Jennie Sumpster is a senior data protection and privacy lawyer (CIPP/E) with extensive experience gained in private practice and in-house helping clients to navigate and implement GDPR/UK GDPR and international privacy compliance requirements through pragmatic, commercial and workable advice and training.
She has experience advising both UK, EU and international clients from a range of industries including media and entertainment, e-commerce, pharmaceutical, healthcare, education and retail. Jennie has also worked as part of a multi-disciplinary team providing reputation resilience services to companies and individuals alongside risk management, information security and PR professionals.
Jennie has specialised in privacy and data protection since qualification in 2007 and has contributed to a number of publications, presented at industry conferences and has given evidence before the House of Lords European Union Select Committee on the implications of GDPR on SMEs and in particular the “Right to be Forgotten”.
- Contract review and drafting
- Drafting ancillary documents
- Due diligence
- Online data rooms
- Post-completion support
- Designed and conducted data protection audits in relation to global HRIS and CRM systems.
- Advised on preparatory steps for effective data breach response, including facilitating data breach simulation exercises.
- Advised on data breach response including investigation and regulatory reporting.
- Co-ordinated pan-European data protection compliance projects for global organisations.
- Liaised with the Information Commissioner’s Office in relation to complaints by data subjects and investigations.
- Drafted local and global privacy notices for online retail and financial services clients, including card issuers and banks and providers of e-wallet and other online payment services.
- Advised on the provision of fair processing information and obtaining appropriate marketing and cookie consents via websites and mobile apps.
- Advised on response to subject access requests including those received in the context of disputes and Employment Tribunal proceedings and dealing with ICO complaints in relation to the same.
- Advised on data separation and sharing strategies for consumer data on separation of business.
- Supported financial regulation and corporate colleagues in due diligence exercises and legal risk reviews.
- Worked closely with software/app developers and website designers to understand the technology underpinning their service provision in order to identify and advise on associated regulatory risks, for example in relation to the use of geolocation data.
- Designed and conducted privacy impact assessments in relation to the implementation of new technology, systems and internal processes and policies.
Created and delivered training at client sites on general data protection compliance matters.
Awarded the Certified Information Privacy Professional – Europe (CIPP/E) certification from the International Association of Privacy Professionals (IAPP).
Before joining Keystone is 2023, Jennie worked at the following firms:
- Eversheds Sutherland
- Addleshaw Goddard
- Speechly Bircham