Fiona M. Maclean

  • Partner
  • 99 Bishopsgate
  • London EC2M 3XF
  • United Kingdom
  • T +44.20.7710.1822


Fiona Maclean advises a diverse range of clients across industries on data privacy compliance and IT and business processing transactions, with a particular focus on cloud computing and data strategy.

Ms. Maclean brings a unique cross-section of knowledge and experience spanning data, technology, and commercial contracts to help clients navigate complex, multi-jurisdictional transactions within the broader framework of data privacy laws. She advises a broad base of clients ranging from start-ups to technology giants and leading financial institutions. Her work at the nexus of the commercial and data worlds includes advising on operational resiliency risks and regulatory requirements including some of the most transformational cloud deals in the global market.

Ms. Maclean writes extensively on technology and privacy law for prominent industry organizations, including the World Economic Forum, the Association for Financial Markets in Europe (AFME), and the Association of Foreign Banks.

  • Ranked – Up and Coming for Outsourcing
    Chambers UK 2021
  • Ranked – Next Generation Partner for IT and Telecoms; Key Lawyer for Fintech and Protection, Privacy, and Cybersecurity
    The Legal 500 UK 2021
  • Ranked – Next Generation Partner for Commercial Contracts
    The Legal 500 UK 2020
  • Rising Star Award – Fintech
    Law360 2020
  • "A name to note for cloud outsourcing and data privacy"
    The Legal 500 UK 2021


Ms. Maclean's representative matters include advising:


  • A leading global investment management firm on a transformational migration of its investment management platform to the cloud, including drafting and negotiating the definitive agreements governing the cloud services and associated licensing, support, and professional services; this project involved parallel negotiations with both Microsoft and AWS
  • A global financial services client on its cloud negotiations and multijurisdictional compliance with data and security laws with Google Cloud
  • A confidential FMCG company in relation to the outsourcing of its infrastructure services and subsequent migration to IBM's Hybrid Cloud
  • A highly confidential government entity in relation to the procurement of both professional services and Azure cloud services from Microsoft

Commercial Contracts and Outsourcing

  • A financial services company in relation to its investment and collaborative venture with Privé to develop a first-of-its kind multi-jurisdictional wealth management platform
  • Tradeweb Markets in the drafting and negotiation of a global Benchmark Administration Agreement and Master Outsourcing Agreement
  • OpenX, a programmatic advertising technology company, in relation to an innovative outsourcing collaboration with Google Cloud Platform


  • Facebook in relation to the company’s global data privacy matters, including advising on its regulatory response to the investigation of alleged data breaches
  • A leading investment bank on key data privacy and regulatory issues in respect of its initiative to develop an alternative data business through strategic partnerships with Fortune 500 companies that enabled the client to create derived data sets and insights
  • A publicly listed Chinese technology and internet company on global privacy compliance for its cross-border products including in the social media, gaming, cloud, and advertising space
  • A global online luxury fashion retail platform on data protection issues associated with the acquisition of and collaboration with a Chinese e-commerce platform


  • A leading provider of distributed ledger technology in its negotiations for the implementation of a post-trade market infrastructure platform utilizing blockchain
  • Multiple companies on all aspects of their involvement in a flagship global digital currency initiative
  • A global provider of digital and automated workflows for capital markets on the development of its platform for tokenized equity that uses blockchain technology
  • A consortium of 16 banks in relation to the development and implementation of a new exchange for the sharing of information between manufacturers and distributors of financial instruments for the purposes of compliance with the MiFID II product governance rules

Thought Leadership

  • New Standard Contractual Clauses and Final EDPB Recommendations – Next Steps -  June 25, 2021
  • Consent Under PSD2 and the GDPR: Squaring the Circle -  March 26, 2021
  • Data Protection Brexit Checklist: Businesses Can Rely on Personal Data Transfer Grace Period -  December 30, 2020
  • The Commission’s Draft Updated Standard Contractual Clauses — A Close Look -  December 07, 2020
  • The EDPB’s Draft Data Transfer Guidance Following Schrems II – A Close Look -  November 19, 2020
  • Privacy and Payments: New Draft EU Advice for Financial Institutions  -  November 04, 2020
  • Swiss Regulator Determines Swiss-US Privacy Shield Is Inadequate -  September 15, 2020
  • New Data Protection Law in the DIFC -  September 11, 2020
  • CJEU Invalidates EU-US Privacy Shield -  July 16, 2020
  • ESMA Draft Guidelines on Outsourcing to Cloud Service Providers -  June 16, 2020
  • UK Firms Should Share Customer Information Cross-Border Intra-Group to Fight Money Laundering and Terrorist Financing -  May 22, 2020
  • World Economic Forum Launches First-of-Its-Kind Blockchain Deployment Toolkit -  April 28, 2020
  • Alternative Data: Regulatory and Ethical Issues for Financial Services Firms to Consider -  March 04, 2020
  • EIOPA Issues Final Guidelines on Outsourcing -  February 27, 2020
  • Law Proposes New Penalties for Data Controllers and IT Companies in Russia -  February 17, 2020
  • Regulator Raises Concerns Over Alternative Data -  January 31, 2020
  • Hong Kong Considers Sweeping Changes to Privacy Laws -  January 22, 2020
  • Financial Institutions and the Cloud: How to Navigate an Evolving Regulatory Landscape -  November 12, 2019
  • Big-Ticket Fines and Veil-Piercing Cases Raise Portfolio Company Liability Risks for PE Parents -  October 08, 2019
  • FSB Concerns Over Cloud Concentration in Financial Services Continues  -  October 08, 2019
  • Inclusive Deployment of Blockchain for Supply Chains: Protecting Your Data -  September 10, 2019
  • How Are European Supervisory Authorities Exercising Cooperation and Consistency In Practice? -  September 02, 2019
  • Post-Brexit Implications for NIS Representative Requirements -  August 13, 2019
  • UK Regulator Imposes Two Substantial Fines for GDPR Data Breaches -  July 12, 2019
  • UK’s ICO Publishes New Guidance on Cookies -  July 12, 2019
  • Regulators Get Tough on Regulatory Outsourcing Failings -  June 06, 2019
  • RuNet Law: New Russian Law Could Significantly Impact Telecom and Internet Providers and Social Media Platforms -  May 22, 2019
  • FCA Outlines Key Deadlines for PSD2 Compliance -  May 10, 2019
  • ICO Launches Consultation on Age-Appropriate Design: A Code of Practice for ISS  -  April 26, 2019
  • No Deal Brexit and Data Transfers: Companies Must Prepare Now  -  March 20, 2019
  • What EBA’s Outsourcing Guidelines Mean for Financial Institutions  -  March 18, 2019
  • DIFC Issues New Direct Marketing and Electronic Communications Guidelines -  February 04, 2019
  • European Commission Adopts Adequacy Decision for Japan  -  January 29, 2019
  • EDPB Publishes Regulatory Guidance on Territorial Scope of GDPR -  January 03, 2019
  • Outsource Service Providers to Financial Services — A Growth Sector for Buyout Firms  -  December 21, 2018
  • European Banking Authority’s Draft Guidelines on Outsourcing: Discussion of Key Themes  -  September 14, 2018
  • FCA Speaks Out on the Ethics of Big Data  -  July 16, 2018
  • National Cyber Security Centre Releases NIS Directive Guidance -  February 21, 2018
  • Cybersecurity: UK Government Releases Response to Public Consultation on NIS Directive -  February 20, 2018
  • What Next for Distributed Ledger Technology? -  December 21, 2017
  • Regulatory Sandboxes — a Global Stocktake -  November 13, 2017
  • Bank of England Opens Up Access to Payment Schemes for FinTech Firms  -  July 25, 2017
  • Service Levels and Service Credit Schemes in Outsourcing -  July 10, 2017
  • Up into the Clouds?  -  June 22, 2017
  • FCA Regulatory Sandbox Update: Successes in Round One, Application Window for Round Three Open  -  June 16, 2017
  • Bank of England Launches Blueprint on New RTGS Service -  May 16, 2017
  • European Parliament’s Committee on Economic and Monetary Affairs Publishes Fintech Report -  May 14, 2017
  • FCA Launches Discussion on Distributed Ledger Technology -  April 20, 2017
  • Blockchain – A New Era for the Energy Market?  -  March 23, 2017
  • GDPR Guidance: DPOs, Data Portability & the One-Stop-Shop -  December 21, 2016
  • World-First Regulatory Sandbox Open for Play in the UK -  May 9, 2016
  • Cybersecurity—Rapidly Escalating Regulatory Expectations for Financial Institutions in the US and UK -  March 14, 2016
  • Looking Outside the Prism: How Safe are Data Transfers? -  January 06, 2014

"Particularly recognized for her work on cloud computing"

"Really strong technically and committed to clients"

"Very good to work with and developing a good practice on the cloud side"

Chambers UK 2021
Bar Qualification
  • England and Wales (Solicitor)
  • Scotland (Solicitor)
  • Diploma in IP Law, University of Oxford, 2012
  • QLTT, BPP Law School, 2012
  • Diploma in Legal Practice, University of Strathclyde, 2007
  • Bachelor of Laws, University of Aberdeen, 2006
  • Financial Institutions
  • Fintech
  • Technology
  • Communications Law
  • Technology Transactions
  • Payments & Emerging Financial Services
  • Connectivity, Privacy & Information
  • Outsourcing