ELEANOR DODDING advises international clients on a wide range of data protection, privacy, and cybersecurity matters, including advising on compliance with both the EU and UK General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and ePrivacy legislative frameworks, such as the EU ePrivacy Directive and the UK Privacy and Electronic Communications Regulations (PECR), alongside new EU and UK AI, digital data, and cyber laws.
She advises clients in a range of industries, with a particular focus on those in the life sciences, asset management and private equity, insurance, retail, payments, and technology sectors.
Eleanor’s recent experience in assisting clients in matters involving privacy, cybersecurity, regulatory, and enforcement issues includes:
- Managing GDPR compliance projects for global clients with multiple entities, including those in the financial services, professional services, life sciences, media, and retail industries.
- Advising a technology client on EU telecoms and electronic communications issues, with a particular focus on product counselling.
- Ongoing counselling of a healthcare client with respect to its negotiation of clinical trial agreements with institutions and sponsors at a global level and related privacy and healthcare-compliance issues.
- Assisting clients with preparing for, and responding to, cybersecurity incidents and personal data breaches.
- Advising clients on issues associated with international data transfers (including compliance with Schrems II and the EU-U.S. Data Privacy Framework).
- Assisting with privacy and data security due diligence in connection with corporate transactions (e.g., M&A transactions).
- Advising clients on the EU’s package of new artificial intelligence and digital data legislation, including the EU AI Act and the European Health Data Space, as well as the EU’s cyber reforms, including the NISD2 and DORA, together with emerging UK privacy and digital data laws, including the Data Protection and Digital Information Bill.
- Developing external- and internal-facing policies, procedures, and notices to facilitate compliant data collection and handling, including privacy notices, data privacy policies, cybersecurity, and privacy risk assessments.
Eleanor is recommended for Data Protection, Privacy and Cybersecurity by The Legal 500 UK 2023.
Prior to Sidley, Eleanor trained as a solicitor at another international law firm, where she gained experience in the corporate, commercial, and litigation practices.