Gail E. Crawford

  • Partner
  • Egail.crawford@lw.com
  • 99 Bishopsgate
  • London EC2M 3XF
  • United Kingdom
  • T +44.20.7710.3001
  •  
 

Profile

Gail Crawford, Global Chair of Latham’s Data & Technology Transactions Practice, helps clients navigate complex data privacy and security matters, as well as to license, develop, and exploit disruptive technology.

Ms. Crawford advises many of the world’s leading global technology companies on multifaceted and precedent-defining data privacy and security matters. Her work in the data privacy and security space encompasses advising on compliance programs, product counseling, responding to data breaches and regulatory inquiries, advising on optimal organizational structures, and supporting large, strategic alliances and M&A transactions. She also helps clients navigate a myriad of issues in technology law, including commercial contracts, collaborations, and intellectual property.

Ms. Crawford draws on her experience handling some of the most complicated and sensitive data privacy matters in the global market to provide pragmatic and commercially driven counsel. She brings a deep understanding of the innate value of data and the complex, ever-changing global regulatory framework to help clients achieve their business objectives.

Ms. Crawford regularly writes and speaks on topics related to data privacy and disruptive technology, and serves as an editor of the Latham & Watkins Global Privacy & Security Compliance Law Blog.

Accolades
  • Recognized as a Leading Individual in Data Protection, Privacy, and Cybersecurity. The Legal 500 UK 2020
  • Recognized as a Leading Individual in Data Protection & Cybersecurity The Legal 500 UK 2019
  • “Gail Crawford is outstanding in her ability to understand the problem, assess risk and provide appropriate guidance. She always makes herself available and has an unrivalled command of the data-protection landscape.” The Legal 500 UK 2020
  • “Highly proficient in handling data security and regulatory compliance concerns, among other matters.” Chambers UK 2019
  • “Smart and ultra-commercial.” The Legal 500 UK 2019

Thought Leadership

  • Swiss Regulator Determines Swiss-US Privacy Shield Is Inadequate -  September 15, 2020
  • Practical Considerations for Assessing Data Transfers after Schrems II  -  September 07, 2020
  • China Issues Draft Data Security Law for Public Comment -  August 14, 2020
  • CJEU Invalidates EU-US Privacy Shield -  July 16, 2020
  • EDPB Guidelines – What is the Territorial Reach of the GDPR? -  June 10, 2020
  • Data Protection in Investigations -  April 23, 2020
  • UK Government Releases Details of New ‘Online Harms’ Regime for Online Platforms -  February 21, 2020
  • Law Proposes New Penalties for Data Controllers and IT Companies in Russia -  February 17, 2020
  • Data Protection Impacts for UK Businesses Under the UK Withdrawal Agreement -  February 13, 2020
  • Hong Kong Considers Sweeping Changes to Privacy Laws -  January 22, 2020
  • The Technology, Media and Telecommunications Review, Tenth Edition – UK -  December 17, 2019
  • Big-Ticket Fines and Veil-Piercing Cases Raise Portfolio Company Liability Risks for PE Parents -  October 08, 2019
  • German Data Protection Authorities Adopt New GDPR Fine Model -  October 02, 2019
  • Post-Brexit Implications for NIS Representative Requirements -  August 13, 2019
  • UK Government Launches ‘Smart Data’ Proposals as Data-Portability Agenda Intensifies -  August 02, 2019
  • UK Regulator Imposes Two Substantial Fines for GDPR Data Breaches -  July 12, 2019
  • Time to Prepare for New EU Medical Device Regime -  May 24, 2019
  • UK’s Proposed “Online Harms” Compliance and Enforcement Regime Will Target Platforms -  April 10, 2019
  • MHRA Releases No-Deal Brexit Guidance for Life Sciences Companies -  April 04, 2019
  • EDPB Clarifies Use of Consent and Other Legal Grounds for Clinical Trials, but Challenges Remain -  March 26, 2019
  • The Technology, Media and Telecommunications Review, Ninth Edition - UK -  January 30, 2019
  • French Data Protection Authority Issues €50 Million Fine in Landmark GDPR Case  -  January 23, 2019
  • What a “No Deal” Brexit Means for UK Data Privacy -  January 22, 2019
  • Clinical Trials Under the GDPR: What Should Sponsors Consider?  -  January 18, 2019
  • New Home for Our Interactive GDPR Implementation Tracker – GDPR.lw.com -  April 09, 2018
  • National Cyber Security Centre Releases NIS Directive Guidance -  February 21, 2018
  • Cybersecurity: UK Government Releases Response to Public Consultation on NIS Directive -  February 20, 2018
  • Updated: Latham’s GDPR National Implementation Tracker -  February 14, 2018
  • The Technology, Media & Telecommunications Review, Eighth Edition - UK -  January 13, 2018
  • Group Liability for Data Protection Failure – A New Threat for Private Equity Firms?  -  December 13, 2017
  • Article 29 Working Party Publishes Privacy Shield Review: Better, But Needs Work -  December 08, 2017
  • GDPR Countdown: Latham’s National Implementation Tracker  -  October 16, 2017
  • Schrems Strikes Again? The Future of EU Standard Contractual Clauses  -  October 06, 2017
  • UK Government Sets Out Its Preferred Post-Brexit Landscape for Data Protection -  August 31, 2017
  • Russia Introduces New Definition and Obligations for Audiovisual Service Owners  -  July 20, 2017
  • Buyout Firms Must Take Action to Respond to Global Cyber Threats  -  July 17, 2017
  • Queen Announces New UK Data Protection Bill  -  June 24, 2017
  • How to Comply with the New General Data Protection Regulation: A Q&A with Partner Gail Crawford and Counsel Ulrich Wuermeling -  June 01, 2017
  • Chinese Judicial Authorities Issue Interpretation on Criminal Liability for Misuse of Personal Information  -  May 31, 2017
  • The Countdown Continues: One Year to the GDPR -  May 25, 2017
  • China Publishes Draft Measures Restricting Outbound Data Transfers -  April 14, 2017
  • The Technology, Media & Telecommunications Review, Seventh Edition - UK -  December 20, 2016
  • Senior MP Calls for Regulatory Crackdown on Banks’ IT Systems: 3 Things You Can do to Prepare -  December 06, 2016
  • China Issues Its First Network Security Law  -  November 21, 2016
  • Mitigating Cybersecurity Risks  -  November 10, 2016
  • 5 Preventative Steps to Manage Legal Risk Following a Cybersecurity Breach -  November 08, 2016
  • Digital Single Market: An Overhaul for Telecoms Regulation -  September 30, 2016
  • European Commission Adopts New EU Copyright Rules -  September 15, 2016
  • New EU Data Protection Rules Move the M&A Goalposts  -  August 08, 2016
  • What Does Brexit Mean for UK Data Protection Law? -  June 29, 2016
  • Europe Counts Down to the General Data Protection Regulation -  May 24, 2016
  • Cybersecurity—Rapidly Escalating Regulatory Expectations for Financial Institutions in the US and UK -  March 14, 2016
  • What You Need to Know About the Cybersecurity Act of 2015 -  February 18, 2016
  • Privacy Blog: Proposal of EU-US Privacy Shield Leaves Businesses in State of Uncertainty -  February 04, 2016
  • Privacy Blog: MEPs Agree to Europe's First-Ever EU Cybersecurity Law -  December 14, 2015
  • Technology, Media and Telecommunications Review – UK -  December 07, 2015
  • Technology, Media and Telecommunications Review -  December 07, 2015
  • Privacy Blog: Do German Data Protection Authorities Have Hope for Model Contracts? -  October 26, 2015
  • European Data Protection Authorities Grant Grace Period Until End of January 2016  -  October 16, 2015
  • EU Court of Justice Invalidates US Safe Harbor Decision -  October 06, 2015
  • Privacy Blog: English High Court Declares UK Legislation Expanding Government Powers to Retain and Intercept Data Unlawful -  August 12, 2015
  • Privacy Blog: Snowden's Legacy - Safe Harbor under fire at the CJEU -  March 26, 2015
  • The Technology, Media and Telecommunications Review 2014 -  October 29, 2014
  • The Technology, Media and Telecommunications Review 2014 - United Kingdom -  October 28, 2014
  • The General Counsel’s Role Before and After a Data Breach Incident -  October 06, 2014
  • Al-Mirsal Blog: 5 Ways to Protect your Business from a Cyber Attack -  September 10, 2014
  • Privacy Blog: Emergency UK Legislation Expands Government Powers to Retain and Intercept Data -  August 18, 2014
  • Privacy Blog: The "Right to be Forgotten" Landmark Decision: Beyond the Headlines -  May 21, 2014
  • Cybercrime Loses its Right to Silence -  March 28, 2014
  • Looking Outside the Prism: How Safe are Data Transfers? -  January 06, 2014
  • Data Security: Compliance and Enforcement in the Hospitality Industry -  November 15, 2012
  • UK Cookie Rules: Are you Compliant? -  June 21, 2012
  • The New European Union Privacy Regime — Benefit or Burden for Online Businesses? -  March 16, 2012
  • IP/IT Info Newsletter, Issue 12 -  January 2009
Clients say "'Gail Crawford is outstanding in her ability to understand the problem, assess risk and provide appropriate guidance. She always makes herself available and has an unrivalled command of the data-protection landscape."The Legal 500 UK 2020
Bar Qualification
  • England and Wales (Solicitor)
  • Ireland (Solicitor)
Education
  • Postgraduate IP Diploma, Bristol University, 2004
  • LPC, Nottingham Law School, 1998
    Distinction
  • BA (Hons) Law, Trinity College, 1997
Industries
  • Healthcare & Life Sciences
  • Technology
  • Hospitality, Gaming & Leisure
  • Retail & Consumer Products
Practices
  • Communications Law
  • Technology Transactions
  • Data Privacy & Security
  • Payments & Emerging Financial Services
  • Emerging Companies
  • Outsourcing
  • India Practice