Global menu

Our global pages

Lorna Doggett, Principal Associate

Lorna Doggett

Principal Associate



Practice areas

  • Privacy, data protection and cybersecurity

Practice notes

Lorna is a Principal Associate specialising in Data Privacy & Information Law within our CCPG practice group.

Lorna advises on all aspects of data privacy compliance for our clients across all sectors. Her sector expertise primarily focuses on financial institutions. Lorna is advising several major UK banks (many of whom have both retail and corporate divisions), challenger banks, branches and local entities of banks whose head offices/headquarters are located overseas, building societies and their membership organisations, insurers, and operators of funds and investment managers on various matters connected to their GDPR compliance programmes. Lorna advises financial institutions on their direct marketing programmes and the GDPR consent versus legitimate interests/e-privacy regime interplay. Lorna advises on privacy compliance and arrangements in the context of large scale multi-jurisdictional outsourcing and corporate transactions.

Lorna has a wealth of experience and particular technical expertise in relation to trustee clients and their data privacy issues. This includes strategic GDPR advice on what to do with trustee advisers who consider themselves to have a different role to the role the trustee has determined (eg administrators who consider themselves not to be data processors). Lorna advises our trustee clients on risks and on implementation associated with the heavily document based new regime, including accountability. Lorna has worked with numerous trustee clients on their GDPR data record, data protection policy, privacy notices (preparation of and assessing when exemptions apply), data processor terms with suppliers for Article 28 compliance, joint controller terms with actuaries (where relevant) for Article 26 compliance, and the difficulties of tackling data retention as a trustee having regard to the tension between GDPR and the desire to keep member records for lengthy periods. Lorna was heavily involved in preparing the Eversheds Sutherland GDPR precedent documents for trustee clients.

Lorna has specialist knowledge of advising trustee clients personal data breaches by their administrators, data sharing with employers, privacy impact assessments, and how to deal with data subject (member and beneficiary) rights requests under GDPR. Lorna has seen many of the GDPR rights be misunderstood by members and beneficiaries (in particular, the right of erasure) and is used to assisting our trustee clients on how to explain when rights are not, in fact, engaged. Lorna regularly advises them on the Data Protection Act 2018, in particular the public interest and social protection related processing grounds for special category personal data/criminal convictions and offences data. Lorna is well versed in the data protection related issues which arise from bulk annuity policies and has advised many trustee clients on the terms they have in place with insurers, as well as during policy negotiation.

Lorna frequently delivers GDPR training sessions to our clients and their membership associations, most recently to multiple pensions trustees, banks, firms and at more general GDPR implementation training sessions run from Eversheds Sutherland offices. This includes (pre-GDPR) speaking at our ‘GDPR for pensions professionals’ seminar series and (post-GDPR) speaking at trustee update sessions.