Amber Gosney

Amber Gosney brings more than a decade of experience implementing global data regulations to her clients. Ms. Gosney has led large, complex regulatory programs with a focus on life sciences and support for clinical trials. She also has expertise leveraging technology to solve client challenges, including artificial intelligence governance, data breach response utilising machine learning, global privacy remediation, mergers and acquisitions reviews, anonymisation and data subject requests.

Ms. Gosney is an expert in implementing technology solutions for privacy, known as privacy enhancing technologies. She regularly works with information security and privacy professionals and legal departments to implement privacy by design and privacy by default frameworks for organisations. Her work also supports AI initiatives and compliance with regulations such as the General Data Protection Regulation (‘GDPR’).

Her work includes creating bespoke privacy policies and procedures that allow clients to leverage existing processes while integrating new technologies. She provides pragmatic training related to core privacy concepts and specific regulations, as well as best data handling practices for employees. Ms. Gosney also creates bespoke workflows for clinical trials to address complex documentation and data privacy requirements. She has conducted product-specific data privacy impact assessments aimed at analyzing privacy and AI risks and serves as an external data protection officer for clients.

Ms. Gosney is a published author and has spoken at industry events related to leveraging technology for GDPR compliance.

Relevant Experience

• Led numerous large, cross-jurisdictional data breach engagements in the life sciences and health care sectors
• Crafted data pseudonymisation procedures related to medical technologies
• Developed streamlined, multi-jurisdictional data inventories to help a large multi-national organisation meet privacy obligations under GDPR, the California Consumer Privacy Act, Brazil’s General Law for the Protection of Privacy (known as LGPD) and other regulations
• Designed risk matrixes to be utilised with automated tooling to help identify and treat privacy risks at the global level