Carolyn has a wealth of experience in company/commercial law and specialist skills in IT law and data privacy. She has a proactive approach and provides business-focused solutions on a broad range of commercial and corporate transactional matters and helps companies to address compliance issues particularly in regard to data privacy. In addition to her time in private practice, Carolyn also spent 10 years working in-house with ntl (now Virgin Media) and Hyperion Solutions (bought by Oracle in 2007).
Carolyn joined Keystone Law in early 2008 and is currently working with a range of clients from large US listed multi-national corporations to start-ups in the technology sector including a global security software vendor; a leading cloud computing services provider and a rapidly growing cloud storage service provider.
- Data protection compliance auditing and implementation of compliance programmes
- General Data Protection Regulation preparedness audits and training
- Drafting and advising on data processing agreements, EU Standard Contractual Clauses, Binding Corporate Rules and Privacy Shield
- Cloud Computing, Software as a Service, Platform as a Service, Infrastructure as a Service arrangements (advising both suppliers and customers)
- Software development, licensing and maintenance agreements
- IT consulting and contractor agreements
- Distribution, reseller, managed service provider, oem, channel and strategic alliances agreements
- Outsourcing arrangements including set-up of shared service centres
- Internet and email policies
- Marketing and sponsorship arrangements
- Sales strategies
- Knowledge of US GAAP accounting and revenue recognition rules
- Overseeing regulatory affairs and implementation of corporate compliance policies and procedures
- Conducting investigations into regulatory violations
- Company secretarial across various jurisdictions in Europe
- Advising on establishing entities in various jurisdictions in EMEA including Russia and the Middle East
- Conducting a data protection compliance audit for a major security services vendor and working with the internal teams to create data maps and build a compliance programme to ensure continued compliance with data protection regulations
- Negotiating and closing a USD 50million Software as a Service arrangement between a global cloud computing services provider and a leading global mobile phone services provider
- Assisting in establishment of European business operations for a US based cloud storage provider and providing ongoing in-house legal support to the European business
- Establishing and managing the European legal team for a global software security vendor and assisting in recruitment of a new head of legal to take over ongoing management of this team
- Carrying out a data impact assessment for one of the UK’s leaders in security services in order to establish a data map and identify gaps in compliance with European Union data processing laws and regulations, and then advising on addressing the compliance gaps.
- Advising a well-known US provider of security software on the implications of collecting, storing and using IP addresses as part of its services and in its mobile tracking devices.
- Negotiating data processing agreements as part of multi-million deals for provision of cloud computing services by one of the global leaders of cloud services headquartered in California, USA.
- Advising the UK based charitable foundation of a leading global cloud services company on its data handling and processing policies and procedures including assisting in the drafting of its data transfer agreements to legitimise the transfer of personal data outside of the EEA.
- Drafting and negotiating international data transfer agreements for a leading cloud storage company headquartered in California.
- Advising a medical research company conducting clinical trials on its data processing policies and procedures and on putting in place binding corporate rules as well as on the impact of the new General Data Protection Regulations.
- Devising a training programme on the impact of the new General Data Protection Regulations.
Please note: The experience list above may include examples of work completed prior to joining Keystone Law.
Carolyn qualified as a solicitor 1997. Prior to joining Keystone Law in 2008, she worked at the following firms:
- Virgin Media
- Clifford Chance