Skip to main content

Dual qualified in Scots and English law, and Certified Specialist in Data Protection by the Law Society of Scotland.

A Partner in our IP, Data Protection and Information Governance Team, Loretta is qualified in both Scots and English law and has over 12 years post-qualified experience.  Loretta is recognised by Legal500 as a Recommended Lawyer in Education, Intellectual Property (including  data protection and FOI), and IT & Telecoms sectors. She is experienced with advising and managing relationships with a range of clients from individuals, small start-ups, public bodies, large educational institutions to large multinational companies (turning over in excess of £800M). Loretta has enjoyed being seconded to several organisations including one of the UK's top companies for online innovation and separately, one of the UK's top research institutions. She also enjoyed a nine month secondment to the Business Development Office of a leading University, where she assisted the University by way of contract management with a view to maximising its intellectual property portfolio through various mediums including research contracts, collaborations and governance.

Loretta’s key area of expertise is in relation to data protection and freedom of information including the General Data Protection Regulation (GDPR), Data Protection Act 2018, e-Privacy Regulation and Freedom of Information (Scotland) Act 2002.    In particular, Loretta has assisted many organisation prepare for and continue to comply with GDPR and related data protection and information governance legislation and also leads our outsourced Data Protection Officer service.  This experience includes advising on mitigating risk when handling personal data, marketing, delivering audits, liaising with key stakeholders and management, preparing and monitoring implementation of improvement plans, delivering training, drafting privacy related documentation, advising on projects involving personal data, assisting with data security breaches, reporting to and attending board meetings, handling complex data requests, advising on complex data sharing arrangements, liaising with the Information Commissioner and undertaking Privacy Impact Assessments.


Law Society of Scotland Data Protection Certification Legal 500