Tracy Phillips


A practicing Lawyer and admitted to the Law Society of the United Kingdom as a Solicitor in 2010, Tracy’s background and professional area of expertise spans 20 years in the field of Information Law and Information Governance. Reviewing and embedding privacy, security and records management within the International Private Sector and both Local and Central Government across EMEA, APAC, LATAM and the US as the regulatory landscape across the globe changes. International Private sectors:
  • EMEA Fintech
  • EMEA / APAC / US Global Investment Banking/Wealth Management
  • EMEA / APAC / US Global Insurance (Re)
  • EMEA / APAC / US Global Electronic Brokerage
  • EMEA Automotive Industry
  • Professional Services Organisations
  • EMEA / US Media
  • EMEA / APAC / LATAM / US Leisure
  Engagements are typically complex and require collaboration across multinational time zones with key CEOs, SVP and client’s key stakeholders. Understanding and interpreting client compliance obligations across multiple regulatory frameworks and creating matrix’s of commonalities between them, including but not limited to:
  • GDPR
  • DPA 2018
  • CCPA
  • PECR
  • NIS Regulations (UK/EU)
  • NIST (US)
  • GBLA
Innovative collaboration considering the application of emerging technologies, including AI, Distributed Ledgers and Biometrics within the Fintech, Banking, Insurance and Public Sector. Using agile methodology leading and advising compliance programs across multinational landscapes EMEA, APAC, LatAM and the US. Undertaking gap analysis, assessing risk & compliance mechanisms, identifying priorities and preparing roadmaps for compliance.

Key Skills

Tracy’s leadership and advisory experience in embedding compliance programs across multi-jurisdictional landscapes is of the highest quality with extensive knowledge and experience in the following:
  • International Supply Chain experience including Vendor due diligence;
  • Local adequacy assessments – working at a global level;
  • Data Sharing within the group and across group affiliates;
  • Binding corporate rules (BCR);
  • Standard Contractual Clauses (SCC);
  • Data protection Impact assessments and Privacy Impact assessments (DPIA/PIA);
  • Advising on global data protection and privacy regulatory compliance and good practice;
  • Measures and controls against International Standards including but not limited to ISO 27001 / ISO 27002 / ISO 15489;
  • Monitoring and keeping abreast of global regulatory developments;
  • Promoting awareness and understanding of data protection (regulatory, information security controls and privacy) requirements across the company and business units;
  • Maintaining data protection notifications and registrations and building relations with global Supervisory Authorities;
  • Acting interim DPO for clients;
  • Working closely with Internal Auditors to develop appropriate and bespoke compliance audit inspections;
  • Managing Global Privacy Impact Assessments and /or DPIAs across the business and for new products;
  • Investigating global complaints and/or potential breaches and recommending remedial action;
  • Leading the development and implementation of cross border data transfers in line with Standard Contractual Clauses / Binding Corporate Rules, taking into consideration any derogations from the GDPR in EMEA and initial lawful basis for processing;
  • Developing standard data protection model contracts/addendums and clauses and developing supplier/processor due diligence questionnaires and ITT’s;
  • Leading the contract management review and negotiation in respect of data protection, privacy, security and data governance clauses;
  • Managing the data governance risk management process;
  • Providing compliance / findings reports and risk assessments for the Board, Executives Committees and Senior Management;
  • Designing, implementing and managing global privacy compliance programs, including the development and implementation of policies, employee training, communication, and program performance metrics;
  • Strong subject matter expertise and knowledge of UK, European and US privacy laws, regulations, industry standards, and best practices;
  • Up-to-date with the latest developments in the privacy domain globally.


Qualifications and Certifications from Professional Bodies
  • Current Practicing Certificate.
  • Admitted to Roll of Solicitors 2010.
  • London South Bank University 2:1 LLB (Hons) Law.
  • ISEB & BCS Data Protection Qualification (2010).