Home / People / Emma Burnett
Picture of Emma Burnett

Emma Burnett

Head of Data Protection

CMS Cameron McKenna Nabarro Olswang LLP
Cannon Place
78 Cannon Street
United Kingdom
Languages English

Emma Burnett is a partner in the Commercial Team and her practice focuses on data protection, technology and outsourcing. She regularly advises high profile international clients on her core specialism of data protection and has significant experience in information technology and intellectual property law, having previously undertaken a secondment to Royal Mail Group Limited as acting Head of the IT/IP legal team.

Emma has extensive experience in drafting and negotiating commercial agreements, including licences and terms and conditions for the supply of goods and services. Emma is known for her proactive, solutions orientated approach and acts for clients across a wide range of industry sectors, including the technology, media and telecommunications, life sciences and financial services sector. Emma sits on the editorial board of Lexis PSL where she advises on data protection, IT and telecoms. She is also a member of the Financial Markets Law Committee, as part of which she has participated in a European Data Protection Reforms Working Group on the EU’s General Data Protection Regulation. 

more less

We think Emma Burnett is great, really proactive and helpful. She comes up with solutions and does what she says she will do.

Client Feedback

Relevant experience

  • A retail company in relation to a comprehensive IT transformation project with a value of between £1-2bn.  The new IT operating model involves the appointment of a ‘service integrator’ supplier who will manage and integrate all IT services. 
  • An international telecoms company drafting binding corporate rules and interfacing with the Information Commissioners Office  including assisting in the analysis of the business’ data flows, current methods of international data transfer and managing the project as a whole, as well as presenting it to internal stakeholders.
  • A retail company on an MVNO creating a major new entrant in the mobile retail sector. As this was a multi supplier solution, Emma advised the business on the overall contracting structure and on each individual agreement with over 11 suppliers to ensure the integration of services, devices and systems to ensure a seamless customer experience. 
  • A major logistics business on the implementation of a group wide governance strategy including advising on the personal data and security issues relating to the development, launch and operation of an HR IT platform; support in lobbying and responding to the Ministry of Justice call for evidence on the proposed draft General Data Protection Regulation and on the strategic approach to a requested ICO audit.
  • A leading international asset manager on a complex multi-jurisdictional project co-ordinating advice from 14 countries across Europe. The project related to the client’s direct marketing and privacy notice requirements in each jurisdiction. Emma also advised in the development of a single comprehensive website privacy notice designed to address the legal requirements across multi-jurisdictions.
  • An international retailer on the unified procurement of its global communication services for all group companies in the UK, Ireland, France, Germany, Spain, Portugal, Poland, Russia, Turkey, Hong Kong and China.
  • A retail bank on the licensing, hosting and support arrangements for a European trading platform.
  • A multinational organisation on a review of its privacy policies across 85 jurisdictions worldwide.
  • Clients in various sectors on installation and monitoring of CCTV and telemetry systems within vehicles, including specific advice on undertaking impact assessments.
  • A retail bank on the outsourcing of its group-wide domestic and global courier services.
more less


  • 1996 – LPC (Commendation), College of Law, Guildford
  • 1995 – CPE (Commendation), College of Law, Guildford
  • 1994 – BA (Hons) History (2:1), University of Exeter, Exeter
more less


  • Member,  the Financial Markets Law Committee
  • Member, the editorial board of Lexis PSL
more less


Show only
5 August 2020
The data se­cur­ity per­ils of home work­ing
The data se­cur­ity per­ils of home work­ing looks the risks busi­nesses face - Re­bound & Re­mod­el In­sight from CMS. Find out more.
18 September 2020
How will in­valid­ity of the Pri­vacy Shield and new rules for Stand­ard Con­trac­tu­al...
In a re­cent rul­ing, the EU Court of Justice struck down the EU-US Pri­vacy Shield and, though it ruled that stand­ard con­trac­tu­al clauses re­main val­id for trans­fers of per­son­al data out­side the EEA, in­ter­preted...
23 June 2020
Coronavir­us (COV­ID-19) and Pri­vacy
CMS has pub­lished data pro­tec­tion guid­ance for em­ploy­ers who are re­act­iv­at­ing their work­places, and those that did not shut down their on-site op­er­a­tions.
21 August 2020
Na­tion­al Cy­ber Se­cur­ity Centre (“NC­SC”) re­port high­lights cy­ber risk to...
A re­cent NC­SC re­port has high­lighted a num­ber of cy­ber-at­tacks by hack­ers against the sports in­dustry, lead­ing its Dir­ect­or of Op­er­a­tions, Paul Chichester, to urge sports or­gan­isa­tions to re­view their...
28 April 2020
Key con­sid­er­a­tions for con­duct­ing in­tern­al in­vest­ig­a­tions re­motely
This guide ex­plores the key prac­tic­al and leg­al is­sues that in­vest­ig­at­ors should have in mind when car­ry­ing out their work on in­tern­al in­vest­ig­a­tions re­motely in­clud­ing plan­ning, priv­ilege, in­ter­views and em­ploy­ment rights, data gath­er­ing and pro­tec­tion a
27 July 2020
Data Pro­tec­tion Of­ficers – Avoid­ing a Con­flict of In­terest
On 28 April 2020, the Lit­ig­a­tion Cham­ber of the Bel­gian data pro­tec­tion au­thor­ity (the “APD”) im­posed a €50,000 fine on a Bel­gian com­pany, for non-com­pli­ance with the re­quire­ments re­lat­ing to the...
21 March 2019
CMS Fin­an­cial In­sti­tu­tions Op­er­a­tion­al Re­si­li­ence Re­port
Down­load the full re­port to read about the key is­sues that were dis­cussed dur­ing the pan­el ses­sions and that are likely to arise for fin­an­cial in­sti­tu­tions.
18 June 2020
Reg­u­la­tion for on­line plat­forms: only weeks left to com­ply
There are only a few weeks re­main­ing be­fore the Reg­u­la­tion for on­line plat­forms will come in­to ef­fect in the UK on 12 Ju­ly 2020. Be­fore this date, on­line plat­form pro­viders are re­quired to up­date their...
4 December 2017
Risk Mat­ters: In­sur­ance Sec­tor Up­date (Winter 2017/18)
21 May 2020
UK Adtech re­ceives new guid­ance to ad­dress the pri­vacy chal­lenges of Real...
On 12 May 2020, the Data & Mar­ket­ing As­so­ci­ation (DMA) and the In­cor­por­ated So­ci­ety of Brit­ish Ad­vert­isers (IS­BA) jointly pub­lished “The Sev­en-Step Ad Tech Guide” (the Ad Tech Guide, avail­able here)...
When prop­erly ex­ecuted, out­sourcing can not only drive ef­fi­ciency and per­form­ance gains, thereby cre­at­ing value, but can also de­liv­er sig­ni­fic­ant sav­ings.
24 March 2020
Data se­cur­ity con­cerns with home work­ing: coronavir­us is not the only type...
As many of us settle in­to what is likely to be an ex­ten­ded peri­od of work­ing from home in line with lock­down and so­cial dis­tan­cing meas­ures in­tro­duced by the gov­ern­ment to com­bat the COV­ID-19 pan­dem­ic,...