Emma is a Director and Head of Data Protection and Privacy in KPMG Law LLP. Before joining KPMG Law, Emma worked with one of the world’s largest consumer electronics companies where she was the lead privacy counsel on data protection compliance projects, cookies, the use of personal data in consumer and business products, management of data security incidents, complex personal data transfer arrangements, AdTech and marketing. As an in-house lead counsel for a multinational organisation, Emma has experience providing strategic and practical advice on all aspects of data protection and privacy law to business leaders and lawyers on a global scale.
Areas of expertise
Privacy law, data protection, AdTech
Expertise advising on:
AdTech: The legal implications of data processing in programmatic advertising to advertisers, demand and supply side platforms. The management of complex data mapping involved in the AdTech ecosystem and compliance with transparency obligations under GDPR in respect of online advertising.
International Data Transfers: Compliance with EU data protection law in respect of complex international transfers. Drafting contracts and safeguarding measures required to ensure that personal data is transferred in a lawful manner.
Management of Data Breach Incidents: Emma works with colleagues in the cybersecurity department of KPMG to provide a holistic response to a security incident for clients. She has extensive experience of liaising with data protection regulators in response to data breaches and advising clients in relation to communicating with individuals affected by a data breach. Emma also works with clients on drafting data breach response plans and running mock breaches to prepare for the prospect of a real incident occurring and to manage how an incident would be handled in reality.
Data Subject Rights: Ensuring adequate, accurate and timely responses are provided following receipt of rights requests. Emma also advises on the use of technology to assist with large scale rights requests and provides legal oversight in respect of complicated rights requests.
Data Protection by Design and Default: Compliance with data protection by design and default principles within the product lifecycle of major brands. Drafting the various documents required to ensure compliance with the principles of transparency and accountability under GDPR.