Danielle van der Merwe advises multinational and UK clients on a range of data privacy and cybersecurity matters, including in connection with the General Data Protection Regulation (GDPR).

Drawing on nearly a decade of experience, Ms. van der Merwe counsels a variety of global companies, leading financial institutions, and major funds on their most complex and sensitive data privacy issues. Her industry experience spans a number of cutting-edge sectors, including technology, social media, and gaming.

Ms. van der Merwe regularly advises clients throughout the corporate lifecycle, serving as an extension of their in-house legal team. She brings particular experience handling cross-border matters arising from product developments, transactions, and investments, including large-scale GDPR compliance reviews. Ms. van der Merwe also delivers sophisticated insight on privacy issues in connection with white collar investigations, both in the UK and internationally.

Her practice includes advising on:

  • Complex data transfer solutions (including transfers in light of the Schrems II ruling)
  • Sensitive internal and external investigations
  • Strategic management of data breach incidents and regulatory inquiries
  • Product counselling
  • Data subject rights requests
  • Online advertising, profiling, and marketing strategies
  • Data sharing arrangements
  • Training programs
  • M&A transactions

A business-minded problem solver, Ms. van der Merwe offers a unique perspective on clients’ needs garnered from her secondment experience at several retail, health, insurance, and sports companies.

Ms. van der Merwe is a member of the International Association of Privacy Professionals.

In addition to her commercial work, Ms. van der Merwe provides privacy-related counsel to nonprofit clients on a pro bono basis.

Ms. van der Merwe’s experience includes advising:

  • A significant social media company in matters before the Irish Data Protection Commission and other international regulatory bodies on issues related to data privacy
  • Several issuers and underwriters in connection with privacy issues arising from initial public offerings
  • A global healthcare and pharmaceutical company on its data privacy obligations arising out of a FCPA investigation*
  • Various companies in relation to data privacy aspects of white collar investigations
  • A global investment firm on privacy and security aspects related to the sale of WebMD, a health information web portal operating in the US, the EU, and the Asia-Pacific region
  • A large music industry company on privacy advice relating to vendor procurement and processing agreements
  • Various global airlines and airlines manufacturers on their compliance with global data privacy laws (including the GDPR)
  • Various organizations in the financial sector, including hedge funds, private equity firms, and securitization providers, about their obligations under the GDPR
  • A large pension fund and administrator on its obligations under the GDPR, including contentious data subject rights requests
  • A prominent international gaming and retail company in relation to its compliance with the GDPR
  • A global electronic manufacturing company on securing binding corporate rules*
  • A large online design platform on a multi-jurisdictional data breach incident
  • A large technology company on its use of profiling and analytics technologies

*Matter handled prior to joining Latham

Bar Qualification

  • Scotland (Solicitor)


  • LL.B. (First Class Honors), University of Aberdeen, 2008

Languages Spoken

  • Afrikaans
  • English