I am a UK lawyer who advises on data protection matters from a risk and governance, workplace, and commercial perspective. Taking a pragmatic, risk-based approach to compliance, I work with clients to address their data privacy issues in a way that is proportionate and practical.
Sitting within both Lewis Silkin’s data, privacy & cyber group and top-tier employment law division, I advise leading multinational organisations on data privacy issues.
I have considerable experience of running projects across multiple jurisdictions, both inside and outside the EU, and work with clients in the media & entertainment, tech, finance, legal, and marketing sectors.
I have particular expertise in:
- GDPR compliance strategy;
- data privacy as part of GRC, and building effective privacy policies and processes;
- information security and acceptable use - including ISO27001/2 requirements;
- transparency requirements, including internal and external privacy notices;
- data protection impact assessments (DPIAs);
- data processing agreements (DPAs) and data sharing agreements, including Schrems II risk mitigation and intra-group data sharing;
- data subject access requests (DSARs) and other rights requests;
- data breaches and data breach reporting;
- regulatory investigations;
- data retention strategy;
- Covid-19 testing and the collection and use of vaccination data;
- diversity and inclusion monitoring;
- employee vetting and background checks.
Some of my recent work highlights include:
- Advising large multi-nationals on the update of their global information security policies and alignment to ISO27001.
- Advising multiple clients on the use of the 2021 SCCs and UK Addendum in relation to both internal and external data sharing, including relevant Schrems II "Transfer Impact Assessments".
- Carrying out several projects assisting global businesses on their approach to the retention of personal data across multiple jurisdictions.
- Advising multiple clients on their cross-border global diversity and inclusion initiatives, including practical steps for the management of associated data privacy risks; and
- advising on the processing of data relating to criminal offences and the intersection of data privacy laws with industry-specific regulatory requirements (for example, those applicable in the legal and financial services industries).
Awards and Recognition
- Rising Star in Legal 500 2022 (Data Protection)
- Legal 500 2021 (Employment) - ‘Tom Ford has a fantastic balance of employment and data privacy knowledge'