About

I am a Legal Director in Lewis Silkin's Data, Privacy & Cyber team, where I advise leading multinational organisations across a range of industries on data, privacy and cyber issues.

I assist clients with a wide variety of data and privacy compliance matters including general compliance strategy, audits and assessments; online advertising, direct marketing and cookies; data sharing and data processing arrangements; privacy policy/privacy notice reviews; international data transfers; and privacy-related aspects of new technologies, products and services. In addition, I regularly assist clients with contentious data and privacy work, including data breaches, data subject requests and complaints, and regulatory investigations. I also advise clients on AI governance and strategy and the data privacy aspects of implementing AI solutions.

I hold the IAPP CIPP/E data protection certification, and regularly speak at events and conferences on data and privacy issues.

Experience

Data, privacy & cyber

  • Leading GDPR compliance projects for clients in a wide variety of industries (including consumer goods and retail, technology, financial services and healthcare), including conducting compliance assessments and advising on recommended implementation steps
  • Drafting, negotiating and advising on data processing and data sharing agreements
  • Providing strategic advice on international data transfers, including standard contractual clauses and transfer impact assessments
  • Advising on data protection compliance in the context of online advertising and adtech solutions
  • Advising on direct marketing and cookie compliance
  • Assisting clients with responding to data subject complaints and requests, including subject access, erasure and direct marketing opt-outs, as well as data subject compensation claims
  • Advising on data protection issues in the context of M&A transactions, including due diligence and negotiation of data protection terms
  • Advising a number of clients on their AI strategy and governance, including advising on the implications of the EU's AI Act, developing policies and guidance around the use of AI, and carrying out data protection impact assessments in relation to various AI solutions
  • Advising on data security breaches and incident response
  • Advising a large multinational organisation on a major regulatory investigation

Testimonials

arrow_back
"Joanna de Fonseka is very knowledgeable in privacy and data protection. She provides pragmatic business guidance."
Chambers & Partners
arrow_forward

Services

Sectors