Home / People / Emma Burnett
Portrait of Emma Burnett

Emma Burnett

Head of Data Protection

CMS Cameron McKenna Nabarro Olswang LLP
Cannon Place
78 Cannon Street
United Kingdom
Languages English

Emma Burnett is a partner in the Commercial Team and her practice focuses on data protection, technology and outsourcing. She regularly advises high profile international clients on her core specialism of data protection and has significant experience in information technology and intellectual property law, having previously undertaken a secondment to Royal Mail Group Limited as acting Head of the IT/IP legal team.

Emma has extensive experience in drafting and negotiating commercial agreements, including licences and terms and conditions for the supply of goods and services. Emma is known for her proactive, solutions orientated approach and acts for clients across a wide range of industry sectors, including the technology, media and telecommunications, life sciences and financial services sector. Emma sits on the editorial board of Lexis PSL where she advises on data protection, IT and telecoms. She is also a member of the Financial Markets Law Committee, as part of which she has participated in a European Data Protection Reforms Working Group on the EU’s General Data Protection Regulation. 

more less

We think Emma Burnett is great, really proactive and helpful. She comes up with solutions and does what she says she will do.

Client Feedback

Relevant experience

  • A retail company in relation to a comprehensive IT transformation project with a value of between £1-2bn.  The new IT operating model involves the appointment of a ‘service integrator’ supplier who will manage and integrate all IT services. 
  • An international telecoms company drafting binding corporate rules and interfacing with the Information Commissioners Office  including assisting in the analysis of the business’ data flows, current methods of international data transfer and managing the project as a whole, as well as presenting it to internal stakeholders.
  • A retail company on an MVNO creating a major new entrant in the mobile retail sector. As this was a multi supplier solution, Emma advised the business on the overall contracting structure and on each individual agreement with over 11 suppliers to ensure the integration of services, devices and systems to ensure a seamless customer experience. 
  • A major logistics business on the implementation of a group wide governance strategy including advising on the personal data and security issues relating to the development, launch and operation of an HR IT platform; support in lobbying and responding to the Ministry of Justice call for evidence on the proposed draft General Data Protection Regulation and on the strategic approach to a requested ICO audit.
  • A leading international asset manager on a complex multi-jurisdictional project co-ordinating advice from 14 countries across Europe. The project related to the client’s direct marketing and privacy notice requirements in each jurisdiction. Emma also advised in the development of a single comprehensive website privacy notice designed to address the legal requirements across multi-jurisdictions.
  • An international retailer on the unified procurement of its global communication services for all group companies in the UK, Ireland, France, Germany, Spain, Portugal, Poland, Russia, Turkey, Hong Kong and China.
  • A retail bank on the licensing, hosting and support arrangements for a European trading platform.
  • A multinational organisation on a review of its privacy policies across 85 jurisdictions worldwide.
  • Clients in various sectors on installation and monitoring of CCTV and telemetry systems within vehicles, including specific advice on undertaking impact assessments.
  • A retail bank on the outsourcing of its group-wide domestic and global courier services.
more less

Memberships & Roles

  • Member,  the Financial Markets Law Committee
  • Member, the editorial board of Lexis PSL
more less


  • 1996 – LPC (Commendation), College of Law, Guildford
  • 1995 – CPE (Commendation), College of Law, Guildford
  • 1994 – BA (Hons) History (2:1), University of Exeter, Exeter
more less


Show only
22 March 2021
UK reg­u­lat­ors out­line roadmap for co­oper­a­tion in the reg­u­la­tion of di­git­al...
On 10 March 2021, the Di­git­al Reg­u­la­tion Co­oper­a­tion For­um (DRCF) pub­lished its first an­nu­al plan of work for 2021/2022 for co­oper­a­tion, co­ordin­a­tion and a co­her­ent reg­u­lat­ory ap­proach to di­git­al and...
05 March 2021
Data pro­tec­tion and cy­ber­se­cur­ity laws in the United King­dom
Data pro­tec­tion 1. Loc­al data pro­tec­tion laws and scope The Data Pro­tec­tion Act 2018 (“DPA”) cov­ers gen­er­al pro­cessing of per­son­al data in the UK.The DPA sup­ple­men­ted the EU Gen­er­al Data Pro­tec­tion...
22 February 2021
Pro­gress to­wards ad­equacy: European Com­mis­sion pub­lishes draft ad­equacy...
Back­ground On Fri­day 19 Feb­ru­ary, the European Com­mis­sion an­nounced that it had form­ally launched the pro­ced­ure to ad­opt two ad­equacy de­cisions for data trans­fers to the UK. While the de­cisions have not...
28 January 2021
Data Pro­tec­tion in a post-Brexit world: what hap­pens to trans­fers to and...
When the Brexit trans­ition peri­od drew to a close at the end of 2020, the UK moved to a new data pro­tec­tion re­gime known as the UK GDPR but that isn’t the end of the story. At the same time, busi­nesses...
18 September 2020
How will in­valid­ity of the Pri­vacy Shield and new rules for Stand­ard Con­trac­tu­al...
In a re­cent rul­ing, the EU Court of Justice struck down the EU-US Pri­vacy Shield and, though it ruled that stand­ard con­trac­tu­al clauses re­main val­id for trans­fers of per­son­al data out­side the EEA, in­ter­preted...
21 August 2020
Na­tion­al Cy­ber Se­cur­ity Centre (“NC­SC”) re­port high­lights cy­ber risk to...
A re­cent NC­SC re­port has high­lighted a num­ber of cy­ber-at­tacks by hack­ers against the sports in­dustry, lead­ing its Dir­ect­or of Op­er­a­tions, Paul Chichester, to urge sports or­gan­isa­tions to re­view their...
5 August 2020
The data se­cur­ity per­ils of home work­ing
Whilst some busi­nesses are now in the pro­cess of re-open­ing of­fices and premises to staff and cus­tom­ers, for many of us there is still likely to be an ex­ten­ded peri­od of work­ing from home. As they ad­just...
27 July 2020
Data Pro­tec­tion Of­ficers – Avoid­ing a Con­flict of In­terest
On 28 April 2020, the Lit­ig­a­tion Cham­ber of the Bel­gian data pro­tec­tion au­thor­ity (the “APD”) im­posed a €50,000 fine on a Bel­gian com­pany, for non-com­pli­ance with the re­quire­ments re­lat­ing to the...
23 June 2020
Coronavir­us (COV­ID-19) and Pri­vacy
In the last few months, we have seen or­gan­isa­tions across Europe im­pos­ing vari­ous ob­lig­a­tions on their em­ploy­ees, vis­it­ors and cus­tom­ers to fight the spread of the COV­ID-19 vir­us. The un­der­ly­ing meas­ures...
18 June 2020
Reg­u­la­tion for on­line plat­forms: only weeks left to com­ply
There are only a few weeks re­main­ing be­fore the Reg­u­la­tion for on­line plat­forms will come in­to ef­fect in the UK on 12 Ju­ly 2020. Be­fore this date, on­line plat­form pro­viders are re­quired to up­date their...
21 May 2020
UK Adtech re­ceives new guid­ance to ad­dress the pri­vacy chal­lenges of Real...
On 12 May 2020, the Data & Mar­ket­ing As­so­ci­ation (DMA) and the In­cor­por­ated So­ci­ety of Brit­ish Ad­vert­isers (IS­BA) jointly pub­lished “The Sev­en-Step Ad Tech Guide” (the Ad Tech Guide, avail­able here)...
28 April 2020
Key con­sid­er­a­tions for con­duct­ing in­tern­al in­vest­ig­a­tions re­motely
With so many busi­nesses in lock-down, many in­tern­al in­vest­ig­a­tions will have to be con­duc­ted re­motely, with in­vest­ig­a­tion teams, em­ploy­ees, ex­tern­al coun­sel and oth­er pro­viders work­ing from home for the...