Kristy Gouldsmith

For many people, data protection can seem daunting but it doesn’t need to be. I can help you with your compliance, ensure that your organisation’s data is protected and give your team the knowledge that you need to keep it that way. I offer a range of services, from audits and reviews to support services including training, breach management and handling subject access requests. I provide pragmatic legal advice that works for your organisation.”

Kristy is a data protection law specialist.  She has years of experience in advising a wide variety of organisations across all sectors, including SaaS platforms, retailers, manufacturers, schools, care homes, financial services, law firms and property developers.  Kristy advises clients of all sizes, from small business to large American multi-national companies.

Kristy can provide the following services:

• Outsourced data protection officer

• Training

• Audits and Reviews

• Policies and procedures, including privacy notices

• Data breach management

• Subject access requests

• Data sharing agreements, including International Data Transfer Agreements and Standard Contractual Clauses

• International transfer impact assessments

• Data protection impact assessments

• Legitimate interest assessments

• General advice and guidance on anything related to data protection and privacy

Kristy is a solicitor advocate, has a Master’s degree in law and is a Certified Information Privacy Professional for Europe (CIPP/E). She is also a qualified teacher for post-16 and taught A level law and degree level law.

Recent experience:

• advising a telecoms company on the use of third-party marketing lists

• advising a financial services SaaS platform company on dealing with liability in their data sharing agreement

• advising a product manufacturer on whether their American process of gathering data via an app to use a specific product was compliant in the UK/EU

• auditing a large multi-national NGO

• auditing an international toy maker and distributor

• advising on data breaches, including a teacher uploading the class handover notes to Google classroom, a children’s charity having a break-in and six laptops being stolen, and an Outlook hack at an accountancy practice

• handling subject access requests for organisations, including those of five redundant employees, a father who was the alleged perpetrator and parents unhappy with an exclusion

• completing an International Transfer Assessment on AWS in the USA

• legal opinions on controller vs processor arrangements

• assisting clients with customer negotiations on data sharing agreements