Skip to main content
Banking & Finance
Insurance & Reinsurance
PI & Clinical Negligence
Restructuring & Insolvency
Risk & Compliance
Wills & Probate
Firms, Chambers and Organisations
Professional Support Lawyer
Sam is the Commercial Professional Support Lawyer at DWF, working in all areas of commercial law, with a speciality in data protection and privacy law.
Before becoming a PSL, Sam spent 10 years in practice as a commercial solicitor, specialising in IT contracts. Since leaving practice, she has taught law and legal practice at undergraduate and postgraduate level and worked in legal learning and development.
Sam is responsible for developing and automating precedents, guidance notes and negotiation guides, and organising and delivering legal training. She has a special interest in working with DWF's legal technology specialists to provide innovative solutions for clients.
Assume two parties contract for services involving the processing of personal data on a controller-processor basis. If one of those entities (the controller or processor) had been required to designate an EU representative (Article 27 of Regulation (EU) 2016/679, General Data Protection Regulation), what, if any, additional provisions should each party seek to include in the data protection clauses of the agreement given that fact?
If a controller based outside the EEA transfers personal data to a processor in the EEA and that processor then returns that personal data to the non-EEA controller, is that return transfer a restricted transfer outside the EEA under the General Data Protection Regulation and what transfer mechanisms may the processor use to make the transfer lawful? Would the answer differ if the processor was transferring additional or amended personal data (as compared to that originally transferred by the controller)?
Organisation A (Host Organisation) was allowing Organisation B (Abandoning Organisation) to use its office space. Abandoning Organisation has now ceased trading and disappeared. Abandoning Organisation left various computer equipment (which is suspected to contain personal and other business data) at Host Organisation’s premises. What are Host Organisation’s obligations in respect of any such personal data on the equipment under the general data protection regulation (GDPR)? What steps can Host Organisation take to dispose of Abandoning Organisation’s equipment (and any associated personal data) in compliance with the GDPR?
Where a processor in a remaining EU state will transfer personal data back to a controller in the UK following a no-deal Brexit, might the parties entering into an agreement incorporating the processor's ‘Binding Corporate Rules for Processors’ suffice as an appropriate safeguard for that EU-to-UK transfer under Chapter V of Regulation (EU) 2016/679, the (EU) General Data Protection Regulation (GDPR) post-Brexit?
LLB European Law
University of Warwick
Legal Practice Course
Manchester Metropolitan University
If you expected to see yourself on this page,
0330 161 1234
Get in Touch
International Sales(Includes Middle East)
Latin America and the Caribbean
Supplier Payment Terms
Partner Alliance Programme
Manage your Cookie Settings
Terms & Conditions
Data Protection Inquiry
Protecting human rights: Our Modern Slavery Act Statement
Copyright © 2021