Andrew is a partner specialising in all aspects of data protection and privacy work including data protection audits, data security incidents, cross-border data transfers, outsourcing arrangements, subject access requests, direct marketing and general data protection and freedom of information compliance. He also advises on information technology projects including in relation to outsourcing, ecommerce and consumer law matters.

Andrew is a trainer on the PDP data protection practitioner's course. He also advises the Interactive Media in Retail Group (the UK online retail association) on data protection and ecommerce matters. He is a member of the Society for Computers and the Law and regularly contributes articles to academic and trade publications.


Examples of experience include advising:

  • An international insurance company, operating in more than 100 countries, on its European wide GDPR compliance project. The project involves mapping the insurer's data sources and data flows, updating information policies and procedures, re-designing fair processing notices and consent wording and remediating contracts with third party suppliers
  • A large quasi-public sector organisation in connection with its GDPR compliance project including providing training to over 100 key stakeholders
  • A large UK consumer facing organisation on its strategy and approach to the use of personal data, including customer data, across the organisation in anticipation of the GDPR. This includes advising the client on an overhaul of its approach to direct marketing consents
  • A FTSE 250 international company on global cloud HR and Payroll solutions that involved the processing of sensitive personal data. We were instructed to co-ordinate a review of data protection implications across multiple jurisdictions and to negotiate data processing arrangements to ensure compliance with relevant data protection and privacy laws
  • An international retailer on the use of Microsoft cloud services including data protection cross-border compliance issues
  • A national organisation with a high profile brand in relation to a major data security incident that placed our client at risk of significant brand damage and financial costs
  • An international telecommunications company on the data protection and privacy issues relating to its outsourcing of an email platform for its customers
  • A national organisation on a data protection audit of key contracts with suppliers and customers (with an estimated contract value of over £1bn)
  • The Interactive Media in Retail Group (the UK online retail association) on guidance for members and responses to consultations on new legislation including: training and guidance on the GDPR and providing content for the IMRG UK Passport which provides information to retailers on the UK and EU regulations relating to ecommerce.

"Andrew Kimble is an accomplished data protection and information law practitioner with experience advising on data licensing projects and cross-border data transfer issues. He is particularly noted for expertise in data law with respect to retail and e-commerce."  


Chambers and Partners 2017