Emma Drake

I am a Legal Director in our Privacy and Data Protection Group. I work with a wide variety of organisations on the GDPR and UK data protection law, particularly in the life sciences and sports sectors.

My work covers all aspects of data protection law, including advice on privacy notices, policies and procedures, data processing and data sharing agreements, data protection impact assessments and data subject rights. I have assisted numerous clients on personal data breaches, and know the importance of prompt pragmatic advice when handling security incidents. I also help clients with e-privacy compliance.

Across sport, I advise a large number of clubs, competitions and national and international sports governing bodies. This has included specific advice on topics such as safeguarding, anti-doping, integrity investigations and engagement with grassroots athletes and fans. I have presented on these topics at Premier League, Football Association and Sports Betting Integrity Forum events, and have been described as a 'lead lawyer for sport on data protection' in the House of Lords.

I work with a variety of healthcare and life science clients, from traditional pharmaceutical companies to health informatics providers to new entrants handling patient or health care professional data in the context of wellness apps or new technology. Sector-specific issues I have helped clients with include application of research exemptions, anonymisation, assessing the compliance of new medical technologies and the processing of data for pharmaceutical regulation such as pharmacovigilance.

Over recent years I have also gained considerable regulatory affairs experience, having worked with organisations seeking amendments to the draft GDPR and the UK's data protection framework.

During my time at Bird & Bird I have completed two secondments, with clients in the consumer retail and pharmaceutical sectors. I also act as a DPO for clients, including a sports governing body. I am CIPP/E certified by the International Association of Privacy Professionals and have spoken at the IAPP Europe Data Protection Congress.

• Advising a group of sports governing bodies in the UK to obtain sports specific provisions as part of the UK's Data Protection Act 2018, obtaining legal grounds to process data for anti-doping, integrity and safeguarding purposes.
• Advising international governing bodies and multi-sport competitions on the application of GDPR to their activities and on their wider GDPR compliance.
• Advising a multinational pharmaceutical company on its innovative patient care programmes, including advice on handling patient and HCP data as part of an NHS Test Bed.