Kristy Gouldsmith

Partner - Data Protection, Privacy and Cybersecurity

Kristy Gouldsmith

Kristy Gouldsmith

Partner - Data Protection, Privacy and Cybersecurity

Kristy is a data protection law specialist.  She has years of experience in advising a wide variety of organisations across all sectors, including SaaS platforms, retailers, manufacturers, schools, care homes, financial services, law firms and property developers.  Kristy advises clients of all sizes, from small business to large American multi-national companies. 

Kristy can provide the following services:

• Outsourced data protection officer 

• Training 

• Audits and Reviews

• Policies and procedures, including privacy notices

• Data breach management

• Subject access requests

• Data sharing agreements, including International Data Transfer Agreements and Standard Contractual Clauses

• International transfer impact assessments 

• Data protection impact assessments

• Legitimate interest assessments

• General advice and guidance on anything related to data protection and privacy

Kristy is a solicitor advocate, has a Master’s degree in law and is a Certified Information Privacy Professional for Europe (CIPP/E). She is also a qualified teacher for post-16 and taught A level law and degree level law. 

Recent experience:

• advising a telecoms company on the use of third-party marketing lists

• advising a financial services SaaS platform company on dealing with liability in their data sharing agreement

• advising a product manufacturer on whether their American process of gathering data via an app to use a specific product was compliant in the UK/EU

• auditing a large multi-national NGO

• auditing an international toy maker and distributor

• advising on data breaches, including a teacher uploading the class handover notes to Google classroom, a children’s charity having a break-in and six laptops being stolen, and an Outlook hack at an accountancy practice 

• handling subject access requests for organisations, including those of five redundant employees, a father who was the alleged perpetrator and parents unhappy with an exclusion

• completing an International Transfer Assessment on AWS in the USA

• legal opinions on controller vs processor arrangements

• assisting clients with customer negotiations on data sharing agreements


"Kristy Gouldsmith was a godsend in helping our business meet and maintain GDPR and DPA 18 compliance. I have found Kristy's knowledge of data protection laws second to none, and I would highly recommend Kristy to anyone in need of assistance in this area."

Lyn Francis
Risk and Compliance Analyst – Beaufort Group


"Kristy offers a stellar service. She is an absolute expert in the field of Data Protection and GDPR. The advice and assistance we have received has always been of the highest quality, prompt and practical. Kristy is a reassuring presence, having taken the time to understand our business and our needs, for us to call on whenever required. Highly recommend."

Ben Jenkins
Director – Spool


“Kristy was extremely knowledgeable and did not miss a beat when she was asked any question on a huge range of topics. She had a very engaging teaching style and stamina (three days of non-stop lecturing, moderating discussions, and running exercises was very impressive), and she was careful to intersperse her lectures with breaks, exercises and group discussions. I thought the exercises in particular were well structured and very useful. The course was amazingly run and well planned. What I liked best was the in-depth knowledge tailored to the attendees.”

Course attendee, DCMS Bespoke Training



  • England & Wales


Data protection and privacy, GDPR, PECR and FOIA

Qualifications and Professional bodies

    • Barrister and Solicitor – BC, Canada 
    • Solicitor - England and Wales 
    • Solicitor Advocate – England and Wales
    • Bachelor of Arts  - BA
    • Bachelor of Laws – LLB
    • Postgraduate Certificate of Education post 16 - PGCE
    • Master of Laws - LLM
    • Certified Information Privacy Professional for Europe - CIPP/E 
    • ISO 27001 (Information Security) Lead Implementer/ Lead Auditor


  • Sapphire – Data Protection Consultants
  • Truro College
  • Ministry of Attorney General, BC, Canada

Kristy says...

For many people, data protection can seem daunting but it doesn’t need to be. I can help you with your compliance, ensure that your organisation’s data is protected and give your team the knowledge that you need to keep it that way. I offer a range of services, from audits and reviews to support services including training, breach management and handling subject access requests. I provide pragmatic legal advice that works for your organisation.”