Andrea Ward serves as a director in the Data Privacy & Cybersecurity Practice. She has a multitude of experience advising on data protection laws and compliance with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018.

    Andrea assists clients on data breach and reporting requirements, including liaising with the ICO. She advises on and drafts privacy documentation, including notices, policies and contracts, and provides guidance on data subject rights, such as subject access requests. Andrea is also interested in social media, employee privacy, monitoring and BYOD, electronic marketing, data sharing, cross-border transfers and compliance hotlines. Her experience includes counseling clients on these issues in a wide range of industries, encompassing companies in technology, healthcare, life sciences, insurance, manufacturing, recruitment, financial services, automotive and retail.

    Andrea holds the CIPP/E certification as a Certified Information Privacy Professional from the International Association of Privacy Professionals (IAPP) and regularly presents and provides training on data protection topics.

    Award Mouse thought multimedia interface book medal screen monitor
    • Advised a US-based software company on data processing obligations under the GDPR and assisting with amendments to UK staff contracts, revisions to service agreements and responses to client questionnaires.
    • Advised a European holiday home provider on GDPR accountability and compliance requirements, including data audit, completion of privacy notices and staff training.
    • Advised a US market research video insight platform on GDPR requirements, reviewing and amending existing policies and contract terms.
    • Advised a US-based financial services technology company on GDPR readiness, including data mapping and review of company policies, data processing, transfers, consent, legitimate interests and contracts, for employee and customer data sets.
    • Provided in-house training to a multinational pharmaceutical company on GDPR standards and privacy program requirements.
    • Advised on EU and UK data protection laws applicable to the use of DNA technology/genetic/biometric testing in the US.
    • Reviewed a DPIA toolkit for GDPR, including analysis of steps and high risk processing for an international company.
    • Provided training for a US telecommunications holding company and internet service provider on UK aspects of data protection and employment laws related to social media and Bring Your Own Device (BYOD).
    • Advised a large pharmaceutical company on UK data protection issues for draft privacy notices and amendments to contracts of employment, including advice on privacy notices to job applicants.
    • Provided training to a US-based worldwide healthcare company on data protection/privacy and security topics, including European law and the GDPR, data breach notification, enforcement and penalties, employment issues (security and awareness, training of employees, contracts and policies) and social media and privacy.
    • Advised a UK military charity for injured servicemen and women on data protection issues, including policies for staff and volunteers, on a pro bono basis.

    Education

    • University of Law, L.P.C., Commendation, 2001
    • University of Manchester, LL.B., with honors, 1999

    Admissions

    • Solicitor of England and Wales, 2003

    Memberships and Affiliations

    • Law Society of England & Wales, Member
    • International Association of Privacy Professionals (IAPP), Member

    • Speaker, “Snooping On Your Staff – Privacy or Prying?”, IAPP Data Protection Intensive, London, April 18, 2018.
    • Speaker, "HR & GDPR Overview," GDPR Summit London, October 9, 2017.
    • Author, "Doing Business Online? Ensure You Don't Get Penalised For Data Protection Breaches," Real Business, May 23, 2017.

    Award Mouse thought multimedia interface book medal screen monitor