Legal Guidance and Research / Experts / Tessa Waite
Tessa Waite#11192

Tessa Waite

Fieldfisher
I have worked on an array of matters, ranging from M&A due diligence, commercial contracts, advising on direct marketing and cookies, and GDPR projects.
Prior to joining Fieldfisher, I worked in Brussels for multi-national corporations including BP and Johnson & Johnson in government and regulatory affairs. During my time in Brussels, I advocated company policy positions on the GDPR and Network and Information Security Directive to the UK government and EU institutions.
 
When working in the medical devices sector, I was responsible for coordinating teams across EMEA to ensure regulatory compliance of products for multi-million dollar markets. Here I gained experience working with international teams and regulatory bodies on technically challenging compliance matters across the EU, Russia and Saudi Arabia.
 
Known for my pro-active attitude and aptitude for building strong relationships, I enjoy working closely with clients to understand their business needs and diligently problem-solve.

Practice Area

Panel

  • Contributing Author

Qualified Year

  • 2021

Experience

  • Johnson & Johnson (2015 - 2016)
  • BP (2013 - 2015)

Qualifications

  • LPC (2019)
  • GDL (2017)
  • MSc International Business Management (2011)
  • BAHons Classical Studies (2010)

Education

  • The University of Law (2019)
  • BPP (2017)
  • University of Exeter (2011)
  • University of Exeter (2010)

1 Contributions by Tessa Waite

Age assurance for online services: UK GDPR and Online Safety Act compliance, methods and certification, advertising and AVMS rules, enforcement, with EEA and global context
PRACTICE NOTES
Age assurance for online services: UK GDPR and Online Safety Act compliance, methods and certification, advertising and AVMS rules, enforcement, with EEA and global context
STOP PRESS: On 19 June 2025, the Data (Use and Access) Bill secured Royal Assent, transforming into the Data (Use and Access) Act 2025 (DUAA 2025), with certain elements taking effect that same day. Provisions of DUAA 2025 addressing, among other things, replies to data subject access requests and the delegation of powers to make further regulations, commenced immediately on 19 June 2025. Other measures, covering notices issued by the Information Commissioner and particular facets of law enforcement processing, began on 19 August 2025 (two months after the date of Royal Assent). The greater part of DUAA 2025’s measures still await implementing regulations, in the form of statutory instruments, before they commence. Further commencement dates will hinge on those instruments being made first. Parts 5 and 6 of DUAA 2025 revise portions of UK data protection and ePrivacy law, including the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426...
Information Law
Expert page AD
If you expected to see yourself on this page, click here.