Louisa is a data protection specialist, experienced in assisting a broad spectrum of clients navigate the evolving landscape of data protection regulation across the UK and EU.
Louisa’s practice covers advising clients on a wide range of data protection and privacy strategic issues, including taking the lead on large scale GDPR compliance programmes, advising on complex data sharing arrangements, undertaking data protection impact assessments, handling large scale personal data breaches, and assisting clients in engaging with data protection authorities on a variety of topics.
Louisa has experience in numerous sectors including the public sector, financial services and digital sector. As well as this, Louisa has undertaken a number of client secondments (including at the Financial Conduct Authority). She is able to use this first-hand, practical experience to provide strategic and commercial advice to our clients.
Jurisdiction: England & Wales
Privacy by design: advising a number of organisations on implementing privacy by design in the procurement and development of new systems or processing activities; in particular, the design and development of major and innovative software to enable more effective data sharing of sensitive personal data between certain emergency services and local authorities. This work has included identifying and addressing privacy issues during the design phase of a project or product, undertaking data protection impact assessments, and advising on compliance and risk tolerance.
Data breaches: acting as the “go to” contact for EU personal data breaches for a number of multinational clients (including a global insurance company and a multinational conglomerate company). This work has included developing appropriate policies and procedures for dealing with data breaches, advising on whether incidents qualify as personal data breaches under the GDPR and, if so, whether those breaches are notifiable to a supervisory authority, customers and data subjects, drafting notifications and acting as an interface with the ICO for reported breaches.
Data subjects rights: advising various clients, including a major digital travel review platform, a global insurance company, a multinational consultancy firm and a number of US universities on handling data subject rights requests. This work has included assisting with the development of appropriate policies and procedures for dealing with rights requests, assessing whether a right applies and how best to respond, taking a risk based approach to applying exemptions and redactions in relation to data subject access requests, and advising on strategy and interacting with the ICO in response to investigations into complaints from data subjects.