Kelly Hagedorn



Kelly Hagedorn defends clients in regulatory investigations and disputes, leveraging a significant enforcement background to help them minimize risks under UK and European data protection laws and navigate the evolving field of cyber, privacy and online safety.

Leading online and social media platforms, a global innovator in e-learning services and a pioneering mobile gaming company all rely on Kelly to guide them through the legal, regulatory and reputational risks related to data and operating online.

Kelly is highly skilled at developing risk-based solutions for clients, both proactively and in the event of a crisis. She regularly counsels clients on the GDPR and UK Data Protection Act 2018, data protection compliance programmes and policies and tools to track and prevent the dissemination of harmful or illegal content online. She also brings experience advising clients on incident response, as well as white-collar investigations, litigation and parliamentary investigations – particularly those involving data breaches, fraud and financial crimes, and securities laws.

Earlier in her career, Kelly undertook secondments to the Serious Fraud Office and a major telecommunications company, where she helped develop and implement the company’s anti-bribery compliance programme.

  • Online Safety

    • Advising owners of online platforms, products and services on online safety-related obligations and in connection to monitoring and mitigating harmful or illegal content, all with the aim to keep online users safe.
    • Advising multiple online businesses across a range of sectors (including travel, social media and app developers) on compliance with the EU Digital Services Act. Advising an e-learning service provider on the application of, and compliance with, developing online safety and children’s privacy laws in the UK and Europe.

    Incident Response and Privacy Litigation

    • Representing a payments company in litigation concerning allegations of breach of the GDPR, as well in injunction proceedings for breach of confidence.
    • Advising numerous clients in technology, fintech, gaming, AI, entertainment and other industries in connection with data privacy matters and data breach responses, including regulatory enquiries.
    • Advising multinational companies on litigation in the English Courts relating to alleged contraventions of data protection legislation, often arising from personal data breaches.
    • Representing a multinational video game and digital entertainment company on a strategic response to the high-stakes zero-day vulnerability in MOVEit, including developing a communications strategy and managing workflows for investigation, data impact and analysis, threat actor engagement and law enforcement relationships. (Sony)
    • Advising a multinational manufacturer and a semi conductor company in response to attacks attributed to Scattered Spider (Clorox and Qorvo).


    • Designing and implementing data protection compliance programmes for numerous international clients.
    • Advising firm clients in connection with international data transfers.
    • Assisting multiple clients with responses to data subject access requests.
    • Assisting several UK and international charities with their compliance programmes on a pro bono basis.

    Litigation and White Collar

    • Advising a banking group and certain of its officers in connection with substantial claims and exposures arising out of the collapse of the Abraaj Group.
    • Advising the former CFO of a global institution in connection with the regulatory and other consequences of that institution’s failure.
    • Representing a senior bank trader in connection with investigations in the UK and the U.S. into allegations of manipulation of the London Interbank Offered Rate.
    • Advising the liquidators of an international group with regard to a US$200 million claim in the English High Court against the group’s former bankers, alleging breach of the bank’s duties of care to its customers and dishonest assistance.