Katie Hewson


Katie leads the firm’s data protection practice. She has significant experience advising clients across a variety of sectors, including retail, transport, financial services, analytics and life sciences, and holds a Certified Information Privacy Professional Europe (CIPP/E) accreditation from the International Association of Privacy Professionals.

Recently awarded "Privacy Leader of the Year: Legal" (PICASSO Privacy Awards 2022), Katie is recognised as a Next Generation Partner for data protection, privacy and cyber security by The Legal 500 UK 2023, in which she is described as “a valued advisor in relation to EU and UK GDPR matters”. She is also ranked as an Up and Coming Lawyer for data protection and information law in the Chambers and Partners UK 2023 Guide, which states she "has excellent technical knowledge and provides clear, practical advice".

Katie has extensive experience leading international GDPR compliance projects and also advises on data protection contracts, transparency issues, international personal data transfers, data sharing, cyber security and personal data breaches. She also advises a variety of clients on direct marketing, ad tech, social media and cookies issues under the e-privacy regime.

Katie has also acted for clients facing ICO enforcement action on potential data protection and freedom of information law breaches, winning successful outcomes for her clients in relation to subject access requests, breach reporting and FOIA requests. She has helped clients with the data protection impacts of Brexit and coronavirus and has also advised on the complex legal issues in facial recognition, AI and profiling.

Katie is a member of the International Network of Privacy Law Professionals, a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters.

  • Advised an international bank on its GDPR compliance programme, providing a full suite of services including close involvement in the bank's data mapping exercise and gap analysis. Continues to advise as the programme matures.
  • Advised a leading wellbeing chain in response to an ICO investigation into its direct marketing practices.
  • Advised a financial institution on a data breach that resulted in hackers gaining unauthorised access to extremely sensitive personal data, which resulted in a third party being exposed to a significant financial loss. This included advising on all aspects of incident response including making relevant notifications to affected data subjects, the ICO, insurers, and the police, and potential disputes with third parties.
  • Provided data privacy advice and drafted terms for a leading pharma company's healthcare apps.
  • Advised in relation to two substantial representative actions against major technology companies arising from potential systemic breaches of data protection legislation, including in relation to children's data.
  • Helped an airline handle a high profile data subject access request that was subject to extensive publicity.
  • Advised a leading high street retailer on GDPR compliance and documentation for employee and customer personal data.
  • Advised an international transport company on its approach to direct marketing campaigns.
  • Advised a life sciences company on data protection issues relating to clinical trials, market research, ad tech and social media disease awareness campaigns.

Katie Hewson acts as an extended member of our in-house legal team. I know the advice I receive from Katie will take into account the risks and concerns of our particular business. Katie knows there is no one size fits all, and she takes time to understand the business and our risk appetite. She is an invaluable resource.

The Legal 500 UK 2023


Katie Hewson - Ranked in Chambers UK 2023
The Legal 500 UK 2023 - Next generation partner