Dyann Heward-Mills is a UK-qualified barrister in Baker & McKenzie's London office. She focuses her practice on privacy, data protection and data security law, with particular emphasis on cybersecurity matters. Prior to joining the Firm, she acted as senior privacy counsel to GE Capital, where she provided global support and advice on matters pertaining to privacy and data protection. Dyann is a non-executive board member for a technology start-up business that has developed an innovative data analytics tool to track and monitor the performance of recruitment activities. She is active in the Firm's BakerWomen and BakerEthnicity initiatives, and supports School-Aid, a charity that promotes the advancement of education in disadvantaged schools and communities in Africa.

Practice Focus

Dyann's main areas of focus include cyber security, binding corporate rules (BCRs), international data transfers, data breach, data protection audits, compliance frameworks, information governance and cloud computing. Other areas of focus include regulatory approvals, employee privacy, as well as technology roll-outs, direct marketing and Big Data initiatives.

Representative Legal Matters

Prior to joining the Firm, Dyann has been involved in a broad range of matters. In particular, she:

• Advised on the structure and implementation of projects with a personal data impact, such as BCR, data loss prevention, AML compliance, employee screening, HR processing Big Data, bring your own device (BYOD) as well as cloud computing, new system roll outs and social media initiatives.
• Counseled on regulatory clearances and approvals, including registrations, filings and notifications.
• Pursued effective cross-functional engagement with compliance, IT, security, HR, marketing, sourcing and regulatory affairs.
• Advocated on data protection by participating in industry groups and drafting position papers for submission to governments and regulators.
• Established an information governance framework and privacy programme.
• Advised on cyber threats and vulnerabilities as well as privacy breaches.
• Drafted and implemented privacy policies and data protection agreements including intergovernmental agreements (IGA) and model clauses.
• Carried out privacy impact assessments on new tools, products and initiatives.
• Delivered generic and specialist training, education and awareness programmes.

Corporate Social Responsibility

Volunteer, School-Aid, 5 years

Admission

England & Wales (2001)

Related Local Practices