Alexandra is a London-based principal associate who advises on a wide range of data protection and privacy-related matters, with a particular emphasis on providing non-contentious advice. Examples of her recent experience includes: data protection policies and governance, privacy notices, data protection impact assessments, legitimate interests assessments, lawful grounds of processing, as well as data subject rights, e-privacy and international data transfers outside of the United Kingdom post-Brexit.
Prior to joining Gowling WLG, Alex trained and qualified into the data protection team of another top tier London law firm, before relocating to the Island of Guernsey where she was raised.
As part of her time in Guernsey, Alex sat as a legal representative on the Guernsey Government's Data Protection working party, where she advised on the implementation of Guernsey's GDPR-equivalent data protection legislation and made representations to the Office of the Data Protection Authority on behalf of the financial services industry in connection with Guernsey-specific lawful bases and exemptions.
Alex has broad experience advising private and public sector organisations on data protection-related issues. She has also undertaken a number of client secondments including financial services, media and a sports governing body. She is also CIPP-E qualified and a member of the International Association of Privacy Professionals (IAPP).
She enjoys communicating complex concepts and advice to clients in a way to ensure that they are able to make commercially viable and informed decisions based on the latest best practice guidance.
Pensions and insurance
- Advised as part of a cross-jurisdictional team, on the offshore data protection requirements necessary to enable a UK pension trustee to share member data to a third party longevity analytics company and assisting with the preparation of a data management agreement as part of the information governance arrangements.
- Lead data protection lawyer in respect of a share sale in a regulated insurance company to a Bermudian reinsurer for an undisclosed figure. Continued to advise the insurance company post-acquisition on data protection compliance issues.
- Negotiated the data protection terms of a complex reinsurance agreement including the transfer mechanisms necessary to ensure the lawful transfer to third country without adequacy.
- Advising various pension trustees on the disclosure of member data to multiple jurisdictions outside of the EEA.
Other financial services/institutions
- Advised various banks on information governance and data protection compliance from a local law perspective which helped to inform the strategy at group level. Advice included contributing to and coordinating cross-jurisdictional advice on AML/CFT data strategies as well as cross-border issues relating to IT outsourcing.
- Advised various financial service providers (including corporate and company secretarial service providers and corporate trustees) on various data protection issues. This included advice to a corporate trustee regarding a breach of confidentiality when a third party provided a data protection notice to a group of discretionary beneficiaries who did not know that they might have an interest in a trust.
- Advised a FinTech company with the data protection implications of putting in place a 'refer a friend' marketing scheme.
- Advised a fund and a corporate trustee in relation to data subject access requests served by individuals who had existing complaints with the organisations.
- Advised UK housing association on specific concerns in relation to CCTV enabled systems and surveillance and the disclosure of data in the context of a disclosure request.
- Advised an AIM quoted investment company and development group with updating the online privacy and cookies notice for it development of a 30-plus acre site in one of the UK's cities.
- Supporting Gowling WLG real estate team in connection with the development of a waste facility including reviewing and negotiating the data protection clauses and consideration of the data protection roles of the parties.
Energy and utilities
- Advised a licensed utilities provider in connection with a personal data breach and sanctions by a supervisory authority; including conducting investigation of client's data handling practices and business processes across senior levels of business.
- Supporting Gowling WLG's energy team with the review and negotiation of data protection clauses as part of a multi-party sector wide governance contract.
- Advising in relation to the data protection aspects of a company trading energy data.
- Advised the UK affiliate of a global car manufacturer with the launch of an new online e-commerce platform and assisted the Group company HQ with their intragroup group data sharing and framework agreement. The new initiative is the first time that a non-franchisee (i.e. the group as opposed to a dealer) will develop a direct relationship with the underlying customer in the UK and poses different challenges for the wider group from a data protection perspective.
- Advising another global manufacturer with the launch of a new consumer-facing app.
- Advised the UK subsidiary of one of the world's largest dealers responsible for selling industrial machinery and parts with complex issues regarding the legal framework governing the disclosure of COVID vaccination and on-site COVID testing in the UK.