Overview

Jonathan advises clients on all areas of UK and EU data protection law, including GDPR, e-commerce, incident response, online privacy and general compliance work. Jonathan is experienced in managing global compliance projects and drafting, advising and negotiating a variety of commercial contracts, including data processing and outsourcing agreements. Jonathan also advises clients in response to security incidents, including liaising with and advising key stakeholders and preparing notifications to the regulator and affected individuals.

In addition, Jonathan has experience in assisting clients with day-to-day HR matters, including drafting complex employment documentation, advising on data protection issues in the workplace, and handling labor and employment disputes, including unfair dismissal and discrimination claims.

Experience

  • Advising a global provider of water, hygiene and energy technologies, and services to the food, energy, healthcare, industrial and hospitality markets on the data protection law issues arising from the implementation of a centralized HR software system. The system will be used by the client's group of companies in the 170 countries in which it operates. Involved coordinating with clients’ local offices and local data protection authorities, as well as drafting data transfer agreements.
  • Assisting with breach response for one of the UK's largest heart disease charities: liaising with and advising key stakeholders, and assisting with preparation of preliminary notification to ICO. Also providing day-to-day advisory services, including updating documentation in line with GDPR requirements, advising on use of Google web beacons, introduction of new e-card service, and direct marketing campaigns.
  • Advising one of the UK’s largest family-owned construction companies on a wide range of data protection issues, in particular the implementation of a biometric security system and drugs/alcohol testing.
  • Advising a leading provider of relocation services on compliance with UK data protection legislation including on transfers of personal data relating to employees of the client's customers to countries outside the EEA (including the USA and other countries with inadequate data protection regimes).
  • Advising one of the world’s largest technology companies on a number of data privacy issues, including age verification issues.
  • Drafting Binding Corporate Rules for one of the world’s largest online payment providers, and assisting with developing its privacy infrastructure.
  • Drafting GDPR compliant policies and other documentation for a Japanese multinational electronics corporation, including data processing register, template Data Protection Impact Assessment and Privacy Policy for all global entities.
  • Managing data protection audits for a number of clients, including the above mentioned construction company, a well-known private bank and one of the longest established private equity investment firms in Europe.
  • Advising a specialist real estate developer on its data protection compliance policies and preparing/updating policies.
  • Advising US-headquartered companies on the implementation of intra-group model clauses.
  • Advising a number of clients on the data protection aspects of their outsourcing arrangements.
  • Design and delivery of online data protection training, including e-learning introductory courses and bespoke in-house training to a large UK cancer charity.
  • Advising a range of professional service providers in connection with various subject access requests, including dealing with ICO in response to complaints.
  • Advising on data protection issues as part of employment tribunal proceedings against largest private sector provider of immigration detainee escorting services, securing a large settlement for client.
  • Assisting on team advising a client on a major international data protection compliance project. Required the coordination of data protection legal advice across more than 30 countries in five continents, involving the analysis of hundreds of data transfer routes.
  • Regularly advising employers on data protection issues involving employee data and drafting policies.
  • Regularly involved in resisting and pursuing data subject access requests.

Insights

Publications

Education

GDL, BPP Law School, 2008

BA, King’s College London, 2006

Admissions

England and Wales (Solicitor)

Jump to Page