Kelly Hagedorn



Digital Services Act Readiness Assessment

We created Orrick’s EU Digital Services Act (DSA) Tool to help businesses determine whether they are subject to the new rules imposed by the DSA. The tool will help internet service providers, content delivery services, hosting services (including online platforms) and search engines, which offer their services to users in the EU, determine which requirements of the DSA are applicable to their business and assess their readiness for this new and wide ranging legislation.

Kelly Hagedorn supports global clients on legal and regulatory issues involving data privacy regulation and litigation, using her extensive enforcement background to help clients mitigate risk under United Kingdom (UK) and European (EU) data protection laws. She has significant experience helping clients navigate white-collar investigations and international disputes involving major fraud allegations in the growing area of privacy enforcement and litigation. Kelly was previously named in Global Data Review’s inaugural “40 Under 40” list of the best and brightest upcoming data lawyers.

Kelly provides comprehensive regulatory advisory services to clients, including counseling on the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. She has designed and implemented data protection compliance programmes for clients in a range of sectors, including technology, gaming, manufacturing, and private equity.

Kelly has worked with companies to respond to data incidents that range from small-scale issues that do not attract regulatory attention to large, multi-jurisdictional breaches requiring coordination across numerous different regulatory regimes. She has also advised extensively on litigation matters involving allegations of fraud and financial crime, and in connection with securities laws.

During her career, Kelly has undertaken secondments to the Serious Fraud Office and a major telecommunications company. At the Serious Fraud Office, she worked on a number of cases dealing with restraint and confiscation matters. During her time with the telecommunications company, she helped develop and implement the company’s group-wide anti-bribery compliance programme security associated with data retention, processing, and transfer.

  • Data Privacy

    • Advising an international company in connection with a significant data breach.
    • Advising a technology company on responses to regulatory enquiries.
    • Advising numerous clients on data breach responses.
    • Advising a technology company relating to a major investigation into data privacy matters.
    • Advising multinational companies on litigation in the English Courts relating to alleged contraventions of data protection legislation.


    • Designing and implementing data protection compliance programmes for numerous international clients.
    • Advising firm clients in connection with international data transfers in light of the decision of the Court of Justice of the European Union in Schrems II.
    • Assisting several UK and international charities with their compliance programmes on a pro bono basis.

    Litigation and White Collar

    • Advising a banking group and certain of its officers in connection with substantial claims and exposures arising out of the collapse of the Abraaj Group.
    • Advising the former CFO of a global institution in connection with the regulatory and other consequences of that institution’s failure.
    • Representing a senior bank trader in connection with investigations in the UK and the U.S. into allegations of manipulation of the London Interbank Offered Rate.
    • Advising the liquidators of an international group with regard to a US$200 million claim in the English High Court against the group’s former bankers, alleging breach of the bank’s duties of care to its customers and dishonest assistance.