Masha has extensive experience advising on transactional and advisory data protection, privacy and cybersecurity matters across the Middle East, including in the UAE (as well as DIFC and ADGM), Saudi Arabia, Qatar (including QFC) and Bahrain.
Masha is part of the IP, Technology & Commercial group of Clyde & Co in the Middle East. She has been based in the region since 2019 and previously worked in London, where she first trained in-house at one of the world’s largest media and entertainment companies. Masha has worked in the client-facing legal team at KPMG and in the City of London with a leading international law firm.
Masha’s practice includes the development of data protection policies and programmes, conducting gap analyses and data protection compliance audits, localising existing frameworks in line with Middle East data privacy laws, drafting data processing and data sharing agreements, conducting data protection impact assessments, providing in-house data protection training and advising on cross-border data transfers.
Masha's clients include both public and private sector entities in the healthcare, automotive, financial, education, retail, media and entertainment sectors, as well as some of the world's largest technology companies.
Masha is qualified as a solicitor in England & Wales and admitted to the State Bar of California, as well as holding a BSC Data Protection Practitioner certificate and CIPP/US (IAPP) certification.
Masha is fluent in English and Dutch.
- Advising a UAE media company on a data protection compliance audit and implementation of a suite of policies and documentation to support a comprehensive data protection programme.
- Acting as key adviser to a leading privately-owned bank in the UAE on its data protection compliance, including in relation to the UAE Central Bank Consumer Protection Regulation, DIFC Data Protection Law and international privacy laws relating to its branch network, as well as assisting in the implementation of a privacy management solution.
- Advising a UAE property developer and management company on the deployment of facial recognition and other technologies across key tourism and leisure destinations, including support on a data protection impact assessment.
- Advising an energy sector business on the establishment of a data governance structure to manage data protection compliance across multiple business units and departments within the organisation.
- Advising an energy and utilities company on the review of a suite of information security and data protection policies for compliance with international laws across its global network.
- Advising a family group in the Middle East on data privacy issues arising out of the deployment of an AI-enabled lifestyle app, including advising on data analytics and consumer management initiatives.
- Advising a leading educational institution in the UAE on the laws regulating the processing of health information, including the UAE ICT Healthcare Law.
- Advising a KSA government entity on intellectual property and data protection issues in relation to architectural projects.
- Advising a global security services company on data breach procedures and notifications.
- Advising a global pharmaceutical company on its international data transfer arrangements with suppliers, in particular focusing on onward transfers by suppliers.
- Advising a Middle Eastern transportation network company on the implications of the Data Protection Law in Qatar.
- Advising on contractual risks, legal obligations and cross-border transfers under the EU GDPR for leading international clients in the legal, retail, pharmaceutical and financial sectors.