDPR and Data Protection Act 2018.
- Drafting and negotiating data sharing agreements relating to large scale residential housing projects and healthcare projects.
- Advising on international data transfers and the use of data processors.
Liability for data breaches: some good news
What are your data protection obligations during the COVID-19 pandemic...
Data Protection Fee – Do You Need to Pay?
Are you making referrals to the DBS?
GDPR: One Year On