Carolyn Bertin

Expertise

• Data protection compliance auditing and implementation of compliance programmes
• General Data Protection Regulation preparedness audits and training
• Drafting and advising on data processing agreements, EU Standard Contractual Clauses, Binding Corporate Rules and Privacy Shield
• Cloud Computing, Software as a Service, Platform as a Service, Infrastructure as a Service arrangements (advising both suppliers and customers)
• Software development, licensing and maintenance agreements
• IT consulting and contractor agreements
• Distribution, reseller, managed service provider, oem, channel and strategic alliances agreements
• Outsourcing arrangements including set-up of shared service centres
• Internet and email policies
• Marketing and sponsorship arrangements
• Sales strategies
• Knowledge of US GAAP accounting and revenue recognition rules
• Overseeing regulatory affairs and implementation of corporate compliance policies and procedures
• Conducting investigations into regulatory violations
• Company secretarial across various jurisdictions in Europe
• Advising on establishing entities in various jurisdictions in EMEA including Russia and the Middle East

Experience

• Conducting a data protection compliance audit for a major security services vendor and working with the internal teams to create data maps and build a compliance programme to ensure continued compliance with data protection regulations
• Negotiating and closing a USD 50million Software as a Service arrangement between a global cloud computing services provider and a leading global mobile phone services provider
• Assisting in establishment of European business operations for a US based cloud storage provider and providing ongoing in-house legal support to the European business
• Establishing and managing the European legal team for a global software security vendor and assisting in recruitment of a new head of legal to take over ongoing management of this team
• Carrying out a data impact assessment for one of the UK’s leaders in security services in order to establish a data map and identify gaps in compliance with European Union data processing laws and regulations, and then advising on addressing the compliance gaps.
• Advising a well-known US provider of security software on the implications of collecting, storing and using IP addresses as part of its services and in its mobile tracking devices.
• Negotiating data processing agreements as part of multi-million deals for provision of cloud computing services by one of the global leaders of cloud services headquartered in California, USA.
• Advising the UK based charitable foundation of a leading global cloud services company on its data handling and processing policies and procedures including assisting in the drafting of its data transfer agreements to legitimise the transfer of personal data outside of the EEA.
• Drafting and negotiating international data transfer agreements for a leading cloud storage company headquartered in California.
• Advising a medical research company conducting clinical trials on its data processing policies and procedures and on putting in place binding corporate rules as well as on the impact of the new General Data Protection Regulations.
• Devising a training programme on the impact of the new General Data Protection Regulations.

Please note: The experience list above may include examples of work completed prior to joining Keystone Law.

Career

Carolyn qualified as a solicitor 1997. Prior to joining Keystone Law in 2008, she worked at the following firms:

• Oracle
• Virgin Media
• Clifford Chance