Advising a cloud based provider on creating processor BCR, including discussions with the CNIL acting as lead authority
Sian started her career in data privacy as a solicitor in the Information Commissioner's Office (ICO) and has considerable experience in advising on a wide range of data privacy matters.
Sian's specific area of focus is advising multinational companies on how to develop and implement cross-border compliance programmes by means of controller and processor Binding Corporate Rules (BCR). Her involvement in this area goes back to her time at the ICO where she was involved in the development of BCR as part of the Article 29 Working Party's BCR sub-group. Sian is able to draw on this experience in her current role as counsel in the Privacy and Information Management Group. Since returning to private practice in 2007, Sian has advised on a large number of successful BCR applications. This has involved drafting policies and procedures, managing the interaction between the applicant and the data protection authorities, and advising on the measures needed to embed the BCR within the organisation.
Sian was involved in the authorisation process of one of the first BCR for processor applications to be approved by the data protection authorities in the EU. Her work at the ICO also involved providing advice on the interpretation of the Freedom of Information Act and since leaving the ICO she has advised both private and public sector bodies in this area.
Advising a company in the UK financial services sector on its 'Bring Your Own Device Policy.'
Providing advice to a global organisation on the privacy implications of introducing a data loss prevention tool.
Advising a multinational financial institution on the drafting of an intra-group data transfer agreement.