Elaine Morrissey#12819

Elaine Morrissey

Privacy & AI Governance lawyer, Independent contributor
Elaine Morrissey is Founder and Director of Rock Consultancy, specialising in data protection and AI governance services.
As a privacy and AI governance lawyer with over 15 years of experience, Elaine has played key roles in establishing and maintaining Data Protection and AI Governance programs, leading initiatives around policy and procedure development, training frameworks, and vendor risk assessment processes. She holds certificates as CIPP/E, CIPM, and AIGP, and is an IAPP Fellow of Information Privacy.

Elaine serves on the IAPP Training Advisory Board for AI Governance. She is current Chair of the Law Society of Ireland's IP and Data Protection Law Committee (2025-2026).

Her experience spans senior roles at Dell Technologies as Privacy Counsel and EMEA Lead, ICON Plc as Privacy and AI Governance Lawyer & Assistant Global DPO, and Associate positions at McDowell Purcell Solicitors (now Fieldfisher) and DAC Beachcroft, focusing on data protection, professional indemnity, and regulatory matters.

Elaine is a regular speaker at industry events and contributes thought leadership on the intersection of data protection, privacy, and AI governance.


Contributed to

3

Ireland—Artificial intelligence in the workplace
Ireland—Artificial intelligence in the workplace
Practice Notes

This Practice Note provides an analysis of the use of artificial intelligence (AI) in the workplace, its infiltration into daily tasks and in managing the employment cycle in Ireland. It considers the application and likely impact of the EU’s Artificial Intelligence Act, Regulation (EU) 2024/1689 and discusses how this will affect risk management in the employment context.

Ireland—data protection impact assessment—artificial intelligence
Ireland—data protection impact assessment—artificial intelligence
Precedents

This Precedent data protection impact assessment (DPIA), which includes an initial screening questionnaire, is not intended for technical businesses that develop or deploy AI tools or systems as a commercial offering. It reflects requirements under the EU General Data Protection Regulation (EU GDPR), together with guidance set out by the Data Protection Commission (DPC) on the accountability and governance implications of AI.

Ireland—Policy—use of generative artificial intelligence
Ireland—Policy—use of generative artificial intelligence
Precedents

This Precedent is a generative artificial intelligence policy (Gen AI) for a company to use in relation to its staff. It deals with work-related and personal use of Gen AI—including general use in the workplace, use in internal processes, personal use (where during work time or using company resources), and the incorporation of Gen AI in any of the company’s products or services. It may be included as part of an employee handbook, or could be used as a stand-alone policy.

Practice Areas

Panel

  • Contributing Author

Qualified Year

  • 2008

Experience

  • ICON (2018 - 2024)

Membership

  • Law Society of Ireland Data Protection and Intellectual Property Committee
  • Law Society of Ireland
  • International Association of International Professionals (IAPP)

Qualifications

  • BBLS
  • Roll of Solicitors
  • Certification in Data Protection Practice
  • Certificate in Technology Law
  • IAPP CIPPe
  • IAPP CIPM
  • IAPP Fellow
  • IAPP AI Governance

Education

  • University College Dublin

If you expected to see yourself on this page, click here.