Katie Hewson


Katie is a data protection specialist who leads the firm’s data protection practice. She has significant experience advising clients across a variety of sectors, including retail, transport, financial services, analytics and life sciences, and holds a Certified Information Privacy Professional Europe (CIPP/E) accreditation from the International Association of Privacy Professionals.

Katie is recognised as a Next Generation Partner for data protection, privacy and cyber security by The Legal 500 UK 2022, in which she is described as “outstanding” and it is noted that her "legal advice is always incredibly commercially minded and her understanding of the technical aspects of privacy is unparalleled" (The Legal 500 UK 2022).

Katie has extensive experience leading international GDPR compliance projects and also advises on data protection contracts, transparency issues, international personal data transfers, data sharing, cyber security and personal data breaches. She also advises a variety of clients on direct marketing, ad tech, social media and cookies issues under the e-privacy regime.

Katie has also acted for clients facing ICO enforcement action on potential data protection and freedom of information law breaches, winning successful outcomes for her clients in relation to subject access requests, breach reporting and FOIA requests. She has helped clients with the data protection impacts of Brexit and coronavirus and has also advised on the complex legal issues in facial recognition, AI and profiling.

Katie is a member of the International Network of Privacy Law Professionals, a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters.

  • Advised an international bank on its GDPR compliance programme, providing a full suite of services including close involvement in the bank's data mapping exercise and gap analysis. Continues to advise as the programme matures.
  • Advised a leading wellbeing chain in response to an ICO investigation into its direct marketing practices.
  • Advised a financial institution on a data breach that resulted in hackers gaining unauthorised access to extremely sensitive personal data, which resulted in a third party being exposed to a significant financial loss. This included advising on all aspects of incident response including making relevant notifications to affected data subjects, the ICO, insurers, and the police, and potential disputes with third parties.
  • Provided data privacy advice and drafted terms for a leading pharma company's healthcare apps.
  • Advised in relation to two substantial representative actions against major technology companies arising from potential systemic breaches of data protection legislation, including in relation to children's data.
  • Helped an airline handle a high profile data subject access request that was subject to extensive publicity.
  • Advised a leading high street retailer on GDPR compliance and documentation for employee and customer personal data.
  • Advised an international transport company on its approach to direct marketing campaigns.
  • Advised a life sciences company on data protection issues relating to clinical trials, market research, ad tech and social media disease awareness campaigns.

Katie Hewson listened closely to what we were trying to achieve, and produced a practical approach which was precisely tailored to our objectives.

The Legal 500 UK 2022