This Candidate has been working at a specialist Data Protection Law Firm for the past 4 years. Their training contract was set up in a way to develop them as a subject matter expert in Data Protection, so has much more experience than an NQ who may have only done one seat in Data Protection.

They have been offered a role at a Specialist Law Firm however as they have been there since 2021, they are keen to experience working somewhere else.

Whilst they are very passionate about Data Protection they understand this is one area that falls within the umbrella of Risk & Compliance. In their next role, they would love the opportunity to continue developing their DP knowledge, whilst also getting the chance to learn more about the broader areas of Risk & Compliance.

Experience

Trainee Solicitor | Specialist Law Firm | Feb 2021 - Present

Following 12 months of employment as a paralegal, the directors were impressed by my inquisitiveness, tenacity and dedication to data protection laws and offered me a training contract at the firm. During my training contract, I have been exposed to a broad range of clients operating in various sectors, including advising a number of Magic Circle law firms on their data protection compliance programmes. I have experience advising clients operating nationally as well as multi-national entities.

My experience and knowledge will be an asset to your firm for the following reasons:

• I have experience reporting to client’s C suite as well as reporting on data protection issues to the board of directors. I have worked with several directors to build and deliver privacy strategies. Most recently I worked with a Privacy Director of a global travel company to engage US counsel and Chinese counsel to build a global data protection compliance programme and implement this within the organisation, with the consideration of the EU and UK GDPR as the ‘gold standard’ for compliance with nuanced breakaways where local laws require.
• I have conducted data protection compliance audits on organisations' overall compliance with the GDPR and managed projects of remediation where there are gaps in compliance. Moreover, I have experience conducting area/team-specific compliance audits to ensure that all areas of the client’s organisation remain aligned with current data protection laws and guidance.
• I have experience creating tailored data protection policies and procedures. Most recently I created a ‘Use of Generative AI in the Workplace’ policy and worked with a Chief Technology Officer to roll this out accordingly.
• I am confident in responding to data breaches which range from impacting the rights and freedoms of one individual to those which impact the rights and freedoms of millions of individuals. I am able to work under this pressure and assess whether such incidents require reporting to the relevant regulators.
• As appointed DPO for a number of clients, I run and maintain data protection programmes of work which ensure that data protection policies and procedures are reviewed at least annually to ensure that any changes in law and regulation are reflected. This also includes ensuring that ICO registrations are up-to-date and accurate.
• I stay up to date with developments in an everchanging regulatory landscape by drafting articles for the website and presenting on a number of webinars concerning various areas of data protection compliance.
• I have experience advising clients on product development from inception to completion. Most recently I have advised a leading dating app on changes to the interface/offering of the app. I worked with the product team to gather information on how the new product features will operate and advised on privacy risks and how to remediate these risks to ensure that privacy by design and default is considered.
• I have created and delivered data protection and information security training to an array of clients and am confident in delivering this both in person and online.
• I am a subject matter expert in cookie compliance and have led teams within organisations to complete cookie audits, amend cookie consent banners, amend cookie preference centres and redraft and reissue cookie notices. Most recently I have led a team in reconfiguring a cookie banner to include ‘reject all’ on the first layer of the banner to ensure that it is in line with recent ICO guidance.
• I have experience completing data protection impact assessments on a number of topics. Most recently I have completed assessments on the use of data scraping by a global CRM system and worked with the client’s product teams to remediate risk.
• I have extensive experience liaising with regulators following complaints from data subjects. This involves drafting letters of response to various data protection regulators, including the ICO, CNIL and Garante as well as to data subjects setting out client’s processes in relation to erasure requests and subject access requests.
• I enjoy drafting and reviewing data protection provisions in contracts.
• Most recently I have drafted bespoke data sharing agreements for a credit broker client who wanted to customer open banking data with lenders on their panel for research and development purposes. I was able to draft the data-sharing agreement so that the purpose for which the data was shared was tight and that the lenders could not use this valuable data for any other purposes.
• Advising on a range of data protection matters, including but not limited to the use of personal data for the purposes of training artificial intelligence models, the use of special category data for nuanced processed activities and compliance with the GDPR and ePrivacy Directive for the purposes of online tracking.
• I have conducted transfer impact assessments for cross-border transfers for both multi-national organisations as well as for the engagement of third parties residing in a third country.
• I am confident in my ability to conduct and review due diligence questionnaires, as well as reverting on areas of the due diligence which require clarification or amendment. I also have experience responding to due diligence questionnaires which set out a client’s data protection practices when they engage with a new client.

Trainee Solicitor (Secondment) | Financial-Technology Company | Oct 2023 - Jan 2024

As part of my training contract, I was seconded for an initial period of three months. After this initial period, they requested that I stay on for an additional two months as I had made an impression with the C suite who saw the meticulous quality and value in the work I was delivering.
This led to a two-week period, in which I had full responsibility for the day-to-day legal operations whilst the Legal Team was on annual leave.

• Provided ad-hoc advice on a range of BAU activities, including advice on data sharing, advice on data breaches and advice on new uses of personal data and product development. Most notably, providing advice on the sharing of open banking data with lenders for research and product development purposes.
• Reviewing and amending Terms of Use in light of the New Consumer Duty.
• Drafted several bespoke employment contracts for individuals being promoted to the Management Team. Such contracts required the inclusion of clauses pertaining to the Senior Managers and Certification Regime (SMCR) as these individuals were being promoted to a regulated role.
• Reviewed and amended NDAs between the company and household lender names. I am confident in reviewing clauses in agreements and pushing back where the clause is not commercially appropriate for the client.
• Conducted and approved due diligence on third-party suppliers and/or lenders.
• Conducted annual due diligence on suppliers.
• Reviewed and negotiated terms, framework agreements and contract variations with lenders. Where amendments were made, I worked with the commercial team to ensure that these changes could be accepted from both a commercial and legal point of view.
• Drafted policies, most notably on the use of AI in the Workplace Policy and presented the practicalities of the policy during a town hall meeting.

Legal and Compliance Executive Financial Services Aug 2020 - Dec 2020

• Drafted and implemented a new suite of data protection policies and procedures which did not previously exist.
• Conducted a data mapping exercise to build the Record of Processing Activity and determine suppliers to begin a Standard Contractual Clauses (SCCs) remediation project following the Schrems II decision.
• Amended client terms during the onboarding and integration process to ensure the client terms meet FCA standards in relation to investing private funds.
• Drafted a training programme for the implementation of the SMCR.
• Reviewed the diversity and inclusion programme and created a diversity hub on internal systems where employees can look to for further material.

Legal Internship | Global Financial-Technology Company | Dec 2018 - Jul 2020

My internship was for an initial period of one week, however, the General Counsel extended this for a period of 18 months due to my tenacity and willingness to learn and develop my skill set.

• Contacted and built relationships with US State financial regulators to gain a total of 10 'agent of payee' exemptions. This included presenting the business plan to regulators when requested and explaining how the business model meant that it was exempt from gaining a money transmitter license.
• Worked with the Data Protection Officer to begin the project planning the SCCs remediation project, ahead of the Schrems II judgement.
• Updated the GDPR due diligence register. Using tools such as One Trust, I was able to conduct meetings with privacy champions and take the register from 69% complete to 95%.
• Reviewed the use of cookies on the website and advised the business of the categorisation of cookies.
• Authored a horizon-scanning framework which informed the business of key regulatory changes within the payments sector.
• Begun the process of working with the Sales Team to create a contract playbook.

Education

LPC | 2021 - 2023
Awaiting results however a commendation is guaranteed on current grades

GDL with MA incorporated | Distinction | 2018 - 2020

BA Honours English & Philosophy | 2:1| 2014 - 2017