I am an Associate in the Litigation, Advisory and Regulatory Department. As an accredited Practitioner in Data Protection I have a wide range of information law and privacy experience advising clients on compliance with the General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations.
Having worked in-house for a number of years at a large listed consumer facing organisation, I have particular experience of advising heavily data focused businesses in the property and financial services sectors.
I have provided clients with support on data subject rights requests, governance arrangements including drafting and reviewing policies, training, privacy notices, responding to requests for disclosure of personal data from the police and other third parties, advising on data processing/sharing arrangements and associated contracts, marketing and consent reviews, data breaches and complaints and liaising with the Information Commissioner’s Office in relation to matters being investigated.
My experience includes advising on:
- the GDPR compliance project for a UK leading provider of financial and property services including providing training to all key stakeholders;
- data mapping and record keeping requirements;
- data sharing arrangements, including drafting and negotiating appropriate contractual clauses and advising on the processing of data internationally;
- marketing processes, including compliance with consent requirements, associated preference centres, opt-out wording and call centre scripts;
- data protection policies including providing input on data retention policies and breach notification policies and procedures;
- data protection customer complaints including claims for compensation and drafting associated communications with the ICO;
- data breaches including reports to be made to the ICO and data subjects and dealing with any connected ICO investigation;
- data subject rights requests. including in particular data subject access requests; and
- privacy and information law aspects of acquisitions and investments including conducting relevant data protection due diligence.