About

I am a London based Associate in Lewis Silkin's Data, Privacy and Cyber group. I advise on UK and EU data protection, AI governance and regulation, and cyber and digital regulation, including the UK GDPR and EU GDPR, the Data Protection Act 2018, PECR and ePrivacy, the EU AI Act, NIS2 and the EU Data Act. I have advised clients across multiple sectors, including technology, automotive, media and entertainment, gaming, financial services and life sciences.

I recently completed two secondments: one with a global automotive business, supporting multi jurisdiction privacy notice implementation (including connected vehicle notices) and advising on emerging data regulation; and one with a major entertainment and talent agency, where I led a UK wide data protection audit covering AI governance, children's data, off channel communications and DSAR readiness, and produced a detailed audit report.

Before joining Lewis Silkin, I worked in private practice advising multinational clients on complex privacy and cyber issues, and I have also spent time in house in Switzerland in the pharmaceutical and reinsurance sectors.

Experience

Data, privacy advisory

  • Advising on UK and EU privacy compliance, including transparency, lawful basis, special category data, cookies and direct marketing.
  • DPIAs and risk assessments for novel technology and large-scale processing, including coordinating local counsel input where needed.
  • International transfers advice (SCCs, UK IDTA and Addendum, EU US Data Privacy Framework, TIAs).
  • Data breach support from triage to notification strategy and stakeholder communications, including multi jurisdiction incidents.
  • DSAR strategy and delivery, including scoping, search strategy, review and exemptions, and ICO complaint handling.
  • Data protection due diligence on mergers and acquisitions, including post completion remediation planning.
  • Training delivery, including sessions through Lewis Silkin's Data Privacy and Cyber Academy

Data privacy commercial and operational

  • Reviewing privacy notices, cookie compliance and consent design, including dark patterns risk and LIAs.
  • Drafting and reviewing DPAs and data sharing arrangements, including bespoke agreements for talent and high-profile individuals and controllership analysis.
  • Preparing and updating RoPAs.
  • Governance documents and policies tailored to sector specific issues.

AI and data innovation

  • Reviewing AI supplier terms and DP addenda, including Article 28 position, transfers and model training restrictions.
  • Advising on EU AI Act deployer obligations and UK AI governance approaches, including policies, approval frameworks and rollout guidance for generative AI.
  • AI governance and workplace technology assessments, including biometrics and monitoring tools.

Cyber and operational resilience

  • Supporting NIS2 implementation work, including scoping and incident reporting obligations.
  • Advising on information security governance and DLP tooling.
  • Addressing off channel communications, retention gaps and incident response maturity.

Startups

Legal and business support for startups, founders and investors.

arrow_right_alt

Close up of a trio of transparent party balloons reflecting hundreds of discs of blue and orange light

Services

Data, privacy & cyberchevron_right