Sian started her career in data privacy as a solicitor in the Information Commissioner’s Office (ICO) and has considerable experience in advising on a wide range of data privacy matters.

Sian’s specific area of focus is advising multinational companies on how to develop and implement cross-border compliance programmes by means of controller and processor Binding Corporate Rules (BCR). Her involvement in this area goes back to her time at the ICO where she was involved in the development of BCR as part of the Article 29 Working Party’s BCR sub-group. Sian is able to draw on this experience in her current role as counsel in the Privacy and Information Management Group. Since returning to private practice in 2007, Sian has advised on a large number of successful BCR applications. This has involved drafting policies and procedures, managing the interaction between the applicant and the data protection authorities, and advising on the measures needed to embed the BCR within the organisation.

Sian was involved in the authorisation process of one of the first BCR for processor applications to be approved by the data protection authorities in the EU. Her work at the ICO also involved providing advice on the interpretation of the Freedom of Information Act and since leaving the ICO she has advised both private and public sector bodies in this area.