Elizabeth Upton

Today I'm a legal director in our Privacy and Data Protection Practice in London.

I joined Bird & Bird in 2000 and started out in the commercial team working on procurement and Government IT projects. I soon developed a keen interest in data protection working closely with Ruth Boardman and have been advising on data protection and privacy issues ever since. Today I'm a legal director in our Privacy and Data Protection Practice in London and have been working part time (3 days a week) since 2009.

The protection of personal data impacts all our clients on a daily basis and continues to be at the centre point of many new technology ideas, projects and legal work. The challenges have increased with the implementation of GDPR and the new UK Data Protection Act 2018, with more changes coming in the near future. I have had to get to grips with new developments and guidelines on an almost weekly basis and have provided creative solutions in (as yet) untested areas of new law, using my sound knowledge of data protection and other relevant laws gathered over the years insights. As a result, I have been able to reassure worried clients and to dispel many GDPR myths.

My work covers all aspects of data protection law including the implementation of GDPR, the UK Data Protection Act 2018 and developments in e-privacy legislation. I advise clients in many of our sectors (and particularly tech and comms, financial services, retail and consumer) including on their GDPR compliance programmes and have extensive experience on international data transfers (including BCRs), data subject access requests, privacy policies and negotiating data protection provisions in complex technology, communications and outsourcing transactions.

I provide client training and regularly speak at conferences both internally and externally on data protection.