Sana Duncan

Sana is an experienced data protection specialist, having worked both in private practice and in-house, most recently at Deutsche Bank. She has worked with businesses in a wide range of sectors, from retail, construction, automotive, airlines, food and drink to public sector organisations and financial services institutions. She advises on all aspects of data protection compliance and her extensive knowledge is bolstered by having been a dedicated practitioner in the field since before the EU General Data Protection Regulation was conceived. Sana has regularly advised on multi-jurisdictional projects and is well-regarded for her focus on delivering pragmatic solutions to her clients, enabling them to effectively manage risk in what continues to be an ever-evolving and tumultuous data protection landscape.

Examples of Sana’s work include:

  • Responding to and managing data protection breaches including consulting/advising key stakeholders and preparing submissions/notifications to relevant regulators;
  • Drafting and negotiating data protection clauses for inclusion in a wide variety of contracts, from outsourcing agreements (e.g. for procurement of HR, IT, pensions, insurance services etc), to NDAs and financial agreements;
  • Drafting global data protection policies and privacy notices;
  • Assisting with data protection compliance programmes/conducting audits and identifying/closing gaps in compliance;
  • Producing global data protection training for organisations as well as preparing and delivering bespoke training for specific business/infrastructure areas;
  • Managing and supervising responses to data subject rights requests, including overseeing the data retrieval process and subsequent legal review of documents;
  • Advising on international data transfer mechanisms, including reviewing and preparing EU Standard Contractual Clauses;
  • Conducting data protection impact assessments for risk analysis/mitigation;
  • Advising on cookie laws, including drafting cookie policies and cookie consent notices; and
  • Advising on direct marketing laws both in a B2B and B2C context.


Legal insights

The growth of the digital economy has led governments around the world to seek to regulate cybersecurity and privacy of individuals.

15 September 2021

COVID-19 has posed huge challenges for many industries/sectors and not least for the education sector

19 January 2021

The UK’s Information Commissioner’s Office (“ICO”) has finally issued its decision regarding the fine imposed on British Airways (“BA”) for its 2018 data breach

21 October 2020

In its second landmark decision in five years concerning EU and US data protection relations, the European Court of Justice

17 July 2020

This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

For more information on which cookies we use then please refer to our Cookie Policy.