Payne Hicks Beach

Payne Hicks Beach

Sian Stephens

Sian Stephens

Sian specialises in all aspects of data protection law, to include compliance with the General Data Protection Regulations GDPR and the Data Protection Act 2018. 

Sian has worked with a range of SMEs, US and technology companies, in the Fintech, Fashtech, Adtach, Medical Tech and the Microsoft technology space and has advised in respect of privacy laws in the United States including the California Consumer Privacy Act (CCPA) and has an international data focus. 

Sian’s data work consists of advising and drafting compliant policies and procedures to include data protection policies/ privacy standards, a range of privacy policies for websites, APPs and commercial contracts, cookies policies, fair processing notices for employees, workers and contractors, recruitment privacy notices, marketing consent notices, data transfer agreements/standard model contractual clauses, Binding Corporate Rules, and retention, security, IT, bring your own device policies, subject access request policies, data breach policies, data sharing and data processing agreements. Sian conducts data audits and data mapping processes to ensure ICO compliance and advises upon the e-privacy regulations and the PECR.

Her technology work has involved, drafting and reviewing Master Services Agreements, Professional Service Agreement, NDA's, Framework Agreements, Software as a Service (SAAS)  and Website as a Service Agreements, End-User Licences, Reseller Agreements, Licences to Assign IP and a range of corporate commercial bespoke contracts.

Sian’s Data work has consisted of:

  1. Advising a large charitable church organisation upon all aspects of their data protection procedures to include the collection of personal data by attendees of the church and the drafting of all required policies, consents and data procedures to ensure GDPR compliance.

  2. Conducting data protection work, to include GDPR face to face training programmes with a financial institution regulated by the FCA, including reviewing and amending internal policies and procedures and bank account terms and conditions.

  3. Conducting a range of data protection work for a large London estate agency, to include drafting all internal policies and advising on the usage and collection of data for house sales and lettings from customers, landlords and third parties.

  4. Advising a recruitment agency upon data protection practices and drafting policies to include how they use candidate data, staff data internally and externally and how they contact new candidates and clients to promote their services.

  5. Conducting data protection work for a medical tech client who invented a device to assist the NHS and private care sector, drafting a range of data protection policies to include data sharing and data processing agreements and End User terms.

  6. Advising a number of Drone companies upon data protection matters under the Drone Regulation Bill.


Sussex University LLB, LLM International Commercial Law.

Sydney University LPAB, Legal Professional Admissions Board.

Admitted in England & Wales and Australia (New South Wales).

Qualified in England in 2009, joined Payne Hicks Beach October 2020.

Back to Associates Back to Corporate