Alexandra Gill Principal Associate

Alexandra Gill

Alexandra is a London-based principal associate who advises on a wide range of data protection and privacy-related matters, with a particular emphasis on providing non-contentious advice. Examples of her recent experience includes: data protection policies and governance, privacy notices, data protection impact assessments, legitimate interests assessments, lawful grounds of processing, as well as data subject rights and international data transfers outside of the United Kingdom post-Brexit. She also helps clients comply with e-privacy and freedom of information obligations.

Prior to joining Gowling WLG, Alex trained and qualified into the data protection team of another top tier London law firm, before relocating to the Island of Guernsey where she was raised.

As part of her time in Guernsey, Alex sat as a legal representative on the Guernsey Government's Data Protection working party, where she advised on the implementation of Guernsey's GDPR-equivalent data protection legislation and made representations to the Office of the Data Protection Authority on behalf of the financial services industry in connection with Guernsey-specific lawful bases and exemptions.

Alex has broad experience advising private and public sector organisations on data protection-related issues. She has also undertaken a number of client secondments including financial services, media and a sports governing body. She is also CIPP-E qualified and a member of the International Association of Privacy Professionals (IAPP).

She enjoys breaking down complex concepts and providing clear and easy-to-understand advice to clients to enable them to make informed decisions based on best practice guidance.

Experience

Pensions and insurance

• Advised as part of a cross-jurisdictional team, on the offshore data protection requirements necessary to enable a UK pension trustee to share member data to a third party longevity analytics company and assisting with the preparation of a data management agreement as part of the information governance arrangements.
• Lead data protection lawyer in respect of a share sale in a regulated insurance company to a Bermudian reinsurer for an undisclosed figure. Continued to advise the insurance company post-acquisition on data protection compliance issues.
• Negotiated the data protection terms of a complex reinsurance agreement including the transfer mechanisms necessary to ensure the lawful transfer to third country without adequacy.
• Advising various pension trustees on the disclosure of member data to multiple jurisdictions outside of the EEA.

Other financial services/institutions

• Advised various banks on information governance and data protection compliance from a local law perspective which helped to inform the strategy at group level. Advice included contributing to and coordinating cross-jurisdictional advice on AML/CFT data strategies as well as cross-border issues relating to IT outsourcing.

• Advised various financial service providers (including corporate and company secretarial service providers and corporate trustees) on various data protection issues. This included advice to a corporate trustee regarding a breach of confidentiality when a third party provided a data protection notice to a group of discretionary beneficiaries who did not know that they might have an interest in a trust.
• Advised a FinTech company with the data protection implications of putting in place a 'refer a friend' marketing scheme.
• Advised a fund and a corporate trustee in relation to data subject access requests served by individuals who had existing complaints with the organisations.

Real estate, property and planning

• Advised UK housing association on specific concerns in relation to CCTV enabled systems and surveillance and the disclosure of data in the context of a disclosure request.
• Advised an AIM quoted investment company and development group with updating the online privacy and cookies notice for it development of a 30-plus acre site in one of the UK's cities.
• Supporting Gowling WLG Projects team in connection with the development of a waste facility including reviewing and negotiating the data protection clauses and consideration of the data protection roles of the parties.
• Advised one of the UK's leading providers of affordable housing on its data obligations in connection with the creation of a development joint venture to build new homes and an investment joint venture to provide social housing. Role principally involved providing specialist data protection advice in connection with several supply agreements between each joint venture vehicle and the management companies, understanding and mapping the data flows, assessing the risks associated with the relevant processing and preparing and negotiating the data protection provisions for each agreement with each party's relevant external legal counsel.

Energy and utilities

• Advised a licensed utilities provider in connection with a personal data breach and sanctions by a supervisory authority; including conducting investigation of client's data handling practices and business processes across senior levels of business.
• Supporting Gowling WLG's energy team with the review and negotiation of data protection clauses as part of a multi-party sector wide governance contract.
• Advising in relation to the data protection aspects of a company trading energy data.

Automotive

• Advised the UK affiliate of a global car manufacturer with the launch of a new online e-commerce platform and assisted the Group company HQ with their intragroup group data sharing and framework agreement. The new initiative is the first time that a non-franchisee (i.e. the group as opposed to a dealer) will develop a direct relationship with the underlying customer in the UK and poses different challenges for the wider group from a data protection perspective.
• Advising another global manufacturer with the launch of a new consumer-facing app.
• Advised the UK subsidiary of one of the world's largest dealers responsible for selling industrial machinery and parts with complex issues regarding the legal framework governing the disclosure of COVID vaccination and on-site COVID testing in the UK.

Public Procurement

• Provided specialist data protection advice to the Ministry of Defence in connection with the re-procurement of marine services. Advice included speaking to various stakeholders to understand the nature of the data being processed (which included employee data transferred for the purposes of TUPE) and the processing activities being undertaken in connection with the relevant services (such as the disclosure of personal data required to comply with International Maritime Regulations).