Track record
Selected matters
Twenty-five years of commercial, technology and data law, across regulated sectors, large-scale transactions, start-ups and scale-ups.
Practical expertise across the complete landscape of UK and EU data protection from the implementation of the Data Protection Act 1998, through safe harbor reforms and the boom of e-commerce, to the UK GDPR and the new world of AI.
AI and technology deployment
Putting AI into practice, lawfully
Insurance · AI
AI model deployment in regulated insurance
Advised a regulated insurer on model procurement and use, lawful basis for using personal data in underwriting, and fairness and explainability requirements under UK GDPR. Covered automated decision-making provisions and the insurer’s obligations to policyholders.
AI procurement · Automated decisions · UK GDPR
Legal · Professional Services
GenAI governance and policy for a global law firm
Drafted a large international firm’s first internal guidance on AI use in legal practice: acceptable use, client-facing risk disclosure, and vendor assessment criteria. Ran alongside data governance infrastructure work, including implementing OneTrust across DPIA and vendor assessment workflows.
GenAI policy · OneTrust · Data governance
HR Tech · Financial Services
Facial recognition for right-to-work and KYC
A technology provider sought to deploy facial recognition in two contexts: employment right-to-work checks and financial services KYC. Advised on lawful basis for biometric data in each context and completed DPIAs for both deployments, with distinct legal frameworks applying to each.
Biometrics · Special category data · DPIA
Retail · PropTech
Biometric markers for retail market segmentation
Advised on lawful basis, transparency obligations, and DPIA requirements for deploying biometric markers in shopping centre environments to build demographic profiles for market segmentation. Addressed the legal viability of the project as designed and the changes needed to make a revised version lawful.
High-risk processing · Legitimate interests · Transparency
start up, scale up and SME support
Legal advice that supports, not stalls
SaaS · inclusion · NLP
Contracts Portfolio for a SaaS launch
Working with a business looking to bring greater inclusion to the world of surveys with trustworthy, qualitative data.
Clarifying data flows and tech stack structures, advising on business model and deployment and drafting a suite of flexible customer terms and conditions and privacy notices which can be used as standard or tailored for specific customers.
Commercial · SaaS · UK GDPR
contracting · CIC
Taking the fear out of getting started
Working with a CIC to help them get off the ground, allaying fears over legal risks which had been overplayed elsewhere and become overwhelming.
Ensuring rules of specific professional organisation were adhered to in contracting process.
Developing a suite of contractual documents for engaging with clients, engaging subcontractors and partnering for social media and other collaborations in a flexible and usable way with clear guidance for the future.
Commercial · CIC · Contract Management
ICO · subject access
Liaising with ICO following a complaint
Reviewing a complaint made by a data subject in relation to their data subject request, which was connected to ongoing legal dispute over fees.
Advising on the true risks and potential consequences; where processes could be improved in future, and making representations to the ICO.
Proposing strategic and practical approach to resolving the complaint, which was accepted by the ICO.
ICO · Data Subject Access · Complaints
consultant · IP · payment
Urgent, targeted work
Helping a startup who had been faced with a wall of silence from other legal outreach on short notice, over a weekend, as their first big contract needed to close.
Advising on the practical implications of the proposed payment structure and how that would impact cashflow.
Ensuring that IP was not inadvertently transferred in relation to this innovative and commercial consultancy work.
Constultancy · Payment terms · Intellectual Property
Data sharing and commercial transactions
Complex data flows, properly structured
Food Tech · Retail
Data sharing in a food delivery ecosystem
A food delivery platform needed to formalise data sharing arrangements with retail partners, with customer personal data flowing between multiple organisations. Advised on controller allocation, joint controllership, and the contractual framework required on both sides.
Data sharing · Controller allocation · B2B contracts
Transport · Mobility
Data sharing for connected vehicle services
Advised a transport sector client on data sharing arrangements between connected service providers operating in the same ecosystem. Allocated data protection responsibilities across a multi-party supply chain and negotiated data sharing agreements that reflected the technical architecture of the connected systems involved.
Multi-party data flows · Connected systems · Data sharing
Pharma · Life Sciences
Clinical data outsourcing for a global pharma company
Led a series of outsourcing transactions exceeding £250 million in value, covering data protection provisions for international transfers, subcontracting arrangements, and audit obligations on clinical data. The sensitivity of the data and the regulatory environment imposed requirements well beyond standard commercial outsourcing terms.
Outsourcing · Clinical data · International transfers
Diligence, governance and regulatory change
Building foundations that hold
Travel Tech · Startup
Data estate diligence at funding stage
Provided structured data protection diligence for a travel data startup approaching a funding round, covering data acquisition histories, processing and sharing practices, and material compliance risks. Gave buy-side investors a clear view of the data estate before commitment.
Investment diligence · Data estate · Startup
Cross-sector · Regulatory
International data transfers through regulatory upheaval
Managed a leading technology business’s transition from Safe Harbor to Standard Contractual Clauses following its 2015 invalidation, and advised multiple US companies on their UK and EU transfer obligations in the post-Safe Harbor environment. Also advised a compliance provider on model contracts for US data flows.
Safe Harbor · SCCs · US data flows
Legal · Professional Services
Data governance transformation at an international firm
Led the data governance function at a large international professional services firm across DPIAs, DSARs, security incidents, and ICO liaison. Implemented OneTrust across DPIA and vendor assessment workflows, upskilled the team, and drafted the firm’s first internal guidance on generative AI use.
Data governance · OneTrust · GenAI policy
These are anonymised summaries of real work Gayle has delivered. Client details are confidential.
Want to discuss a matter?
No jargon, no pressure. Tell me what you are working on.