Elizabeth Upton

I'm a legal director in our London Privacy and Data Protection Practice working with clients in many of our key sectors.

I joined Bird & Bird in 2000 and started out in the commercial team working on procurement and Government IT projects. I soon developed a keen interest in data protection working closely with Ruth Boardman and have been advising on data protection and privacy issues ever since. Today I'm a legal director in our London Privacy and Data Protection Practice in London and have been working part time (3 days a week) since 2009.

The protection of personal data impacts all our clients on a daily basis and continues to be at the centre point of many new technology ideas, projects and legal work. The challenges have increased with the implementation of the EU and UK GDPR, the UK Data Protection Act 2018, and recent court and DPA decisions on international data transfers together with new laws arising from the European Data Strategy and as a consequence of Brexit.

My work covers all aspects of data protection law including the implementation of the EU and UK GDPR, the UK Data Protection Act 2018 and developments in e-privacy legislation as well as other data related legislation. My expertise also involves looking at the regulatory frameworks that govern the ethical and responsible use of AI and their overlap with data protection compliance and I have a good understanding of the legal implications surrounding AI development, deployment and data handling practices.

I advise clients in many of our sectors (and particularly tech and comms, financial services, retail and consumer) including on their EU/UK GDPR compliance programmes and have extensive experience on international data transfers (including BCRs), data subject access requests, DPIAs, privacy policies and negotiating data protection provisions in complex technology, communications and outsourcing transactions.

I provide client training and regularly speak at conferences both internally and externally on data protection.