Skip to main content
Focusing on data protection/privacy/information law, I advise clients from a variety of sectors, particularly technology (as I have computing science degrees and tech expertise, particularly regarding cloud computing and also security issues), and banking/financial services (having formerly practised as a finance/corporate insolvency lawyer). Most of my work is for large multinationals, whether based in the UK/EU or elsewhere, who require assistance with multi-country matters.
I assist clients with issues of practical compliance, implementation and application under the GDPR and UK Data Protection Act 2018, ePrivacy Directive (cookie law, e-marketing), and also security-related laws such as the EU NIS Directive. I advise on the usual range of matters, involving operationalisation as well as content, from legal basis (including legitimate interests assessments), privacy notices, cookie notices/banners, data processing/sharing agreements and international transfer arrangements (my book on transfers was recommended to be read "by every data protection supervisory authority and law-maker in Europe"), to data protection impact assessments for new projects/products, technical and organisational measures for security and data protection by design and by default, and broader governance and strategic issues.
I also advise clients on dealing with security incidents, including their notifiability and notifications, and on handling data subject requests.

I am an Editor of the Encyclopedia of Data Protection and Privacy, a guest lecturer on data protection/security laws at Imperial College London, and a member of the UN Privacy Preserving Techniques Task Team. I was previously (part-time) an i100 volunteer with the UK's National Cyber Security Centre 2019-20, a volunteer with the UK Information Commissioner's Office (ICO) 2018-19, an invited observer to CISPE (the Cloud Infrastructure Services Providers in Europe) 2017-2018, and a member of the British Computer Society’s Information Privacy Expert Panel 2015-2017. I was lead author of eight chapters of Cloud Computing Law (1st edition, OUP 2013), including the four chapters on data protection, and contributed to ENISA's 2017 report on blockchain and security for financial institutions. My articles, many with collaborators, have been published e.g. by the Journal of International Data Privacy Law, Society for Computers and Law and Stanford Technology Law Review.
I regularly speak at industry and other events, having presented at Privacy Laws & Business' annual conference and for Computing, TechUK and the UK Cabinet Office.
In my spare time, I sing second soprano with the BBC Symphony Chorus, London Symphony Chorus and other choral or opera groups.

What others say…

Kuan is an extremely knowledgeable privacy lawyer. The advice she has provided to us has been very helpful and we have a great working relationship. We consider ourselves very fortunate to have a counsel like Kuan.

Large AsiaPac-headquartered technology group with global operations

Kuan Hon is extremely knowledgeable and always very helpful. In working with Kuan, we highly appreciate her responsiveness and pragmatic advice. Kuan always offers clear guidance, which is well explained and supported. It is a great pleasure to work with Kuan, who is our trusted and very reliable counsel for all GDPR matters.

Large North American-headquartered industrial equipment group with global operations

Because of the outstanding work you have performed for my group on GDPR, I would recommend you personally as the preferred legal counsel without reservation – I have been retaining only the best lawyers for the last 45 years and it has serviced my employers and me well.

Senior US counsel for a large security technology group with global operations

Download Profile

Download Now