Caroline has extensive experience in commercial and information technology matters. Her particular specialism is UK and cross-jurisdictional data protection and privacy law and UK freedom of information law. She regularly advises global clients on international transfers of data, and UK clients on complex and sensitive data protection and freedom of information issues. She also advises on major IT procurement and outsourcing projects.

Caroline lectures on domestic and cross-jurisdictional data protection issues, and was named a notable practitioner in data protection law in Chambers UK.

Award Mouse thought multimedia interface book medal screen monitor
  • Advising a US based implementer of global HR databases utilising a cloud-based solution on the different forms of agreement required to satisfy EU compliance requirements, depending on the Safe Harbour status of its clients, and the capacity in which data is received from Europe, and on achieving Safe Harbour status as a pure processor and negotiating the relevant terms of individual agreements, with their clients.
  • Providing data protection training to clients in a variety of sectors, including IT, retail, leisure, customer services and financial services.
  • Advising businesses on all aspects of acquiring and lawfully using customer data, including usage in connection with advertising and marketing, both on and off line.
  • Advising a major US group with worldwide subsidiaries on a number of major international projects involving the transfer of personal data outside the EEA from 17 European jurisdictions. Projects have included outsourced IT projects, employment appraisal procedures, personnel administration, provision of international emergency assistance and insurance related matters. Caroline dealt with UK compliance and project-managed compliance across all affected jurisdictions, working both with data protection experts in our continental European offices and with independent lawyers in other countries. She also provided briefings, core summaries of requirements and training to key senior US and UK personnel.
  • Advising a leading global medical products company on compliance with European data protection law in its rollout of a global HR database, involving transfers of data to entities from a significant number of European countries outside the EEA both within the client group and to third party service providers.
  • Advising a number of major organisations in fields as varied as medical products, pensions and IT service providers on addressing data security breach issues, in some cases at UK level only, but in others involving the law of multiple jurisdictions.
  • Advising a number of global companies with US parents on the strategic advantages and disadvantages of Safe Harbour certification and use of the EC approved Model Clauses.
  • Advising a leading international financial services organisation on the complex interplay between European data protection laws and the requirements of the US pre-action discovery process.
  • Advising major organisations, both private and public sector, on dealing with highly sensitive and complex data subject access requests, usually made in the context of an employment or other dispute, and in dealing (successfully) with complaints to the Information Commissioner.
  • Devising and leading the team producing DATAedge, a unique UK data protection law compliance kit, commended by the Information Commissioner, now in its 5th edition. DATAedge provides core user friendly guidance, checklists, procedures and documents, in hard copy and CD Rom format.
  • Advising a variety of businesses on monitoring and interception of communications.


  • College of Law, London, Law Society Finals, 1980
  • University of Oxford, M.A., 1979


  • England and Wales, 1982
  • Recommended in The Legal 500 UK 2017 for Intellectual property
  • Recommended in the 2012 edition of The Legal 500 UK

{{}} {{insights.source}} {{insights.type}}
Award Mouse thought multimedia interface book medal screen monitor