Contact details

Katie Hewson

T: +44 20 7809 2374 Email Katie | vCard Office: London

Awards

Data protection, privacy & cybersecurity

Data protection, privacy & cybersecurity

Data protection & information law

Data protection & information law

Katie Hewson Partner

Contact details

Katie Hewson

Katie Hewson
Partner

T: +44 20 7809 2374 Email Katie | vCard Office: London

Katie leads the firm’s data protection practice. She has significant experience advising clients across a variety of sectors, including retail, transport, financial services, analytics and life sciences. She holds Certified Information Privacy Professional Europe (CIPP/E), Certified Information Privacy Manager (CIPM) and Fellow of Information Privacy (FIP) accreditations from the International Association of Privacy Professionals.
  • Profile
  • Services
  • Sectors

Recently awarded "Privacy Leader of the Year: Legal" (PICASSO Privacy Awards 2022), Katie is recognised as a Next Generation Partner for data protection, privacy and cyber security by The Legal 500 UK 2023, in which she is described as “a valued advisor in relation to EU and UK GDPR matters”. She is also ranked as an Up and Coming Lawyer for data protection and information law in the Chambers and Partners UK 2023 Guide, which states she "has excellent technical knowledge and provides clear, practical advice".

Katie has extensive experience leading international GDPR compliance projects and also advises on data protection contracts, transparency issues, international personal data transfers, data sharing, cyber security and personal data breaches. She also advises a variety of clients on direct marketing, ad tech, social media and cookies issues under the e-privacy regime.

Katie has also acted for clients facing ICO enforcement action on potential data protection and freedom of information law breaches, winning successful outcomes for her clients in relation to subject access requests, breach reporting and FOIA requests. She has helped clients with the data protection impacts of Brexit and coronavirus and has also advised on the complex legal issues in facial recognition, AI and profiling.

Katie is a member of the International Network of Privacy Law Professionals, a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters.

“Katie Hewson acts as an extended member of our in-house legal team. I know the advice I receive from Katie will take into account the risks and concerns of our particular business. Katie knows there is no one size fits all, and she takes time to understand the business and our risk appetite. She is an invaluable resource.”
The Legal 500 UK 2023

  • Investment funds
  • Data protection and information
  • Commercial, outsourcing and technology

International bank

Advised an international bank on its EU GDPR compliance programme, providing a full suite of services including close involvement in the bank's data mapping exercise and gap analysis.

International financial services company

Advised an international financial services company on the implementation and use of cutting-edge AI tools.

Financial institution

Advised a financial institution on a data breach that resulted in hackers gaining unauthorised access to extremely sensitive personal data, which resulted in a third party being exposed to a significant financial loss. This included advising on all aspects of incident response including making relevant notifications to affected data subjects, the ICO, insurers, and the police, and potential disputes with third parties.

More: Investment funds

International bank

Advised an international bank on its GDPR compliance programme, providing a full suite of services including close involvement in the bank's data mapping exercise and gap analysis. Continues to advise as the programme matures.

Wellbeing chain

Advised a leading wellbeing chain in response to an ICO investigation into its direct marketing practices.

Financial institution

Advised a financial institution on a data breach that resulted in hackers gaining unauthorised access to extremely sensitive personal data, which resulted in a third party being exposed to a significant financial loss. This included advising on all aspects of incident response including making relevant notifications to affected data subjects, the ICO, insurers, and the police, and potential disputes with third parties.

Leading pharma company

Provided data privacy advice and drafted terms for a leading pharma company's healthcare apps.

Major technology companies

Advised in relation to two substantial representative actions against major technology companies arising from potential systemic breaches of data protection legislation, including in relation to children's data.

Airline

Helped an airline handle a high profile data subject access request that was subject to extensive publicity.

High street retailer

Advised a leading high street retailer on GDPR compliance and documentation for employee and customer personal data.

International transport company

Advised an international transport company on its approach to direct marketing campaigns.

Life sciences company

Advised a life sciences company on data protection issues relating to clinical trials, market research, ad tech and social media disease awareness campaigns.

More: Data protection and information

 

Katie provides broad commercial contracts and consumer law advice to clients in a range of sectors, including financial services, leisure and retail.

International airline

Katie has advised this client on several commercial contracts relating to the servicing of its aircraft, in particular for the supply of maintenance services, which is essential to the daily operation of the airline. She has also reviewed contracts for the purchase of disaster recovery and crisis management services.

Luxury hotel

Katie has provided advice to a luxury hotel in London on several of its contracts for goods and services and on its risks relating to the security of guests' possessions.

National Museum Authority

Katie drafted a series of template contracts covering a whole range of activities undertaken by the authority, including commissioning work, putting on exhibitions, hiring contractors, loaning and being loaned pieces, being gifted pieces and producing merchandise for the museum gift shop. The work involved dealing with the commercial implications of, and mitigating the risks involved in, the authority's business.

Food and drink manufacturer

Katie drafted a sponsorship agreement for a large client to use to cover its sponsorship of several running events. She gained experience in protecting the client, particularly in relation to it controlling how it would be promoted both before and at each race.

More: Commercial, outsourcing and technology

  • Rail and road
  • Technology
  • Life sciences
  • Art and cultural property

Trenitalia c2c Limited

Advised on how Brexit impacted the client's contracting structure, and in particular on data sharing between jurisdictions and assisting with updates to key contracts. We also advised on the impact of data protection legislation and ICO guidance on its internal policies.

Bus operator transport company

Advising a bus operator company on a Group-wide data protection project in which new policies and procedures are being drafted and implemented by all Transport UK Group's (formerly Abellio) operating companies.

Rail company

Advised on drafting a software licence for a train company in connection with its provision of smart ticketing services.

More: Rail and road

Exscientia

Advised on a wide-ranging data protection review for Exscientia, a cutting-edge AI drug discovery and biotech company, in the run up to its $2.9 billion listing.

Trident Trust Group

Advised Trident Trust Group on the data protection aspects of its business on an ongoing basis, including reviewing and negotiating its contracts with key IT suppliers.

Market-leading specialist in software, technology and outsourcing services

Advised a market-leading specialist in software, technology and outsourcing services on the data protection aspects of a number of its strategic deals, with a particular focus on their expansion in healthcare software.

Professional services firm

Katie acted for a large professional services firm on the negotiation of a high value contract for billing software, which was key to the client's profitability.

Rail company

Katie advised on drafting a software licence for a train company in connection with its provision of smart ticketing services.

Online design start-up

Katie acted for a start-up design company in drafting the terms of website use, terms of online sale and privacy and cookies policies.

Healthcare provider

Katie reviewed the contractual framework of the IT of a target healthcare company on behalf of the purchaser, and drafted appropriate contractual protections to be put in place in the purchase agreement.

Pharmaceutical client

Katie drafted terms of use for a urology app for a leading pharma company and considered related information security and data privacy points.

Domain services provider

Katie advised a domain services provider on the data privacy implications of its proposed launch of a new project and on the implications of the GDPR.

More: Technology

Life sciences company

Advised a life sciences company on data protection issues relating to clinical trials, market research, ad tech and social media disease awareness campaigns.

Leading pharma company

Provided data privacy advice and drafted terms for a leading pharma company's healthcare apps.

Healthcare provider

Reviewed the contractual framework of the IT of a target healthcare company on behalf of the purchaser, and drafted appropriate contractual protections to be put in place in the purchase agreement.

More: Life sciences

Katie has advised several clients in the arts sector on both commercial and data protection issues. In particular, she has assisted a variety of fine art dealers with their sales and purchases. She has also advised auction houses on commercial queries. Katie also helped a London theatre company successfully resolve Freedom of Information law enforcement action by the Information Commissioner's Office and advised an art sector client on responding to a cyber security incident that constituted a high risk personal data breach.

National Museum Authority

Katie drafted a series of template contracts covering a whole range of activities undertaken by the authority, including commissioning work, putting on exhibitions, hiring contractors, loaning and being loaned pieces, being gifted pieces and producing merchandise for the museum gift shop. The work required a deep knowledge of the functioning of museums and art galleries and involved dealing with the commercial and intellectual property implications of, and mitigating the risks involved in, the museum's day to day business.

Art advisory and investment services company

Katie drafted an art advisory and managed art portfolio agreement for one of the client's customers, a high profile investment fund in the fine art sector. In her drafting, Katie used her experience to protect the client against the risks inherent in the services it offered, such as auction guarantee broking and due diligence on provenance and title of works of art.

Commission for public artworks

Katie negotiated and re-drafted commissioning agreements for two very high profile public works of art from a world-class artist. The drafting was particularly complex in relation to the merchandising and image rights over the works; and Katie also had to consider the requirements for safety and maintenance since the works were to be located in public areas.

Purchase of medieval artefact

Katie acted on the sale of a set of manorial court rolls, which are a set of historically significant artefacts dating from the 13th to the 20th century and were being sold by the Lord of the Manor to a local authority. Katie carried out due diligence for the authority to establish authenticity and title, and drafted the sale and purchase documentation, as well as facilitating the sale itself. Katie also liaised with the Heritage Lottery Fund on its requirements in relation to its partial funding of the purchase.

Art dealer 

Katie advised on the back to back sale and purchase of, and related escrow arrangements for, a significant work of art worth several million pounds. Katie drafted appropriate protections for the dealer when drafting the terms of sale, and advised on insurance, consignment and title provisions. 

More: Art and cultural property

Awards

Data protection, privacy & cybersecurity

Data protection, privacy & cybersecurity

Data protection & information law

Data protection & information law

Latest news & insights

07 Nov 2023

From Insights

Data Protection update - October 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from October 2023.

More

31 Oct 2023

From Insights

Clearview AI Inc v The Information Commissioner: Clearview AI successfully overturns ICO fine

In Clearview AI Inc v The Information Commissioner [2023] UKFTT 819 (GRC), the First-tier Tribunal overturned a large fine issued by the Information Commissioner's Off..

More

12 Oct 2023

From Insights

A cloud of suspicion – UK's CMA to probe the hyperscalers – Amazon, Microsoft, Google…

We are pleased to share with you our briefing on the Competition & Markets Authority's ("CMA") recent decision on 5 October 2023 to accept a market investigation refer..

More

06 Oct 2023

From Insights

Data Protection update - September 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from September 2023.

More

20 Sep 2023

From Insights

Closing the door on the third appeal against the ICO’s first UK GDPR fine

In a recent Privacy Laws & Business article, Stephenson Harwood data protection partner Katie Hewson and associate Amarveer Randhawa analyse the third appeal against t..

More

14 Sep 2023

From Insights

Generative AI webinar series: top tips and take-aways

In the rapidly evolving landscape of Generative AI (GenAI), navigating the intricate web of legal and commercial risks becomes an imperative task for businesses and le..

More

13 Sep 2023

From Insights

AI regulation – latest legal developments in Europe and the US

Stephenson Harwood's data protection partner Katie Hewson and associate Daniel Jones (based in London) and Ana Razmazma, counsel at Fenwick & West (based in Silicon Va..

More

05 Sep 2023

From Insights

Data Protection update - August 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key updates in data protection law from August 2023.

More

03 Aug 2023

From Insights

Data Protection update - July 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from July 2023.

More

05 Jul 2023

From Insights

Data Protection update - June 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from June 2023.

More

29 Jun 2023

From Insights

Regulating AI

As the pace of AI development accelerates, the challenge of creating robust, fair, and transparent regulatory frameworks is of paramount importance, and the stakes are..

More

20 Jun 2023

From Insights

New guidance sheds light on an employer's approach to DSARs

In May 2023, the Information Commissioner's Office, the UK Data Protection Authority, issued updated guidance in the form of a Q&A for employers on workers' Data Subje..

More

05 Jun 2023

From Insights

Data Protection update - May 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from March 2023.

More

30 May 2023

From Insights

Regulating the tech giants and online harms

In the current digital age, technology companies have rapidly grown in size and influence, transforming into virtual gatekeepers of our online world.

More

30 May 2023

From Insights

Digital Decade: The Digital Services Act

The DSA will regulate how digital platforms and services handle illegal or potentially harmful online content by establishing a powerful transparency and accountabilit..

More

05 May 2023

From Insights

Four key decisions mark the end of the EU GDPR's fourth year

The EU GDPR will soon celebrate its fifth birthday. However, yesterday may have been an equally important milestone with the Court of Justice of the European Union ("C..

More

print-footer
logo
© Stephenson Harwood LLP 2016. Any reference to Stephenson Harwood in this document means Stephenson Harwood LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Stephenson Harwood LLP.