Focusing on data protection/privacy/information law, I advise clients from a variety of sectors, particularly technology (as I have computing science degrees and tech expertise, particularly regarding cloud computing and also security issues), and banking/financial services (having formerly practised as a finance/corporate insolvency lawyer). Most of my work is for large multinationals, whether based in the UK/EU or elsewhere, who require assistance with multi-country matters.

I assist clients with issues of practical compliance, implementation and application under the GDPR and UK Data Protection Act 2018, ePrivacy Directive (cookie law, e-marketing), and also security-related laws such as the EU NIS Directive. I advise on the usual range of matters, involving operationalisation as well as content, from legal basis (including legitimate interests assessments), privacy notices, cookie notices/banners, data processing/sharing agreements and international transfer arrangements (my book on transfers was recommended to be read “by every data protection supervisory authority and law-maker in Europe”), to data protection impact assessments for new projects/products, technical and organisational measures for security and data protection by design and by default, and broader governance and strategic issues.

I also advise clients on dealing with security incidents, including their notifiability and notifications, and on handling data subject requests.

I am an Editor of the Encyclopedia of Data Protection and Privacy, an i100 volunteer (part-time) with the UK’s National Cyber Security Centre, and a guest lecturer on data protection law at Imperial College London. I was previously a volunteer with the UK ICO 2018-19, an invited observer to CISPE (the Cloud Infrastructure Services Providers in Europe) 2017-2018, and a member of the British Computer Society’s Information Privacy Expert Panel 2015-2017. I was lead author of eight chapters of Cloud Computing Law (OUP 2013), including the four chapters on data protection, and contributed to ENISA’s 2017 report on blockchain and security for financial institutions. My articles, many with collaborators, have been published e.g. by the Journal of International Data Privacy Law, Society for Computers and Law and Stanford Technology Law Review.

I regularly speak at industry and other events, having presented at Privacy Laws & Business’ annual conference and for Computing, TechUK and the UK Cabinet Office.

In my spare time, I sing second soprano with the BBC Symphony Chorus, London Symphony Chorus and other choral or opera groups.