Lowri has significant experience of advising public and private sector clients on the General Data Protection Regulation (GDPR), Freedom of Information (FOI) and Environmental Information (EIR) issues.
She advises organisations on their legal obligations and provides practical assistance in responding to requests made under the legislation.
Her FOI/EIR expertise includes regularly advising on the use of exemptions, assisting clients in drafting qualified persons opinions and public interest test outcomes. She is also experienced at dealing with appeals to the Information Commissioner’s Office.
Lowri also regularly advises clients on GDPR compliance and has delivered many bespoke training packages for clients on GDPR, FOI and EIR.
Recent examples of Information law experience include:
- Advising on all aspects of the GDPR to enable businesses to introduce appropriate practices, procedures and policies to assist compliance.
- Assisting a Local Authority in England in dealing with a criminal enquiry by the ICO under s.77 of FOIA. This involved a potential prosecution of a number of the Local Authority staff and involved Lowri liaising with the ICO, meeting with ICO’s criminal prosecutions department and advising the Local Authority on options.
- Advising an international organisation on the transfer of personal data outside the EEA
- Preparing and delivering bespoke training for schools on Data Protection and FOI issues.
- Advising a medical organisation on the transfer of special category patient data to a data controller based in the USA
- Advising a Welsh Local Authority on a complex combined FOI/Subject Access request made by a senior employee in preparation for a disciplinary investigation, which involved the potential disclosure of several thousand documents.
- Training staff (both through the medium of English/Welsh) at a national organisation on the requirements of the GDPR
- Advising a sporting regulator on dealing with repeated requests from a previous member for information under the subject access regime.
- Assisting an organisation in carrying out a risk assessment in reaction to a data breach and drafting reporting documentation including letters to the affected data subjects.
- Advising a regulatory body in connection with an appeal to the ICO for information underlying their regulatory reports. The use of multiple exemptions and thorough evaluation of the consequences of disclosure led to the ICO upholding the exemptions and distinguish a similar case where they had previously ordered the disclosure of the same type of information.
- Designing and delivering bespoke training workshops to the Legal and Information Governance teams and managers of an English Local Authority on FOI and EIR, following a mandate from the ICO to provide adequate training to staff on these matters.
- Advising a Welsh Local Authority on potential breaches of data protection by a senior officer and advising on the resulting disciplinary process.
Lowri also has experience of advising clients on employee monitoring and the provisions of the Regulatory and Investigatory Powers Act 2000 (RIPA) and the Telecommunications Regulations 2000 together with the interface and conflict between the Right to Privacy, the DPA and RIPA.