Kay Njoku Consultant Solicitor

With over 18 years post-qualification experience, Kay has extensive experience advising on a broad range of regulatory and compliance matters, data protection and privacy, and employment.  Kay spent the earlier part of her career as a regulatory and compliance lawyer for major financial institutions in the banking and insurance broking sector. She has worked as a consultant over the past few years, supporting organisations across diverse sectors to meet their privacy, legal and compliance objectives.  

Clients include organisations in technology, financial services, social media, SAAS startups, life sciences and media. With a hands-on approach, she has a successful track record of advising on all aspects of the privacy operational lifecycle, privacy program management, privacy governance, AI governance strategies and delivering training. She is focused on working with stakeholders to enhance privacy frameworks to support innovative product development, customer trust and return on investment for organisations.  

Kay holds leading industry certifications, including CIPP/E and CIPM, and has achieved a Fellow in Privacy designation from the IAPP, in recognition of her work in the privacy field. In addition to advisory work, she provides training and delivers end-to-end privacy programme management for organisations.  

Approach to work and clients 

Kay takes a client-focused, relationship-driven approach to her work, placing strong emphasis on building trust through reliability, active listening, and a clear understanding of her clients’ needs. She develops tailored strategies to ensure those needs are effectively met and is committed to cultivating long-term partnerships through consistent, high-quality delivery and proactive engagement. 

She particularly prides herself on her ability to listen and understand her clients’ objectives, drawing on her broad experience across multiple sectors to provide practical, tailored solutions. 

Outside of her professional work, Kay enjoys travelling and gardening.  

Kay can support you across the privacy lifecycle with the following services: 

Data protection and Privacy 

• Gap analysis and privacy audits  
• Regulatory framework including UK/EU GDPR, PECR, Data Protection Act 2028 and DUAA 2025 
• DPO services, including the development of privacy metrics and board reporting aligned with the business’s vision and aims
• Advice and assistance with regulator investigations and inquiries
• Design and delivery of training, workshops and awareness programmes
• Gap analysis and privacy audits, guidance and assistance with preparation for ISO 27701, SOC 2 Privacy and HIPAA-related reviews
• Privacy projects, including data migration projects (e.g. on prem to cloud)
• Privacy operations, including Data Protection Impact Assessments (DPIAs), PIAS, ROPAs, Legitimate Interests Assessments (LIAs), Transfer Impact Assessments (TIAs) and cross-border transfers.
• Vendor due diligence  
• Breach and incident management and reporting  
• Digital advertising (AdTech), RTB, PECR, cookies, pixels and emerging technologies such as cloud and machine learning and AI
• Designing, implementing and maintaining data protection programs aligned with GDPR, CCPA/CPRA, HIPAA, PIPEDA, POPIA, LGPD (Brazil) and other global privacy regulations
• Drafting internal and external policies, privacy notices, standards, and SOPs
• Drafting, negotiating and amending privacy documentation, including DPAs, controller to controller, joint controller agreements, data protection clauses and international transfers 
• User rights requests, including complex DSARs

General Commercial  

• Commercial law, including drafting and negotiating agreements such as terms of business, outsourcing agreements, SaaS and IT contracts 
• Regulatory Compliance  
• Regulatory compliance, including AML, KYC, conflicts, sanctions and FCA rules (ICOB and COB)
• Employee User Rights requests – DSARs, Erasure, complaints 
• Employee privacy notices, SOPS and policies  
• Employee monitoring
• Leavers rights/use of leavers data 
• HR data migrations