Every Click, Every Scroll, Every Data Point – There’s Law Behind It
If your business exists online — and today, whose doesn’t — then data law isn’t a niche concern. It’s the legal infrastructure your entire operation runs on. Every website visit, every app download, every customer sign-up, every email captured, every cookie dropped, and every third-party integration generates legal obligations. Most businesses don’t realise how exposed they are until a regulator writes to them, a customer complains, or a commercial partner demands proof of compliance before signing the contract.
I make sure you never find yourself in that position. I provide clear, commercially grounded legal support across the full spectrum of digital and data law — ensuring your online presence, your products, and your data practices are legally sound, regulator-ready, and built to earn the trust your customers expect.
I make sure you never find yourself in that position. I provide clear, commercially grounded legal support across the full spectrum of digital and data law — ensuring your online presence, your products, and your data practices are legally sound, regulator-ready, and built to earn the trust your customers expect.
What I Offer
Terms of Service: Your terms of service are the contract between you and every user who interacts with your platform. Yet most businesses treat them as an afterthought — copying a competitor’s terms, downloading a free template, or leaving the same draft in place for years whilst the product evolves beyond recognition.
I draft bespoke terms of service for websites, mobile applications, SaaS platforms, and digital marketplaces — covering access rights, acceptable use, intellectual property ownership, limitation of liability, subscription and payment mechanics, termination provisions, and dispute resolution. Every clause is tailored to how your product actually works and the jurisdiction in which you operate.
Privacy Policies; A privacy policy isn’t just a compliance document — it’s a public declaration of how you handle people’s most sensitive information. Get it wrong and you face regulatory action, reputational damage, and the quiet erosion of customer trust.I draft and review privacy policies that are genuinely transparent, legally accurate, and aligned with your actual data processing activities. No vague catch-all language. No misleading assurances. Just clear, honest disclosure that satisfies regulators and reassures users.
UK GDPR Compliance; The UK General Data Protection Regulation — retained and adapted following Brexit — imposes comprehensive obligations on any business processing the personal data of individuals in the United Kingdom. I advise on and help you implement compliance across the full framework, including:
I draft bespoke terms of service for websites, mobile applications, SaaS platforms, and digital marketplaces — covering access rights, acceptable use, intellectual property ownership, limitation of liability, subscription and payment mechanics, termination provisions, and dispute resolution. Every clause is tailored to how your product actually works and the jurisdiction in which you operate.
Privacy Policies; A privacy policy isn’t just a compliance document — it’s a public declaration of how you handle people’s most sensitive information. Get it wrong and you face regulatory action, reputational damage, and the quiet erosion of customer trust.I draft and review privacy policies that are genuinely transparent, legally accurate, and aligned with your actual data processing activities. No vague catch-all language. No misleading assurances. Just clear, honest disclosure that satisfies regulators and reassures users.
UK GDPR Compliance; The UK General Data Protection Regulation — retained and adapted following Brexit — imposes comprehensive obligations on any business processing the personal data of individuals in the United Kingdom. I advise on and help you implement compliance across the full framework, including:
- Lawful bases for processing
- Data subject rights and response procedures
- Data protection impact assessments
- Records of processing activities
- Breach notification procedures
- International data transfer mechanisms
- Accountability and governance documentation
Whether you’re starting your compliance journey from scratch or need a health check on your existing framework, I provide practical, proportionate guidance that fits the size and complexity of your business.
EU GDPR Compliance: If your business targets or monitors individuals within the European Economic Area — even without a physical presence there — the EU GDPR applies to you. I advise on the additional and diverging requirements of the EU regime, including representative appointments under Article 27, cross-border transfer safeguards post-adequacy, and the evolving regulatory landscape across EU member states.
CCPA Compliance; For businesses that collect personal information from California residents — a common reality for any globally accessible digital product — the California Consumer Privacy Act and its amendment, the CPRA, create a distinct set of obligations around disclosure, opt-out rights, data sale restrictions, and consumer request handling. I advise on CCPA applicability, draft the required disclosures, and help you build compliant response processes.
Cookie Policies and Consent Mechanisms: Cookie compliance remains one of the most visibly enforced areas of data law — and one of the most frequently mishandled. I draft clear, accurate cookie policies and advise on the implementation of consent management platforms that genuinely meet the requirements of the UK PECR, the EU ePrivacy Directive, and emerging regulatory guidance. No dark patterns. No pre-ticked boxes. Just lawful, user-friendly consent.
SaaS Product Compliance : Software-as-a-service products carry unique legal considerations — from multi-tenancy data segregation and uptime commitments to subscription lifecycle management, API terms, and end-user licence structures. I advise SaaS businesses on the legal documentation and compliance frameworks specific to their model, ensuring your product is as legally robust as it is technically sound.
Data Processing Agreements: Whenever you share personal data with a processor — or act as a processor yourself — a compliant data processing agreement is a legal requirement, not a commercial nicety. I draft and negotiate DPAs that meet the requirements of UK and EU GDPR, clearly allocate responsibilities, address sub-processing chains, and include appropriate technical and organisational security commitments. I also review inbound DPAs from partners and vendors to ensure you’re not unknowingly accepting disproportionate liability.
CCPA Compliance; For businesses that collect personal information from California residents — a common reality for any globally accessible digital product — the California Consumer Privacy Act and its amendment, the CPRA, create a distinct set of obligations around disclosure, opt-out rights, data sale restrictions, and consumer request handling. I advise on CCPA applicability, draft the required disclosures, and help you build compliant response processes.
Cookie Policies and Consent Mechanisms: Cookie compliance remains one of the most visibly enforced areas of data law — and one of the most frequently mishandled. I draft clear, accurate cookie policies and advise on the implementation of consent management platforms that genuinely meet the requirements of the UK PECR, the EU ePrivacy Directive, and emerging regulatory guidance. No dark patterns. No pre-ticked boxes. Just lawful, user-friendly consent.
SaaS Product Compliance : Software-as-a-service products carry unique legal considerations — from multi-tenancy data segregation and uptime commitments to subscription lifecycle management, API terms, and end-user licence structures. I advise SaaS businesses on the legal documentation and compliance frameworks specific to their model, ensuring your product is as legally robust as it is technically sound.
Data Processing Agreements: Whenever you share personal data with a processor — or act as a processor yourself — a compliant data processing agreement is a legal requirement, not a commercial nicety. I draft and negotiate DPAs that meet the requirements of UK and EU GDPR, clearly allocate responsibilities, address sub-processing chains, and include appropriate technical and organisational security commitments. I also review inbound DPAs from partners and vendors to ensure you’re not unknowingly accepting disproportionate liability.
Why This Matters More Than You Think
Data law is no longer a slow-moving regulatory backwater. Enforcement is accelerating. The Information Commissioner’s Office is issuing fines, reprimands, and enforcement notices with increasing frequency. EU supervisory authorities are pursuing cross-border actions against businesses of all sizes. And in the commercial arena, sophisticated partners, enterprise customers, and investors now routinely assess data compliance as a condition of doing business.
Beyond enforcement, there’s a deeper truth: your customers care about their data. They read privacy policies more than you think. They notice when cookie banners feel manipulative. They talk when something feels wrong. In a digital economy built on trust, your data practices are part of your brand — whether you manage them deliberately or not.
Beyond enforcement, there’s a deeper truth: your customers care about their data. They read privacy policies more than you think. They notice when cookie banners feel manipulative. They talk when something feels wrong. In a digital economy built on trust, your data practices are part of your brand — whether you manage them deliberately or not.
Who I Work With
- SaaS founders and product teams building or scaling platforms that collect and process user data
- E-commerce businesses handling customer data, payment information, and marketing preferences across multiple jurisdictions
- Mobile app developers navigating the intersection of app store requirements, device permissions, and data regulation
- Digital agencies and consultancies processing client and end-user data and needing compliant agreements in place
- Any business with an online presence that wants to ensure its website, data practices, and digital documentation are genuinely compliant — not just technically present
How I Work
Data law can feel overwhelming — a maze of acronyms, regulatory guidance, and worst-case scenarios. I cut through that. I assess where you actually are, identify what genuinely needs attention, and deliver practical, prioritised solutions in plain English.
I don’t sell fear. I don’t manufacture complexity. And I don’t deliver hundred-page compliance manuals that no one reads. I give you what you need to be legally sound, commercially credible, and operationally confident — and nothing more than that.
Whether you need a complete compliance framework built from the ground up, a targeted review of your existing policies, or ongoing advisory support as your product and data practices evolve, I work flexibly around your needs and your budget.
I don’t sell fear. I don’t manufacture complexity. And I don’t deliver hundred-page compliance manuals that no one reads. I give you what you need to be legally sound, commercially credible, and operationally confident — and nothing more than that.
Whether you need a complete compliance framework built from the ground up, a targeted review of your existing policies, or ongoing advisory support as your product and data practices evolve, I work flexibly around your needs and your budget.
Let’s Get Your Digital House in Order
If you’re launching a new product, expanding into new markets, onboarding an enterprise client who’s asking about your data practices, or simply unsure whether your current policies would survive regulatory scrutiny — let’s have a conversation. The sooner you get this right, the more confidently you grow.