top of page

Data Protection


  • Consent

  • Contracts with data processors

  • Transfer of data outside EU

  • Data protection breaches

  • Notifications to ICO and data subjects

  • Dispute resolution

  • Defence of claims for damages

  • Training

Mariel is a qualified data protection practitioner. Over many years she advised a police force on data protection  (and freedom of information requests), and she successfully defended claims for compensation for data protection breaches and breach of the article 8 right to privacy.


She has advised the claims handling teams and GDPR working group of an insurer and also a Lloyd's syndicate. She has also advised a large teaching hospital and regulatory body. Businesses instruct her in relation to the processing of personal data about customers, and how to obtain effective consent.

Mariel recently made a successful claim for compensation against a public authority who shared information about a manager's absence from work, due to stress, to other managers who did not need to know. 

An online retailer retains her as their outsourced Data Protection Officer. 

  • Outsourced data protection officer

  • Compliance audits

  • Data protection impact assessments

  • Data retention advice

  • Data protection policies

  • Records of processing activities

  • Records of decisions

  • Privacy notices

  • Data subject access requests

Case Summaries

Sickness Absence


At weekly and monthly management meetings, sickness absences were regularly discussed. Over fifty managers were on the mailing list for the meeting minutes, although they contained health information about identified individuals which most of them did not need to know. When one of those who was absent complained about disclosure of their stress at work related mental illness and the stigma that was attached, the mailing list was shortened but a number of managers who did not need to know remained. Mariel advised there was likely to have been a data breach of special category information as this processing was not necessary and so there was no legitimate basis for it. Liability was admitted in response to the letter of claim. In the meantime the system of work had been changed so that sickness absences were discussed between the individual’s line manager and their direct report only.

Data Protection Officer

Mariel is the outsourced Data Protection Officer for an online retailer. When negotiations to buy out companies were at a critical point, she advised on the data protection implications of taking over other retailers and using their marketing mailshot lists. She has advised on obtaining the consent of customers to mailshots when they open accounts online. Post-Brexit, she has been involved with the suggested relocation of two websites, both hosted in different countries within the EU, although the company is based in the UK. She has drafted the company’s data protection policies and procedures, and privacy notices, and provides ongoing advice on data protection matters.

bottom of page