Hanna Hewitt



Hanna advises clients on both cybersecurity and data protection issues, helping them to navigate what is becoming an increasingly regulated area both in the UK, EU and beyond.

Hanna works with a range of clients from FTSE100 companies to early-stage companies across a breadth of sectors helping them to handle cyber incidents. She supports clients with immediate response to cyber incidents, including working with forensic providers to eradicate and contain cyber threats as well as advising clients on their obligations in relation to regulatory bodies and third parties. Hanna also supports clients with ongoing cyber risk management and privacy compliance uplift programs to help clients mitigate regulatory and third-party risk.

She also provides privacy advisory support to clients, working on multi-jurisdictional matters. She assists clients with privacy compliance uplift programs and advises on privacy documentation relating to data retention, processing and transfer.

Hanna trained at Orrick and during her training contract also gained experience in litigation, corporate (Technology Companies Group) and competition.

  • Cyber security engagements

    • Advised a FTSE100 company in connection with an Office 365 compromise.
    • Advised a pharmaceutical company following a ransomware incident by a prevalent threat actor including notifying regulators following data encryption and exfiltration and subsequently advising on a privacy compliance uplift programme.
    • Advised a professional services company following a ransomware incident including notifying data subjects following data publication.
    • Advised a global payments provider on a potential data breach following disclosure of information by a former employee.

    Data protection engagements

    • Advised an education charity on its privacy compliance programme and implemented the necessary compliance documentation.
    • Advised an international social media company in relation to an ongoing uplift to their compliance programme, which included advising on privacy and cyber security compliance.
    • Advises both domestic and international clients on the implementation of privacy compliance strategies and documentation including in relation to international data transfers, cookie and tracking technologies and statutory transparency obligations.

    Technology Companies Group engagements

    • Advised Plentific in relation to its £72.8 million Series C financing.
    • Advised Butternut Box in relation to its £40 million Series D financing.
    • Advised Lightyear in relation to its Series Seed financing.
    • Advised Egress Software Technologies Limited in relation to its acquisition of Aquilai Limited.
    • Advised Currencycloud in relation to its US$695 million acquisition by Visa.