Sana Duncan

London, United Kingdom

Sana is an experienced data protection specialist, having worked both in private practice and in-house, most recently at Deutsche Bank. She has worked with businesses in a wide range of sectors, from retail, construction, automotive, airlines, food and drink to public sector organisations and financial services institutions. She advises on all aspects of data protection compliance and her extensive knowledge is bolstered by having been a dedicated practitioner in the field since before the EU General Data Protection Regulation was conceived. Sana has regularly advised on multi-jurisdictional projects and is well-regarded for her focus on delivering pragmatic solutions to her clients, enabling them to effectively manage risk in what continues to be an ever-evolving and tumultuous data protection landscape.

Examples of Sana's work include:

  • Responding to and managing data protection breaches including consulting/advising key stakeholders and preparing submissions/notifications to relevant regulators;
  • Drafting and negotiating data protection clauses for inclusion in a wide variety of contracts, from outsourcing agreements (e.g. for procurement of HR, IT, pensions, insurance services etc), to NDAs and financial agreements;
  • Drafting global data protection policies and privacy notices;
  • Assisting with data protection compliance programmes/conducting audits and identifying/closing gaps in compliance;
  • Producing global data protection training for organisations as well as preparing and delivering bespoke training for specific business/infrastructure areas;
  • Managing and supervising responses to data subject rights requests, including overseeing the data retrieval process and subsequent legal review of documents;
  • Advising on international data transfer mechanisms, including reviewing and preparing EU Standard Contractual Clauses;
  • Conducting data protection impact assessments for risk analysis/mitigation;
  • Advising on cookie laws, including drafting cookie policies and cookie consent notices; and
  • Advising on direct marketing laws both in a B2B and B2C context.