Contact details

Katie Hewson

T: +44 20 7809 2374 Email Katie | vCard

Awards

Data protection

Data protection

Katie Hewson Partner

Contact details

Katie Hewson

Katie Hewson
Partner

T: +44 20 7809 2374 Email Katie | vCard

Katie is a data protection specialist who leads the firm’s data protection practice. She has significant experience advising clients across a variety of sectors, including retail, transport, financial services, analytics and life sciences, and holds a Certified Information Privacy Professional Europe (CIPP/E) accreditation from the International Association of Privacy Professionals.
  • Profile
  • Services
  • Sectors

Katie is recognised as a Next Generation Partner for data protection, privacy and cyber security by The Legal 500 UK 2022, in which she is described as “outstanding” and it is noted that her "legal advice is always incredibly commercially minded and her understanding of the technical aspects of privacy is unparalleled" (Legal 500 UK 2022).

Katie has extensive experience leading international GDPR compliance projects and also advises on data protection contracts, transparency issues, international personal data transfers, data sharing, cyber security and personal data breaches. She also advises a variety of clients on direct marketing, ad tech, social media and cookies issues under the e-privacy regime.

Katie has also acted for clients facing ICO enforcement action on potential data protection and freedom of information law breaches, winning successful outcomes for her clients in relation to subject access requests, breach reporting and FOIA requests. She has helped clients with the data protection impacts of Brexit and coronavirus and has also advised on the complex legal issues in facial recognition, AI and profiling.

Katie is a member of the International Network of Privacy Law Professionals, a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters.

“Katie Hewson listened closely to what we were trying to achieve, and produced a practical approach which was precisely tailored to our objectives”.
The Legal 500 UK 2022

  • Data protection and information
  • Commercial, outsourcing and technology

International bank

Advised an international bank on its GDPR compliance programme, providing a full suite of services including close involvement in the bank's data mapping exercise and gap analysis. Continues to advise as the programme matures.

Wellbeing chain

Advised a leading wellbeing chain in response to an ICO investigation into its direct marketing practices.

Financial institution

Advised a financial institution on a data breach that resulted in hackers gaining unauthorised access to extremely sensitive personal data, which resulted in a third party being exposed to a significant financial loss. This included advising on all aspects of incident response including making relevant notifications to affected data subjects, the ICO, insurers, and the police, and potential disputes with third parties.

Leading pharma company

Provided data privacy advice and drafted terms for a leading pharma company's healthcare apps.

Major technology companies

Advised in relation to two substantial representative actions against major technology companies arising from potential systemic breaches of data protection legislation, including in relation to children's data.

Airline

Helped an airline handle a high profile data subject access request that was subject to extensive publicity.

High street retailer

Advised a leading high street retailer on GDPR compliance and documentation for employee and customer personal data.

International transport company

Advised an international transport company on its approach to direct marketing campaigns.

Life sciences company

Advised a life sciences company on data protection issues relating to clinical trials, market research, ad tech and social media disease awareness campaigns.

More: Data protection and information

 

Katie provides broad commercial contracts and consumer law advice to clients in a range of sectors, including financial services, leisure and retail.

International airline

Katie has advised this client on several commercial contracts relating to the servicing of its aircraft, in particular for the supply of maintenance services, which is essential to the daily operation of the airline. She has also reviewed contracts for the purchase of disaster recovery and crisis management services.

Luxury hotel

Katie has provided advice to a luxury hotel in London on several of its contracts for goods and services and on its risks relating to the security of guests' possessions.

National Museum Authority

Katie drafted a series of template contracts covering a whole range of activities undertaken by the authority, including commissioning work, putting on exhibitions, hiring contractors, loaning and being loaned pieces, being gifted pieces and producing merchandise for the museum gift shop. The work involved dealing with the commercial implications of, and mitigating the risks involved in, the authority's business.

Food and drink manufacturer

Katie drafted a sponsorship agreement for a large client to use to cover its sponsorship of several running events. She gained experience in protecting the client, particularly in relation to it controlling how it would be promoted both before and at each race.

More: Commercial, outsourcing and technology

  • Funds and financial services
  • Life sciences
  • Art and cultural property
  • Technology

International bank

Advised an international bank on its EU GDPR compliance programme, providing a full suite of services including close involvement in the bank's data mapping exercise and gap analysis.

International financial services company

Advised an international financial services company on the implementation and use of cutting-edge AI tools.

Financial institution

Advised a financial institution on a data breach that resulted in hackers gaining unauthorised access to extremely sensitive personal data, which resulted in a third party being exposed to a significant financial loss. This included advising on all aspects of incident response including making relevant notifications to affected data subjects, the ICO, insurers, and the police, and potential disputes with third parties.

More: Funds and financial services

Life sciences company

Advised a life sciences company on data protection issues relating to clinical trials, market research, ad tech and social media disease awareness campaigns.

Leading pharma company

Provided data privacy advice and drafted terms for a leading pharma company's healthcare apps.

Healthcare provider

Reviewed the contractual framework of the IT of a target healthcare company on behalf of the purchaser, and drafted appropriate contractual protections to be put in place in the purchase agreement.

More: Life sciences

Katie has advised several clients in the arts sector on both commercial and data protection issues. In particular, she has assisted a variety of fine art dealers with their sales and purchases. She has also advised auction houses on commercial queries. Katie also helped a London theatre company successfully resolve Freedom of Information law enforcement action by the Information Commissioner's Office and advised an art sector client on responding to a cyber security incident that constituted a high risk personal data breach.

National Museum Authority

Katie drafted a series of template contracts covering a whole range of activities undertaken by the authority, including commissioning work, putting on exhibitions, hiring contractors, loaning and being loaned pieces, being gifted pieces and producing merchandise for the museum gift shop. The work required a deep knowledge of the functioning of museums and art galleries and involved dealing with the commercial and intellectual property implications of, and mitigating the risks involved in, the museum's day to day business.

Art advisory and investment services company

Katie drafted an art advisory and managed art portfolio agreement for one of the client's customers, a high profile investment fund in the fine art sector. In her drafting, Katie used her experience to protect the client against the risks inherent in the services it offered, such as auction guarantee broking and due diligence on provenance and title of works of art.

Commission for public artworks

Katie negotiated and re-drafted commissioning agreements for two very high profile public works of art from a world-class artist. The drafting was particularly complex in relation to the merchandising and image rights over the works; and Katie also had to consider the requirements for safety and maintenance since the works were to be located in public areas.

Purchase of medieval artefact

Katie acted on the sale of a set of manorial court rolls, which are a set of historically significant artefacts dating from the 13th to the 20th century and were being sold by the Lord of the Manor to a local authority. Katie carried out due diligence for the authority to establish authenticity and title, and drafted the sale and purchase documentation, as well as facilitating the sale itself. Katie also liaised with the Heritage Lottery Fund on its requirements in relation to its partial funding of the purchase.

Art dealer 

Katie advised on the back to back sale and purchase of, and related escrow arrangements for, a significant work of art worth several million pounds. Katie drafted appropriate protections for the dealer when drafting the terms of sale, and advised on insurance, consignment and title provisions. 

More: Art and cultural property

Professional services firm

Katie acted for a large professional services firm on the negotiation of a high value contract for billing software, which was key to the client's profitability.

Rail company

Katie advised on drafting a software licence for a train company in connection with its provision of smart ticketing services.

Online design start-up

Katie acted for a start-up design company in drafting the terms of website use, terms of online sale and privacy and cookies policies.

Healthcare provider

Katie reviewed the contractual framework of the IT of a target healthcare company on behalf of the purchaser, and drafted appropriate contractual protections to be put in place in the purchase agreement.

Pharmaceutical client

Katie drafted terms of use for a urology app for a leading pharma company and considered related information security and data privacy points.

Domain services provider

Katie advised a domain services provider on the data privacy implications of its proposed launch of a new project and on the implications of the GDPR.

More: Technology

Awards

Data protection

Data protection

Latest news & insights

17 May 2022

From News

Stephenson Harwood lawyers author official commentary on DIFC data protection law

Members of Stephenson Harwood were commissioned by the Dubai International Financial Centre (DIFC) Academy of Law to author the Data Protection chapter in the latest e..

More

05 May 2022

From Insights

Data Protection update - April 2022

Welcome to our data protection bulletin, covering the key developments in data protection law from April 2022.

More

14 Apr 2022

From Insights

New heightened M&A COVID-19 risks

COVID-19 saw businesses move from a state of uncertainty to a state of acceptance as markets and economies started to stabilise as lockdown restrictions eased.

More

06 Apr 2022

From Insights

Data Protection update - March 2022

Welcome to our data protection bulletin, covering the key developments in data protection law from March 2022.

More

01 Apr 2022

From Insights

Presumption of innocence: privacy until proven guilty?

In a recent article for Thomson Reuter's PLC Magazine, partner Katie Hewson, associate Kate Ackland and solicitor apprentice Jake Saville discuss the legal principles ..

More

04 Mar 2022

From Insights

Data Protection update - February 2022

Welcome to our data protection bulletin, covering the key developments in data protection law from February 2022.

More

18 Feb 2022

From Insights

New UK data transfer tools

The final versions of the UK's new transfer tools (the IDTA and UK Addendum) have now been laid before Parliament and are available to use "immediately", subject to Pa..

More

02 Feb 2022

From Insights

Data Protection update - December 2021/January 2022

Welcome to our data protection bulletin, covering the key developments in data protection law from December 2021 and January 2022.

More

06 Dec 2021

From Insights

Data Protection update - November 2021

Welcome to our data protection bulletin, covering the key developments in data protection law from November 2021.

More

11 Nov 2021

From Insights

Lloyd v Google: No damages without proof of damage

In Lloyd v Google LLC [2021] UKSC 50, the Supreme Court unanimously agreed that Mr Lloyd's claim against Google for breach of his (and those of 4 million other Apple i..

More

05 Nov 2021

From Insights

Data Protection update - October 2021

Welcome to our Data Protection bulletin, covering the key developments in data protection law from October 2021.

More

02 Nov 2021

From Insights

EACCNY - EU-UK Data Protection Law Divergence: Impact on Data flows

First published on www.eaccny.com as part of the “Brexit, What’s Next?” series, Stephenson Harwood's Katie Hewson and Jonathan Howie, along with Gary Cywie from Elvin..

More

04 Oct 2021

From Insights

Data Protection update - September 2021

Welcome to our Data Protection bulletin, covering the key developments in data protection law from September 2021.

More

13 Sep 2021

From Insights

The ICO calls for views on data protection and employment practices

The ICO has launched a call for views on data protection and employment practices to help shape a new user-friendly resource (the "New Resource") to replace the ICO's ..

More

06 Sep 2021

From Insights

Data Protection update - August 2021

Welcome to our Data Protection bulletin, covering the key developments in data protection law from August 2021.

More

13 Aug 2021

From Insights

Data's coming home: the proposed future for international transfers under the UK GDPR

On 11 August 2021, the Information Commissioner's Office ("ICO") published a consultation on its long-awaited draft guidance for international transfers of personal da..

More

print-footer
logo
© Stephenson Harwood LLP 2016. Any reference to Stephenson Harwood in this document means Stephenson Harwood LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Stephenson Harwood LLP.