Danielle van der Merwe advises multinational and UK clients on a range of data privacy and cybersecurity matters, including in connection with the General Data Protection Regulation (GDPR).

Drawing on nearly a decade of experience, Danielle counsels a variety of global companies, leading financial institutions, and major funds on their most complex and sensitive data privacy issues. Her industry experience spans a number of cutting-edge sectors, including technology, social media, and gaming.

Danielle regularly advises clients throughout the corporate lifecycle, serving as an extension of their in-house legal team. She brings particular experience handling cross-border matters arising from product developments, transactions, and investments, including large-scale GDPR compliance reviews. Danielle also delivers sophisticated insight on privacy issues in connection with white collar investigations, both in the UK and internationally.

Her practice includes advising on:

  • Complex data transfer solutions (including transfers in light of the Schrems II ruling)
  • Sensitive internal and external investigations
  • Strategic management of data breach incidents and regulatory inquiries
  • Product counselling
  • Data subject rights requests
  • Online advertising, profiling, and marketing strategies
  • Data sharing arrangements
  • Training programs
  • M&A transactions

A business-minded problem solver, Danielle offers a unique perspective on clients’ needs garnered from her secondment experience at several retail, health, insurance, and sports companies.

Danielle is a member of the International Association of Privacy Professionals.

In addition to her commercial work, Danielle provides privacy-related counsel to nonprofit clients on a pro bono basis.

Danielle’s experience includes advising:

  • A significant social media company in matters before the Irish Data Protection Commission and other international regulatory bodies on issues related to data privacy
  • Several issuers and underwriters in connection with privacy issues arising from initial public offerings
  • A global healthcare and pharmaceutical company on its data privacy obligations arising out of a FCPA investigation*
  • Various companies in relation to data privacy aspects of white collar investigations
  • A global investment firm on privacy and security aspects related to the sale of WebMD, a health information web portal operating in the US, the EU, and the Asia-Pacific region
  • A large music industry company on privacy advice relating to vendor procurement and processing agreements
  • Various global airlines and airlines manufacturers on their compliance with global data privacy laws (including the GDPR)
  • Various organizations in the financial sector, including hedge funds, private equity firms, and securitization providers, about their obligations under the GDPR
  • A large pension fund and administrator on its obligations under the GDPR, including contentious data subject rights requests
  • A prominent international gaming and retail company in relation to its compliance with the GDPR
  • A global electronic manufacturing company on securing binding corporate rules*
  • A large online design platform on a multi-jurisdictional data breach incident
  • A large technology company on its use of profiling and analytics technologies

*Matter handled prior to joining Latham

Bar Qualification

  • Scotland (Solicitor)

Education

  • LL.B. (First Class Honors), University of Aberdeen, 2008

Languages Spoken

  • Afrikaans
  • English