Heward-Mills, Dyann

Ms. Dyann Heward-Mills

Baker & McKenzie LLP


Dyann Heward-Mills is a UK-qualified barrister and head of the Data Protection and Cyber Security Practice Group in Baker McKenzie's London office. Prior to joining the Firm, Dyann acted as senior privacy counsel to GE Capital, where she provided global support and advice on matters pertaining to privacy and data protection. Dyann is a non-executive board member for a technology start-up business that has developed an innovative data analytics tool to track and monitor the performance of recruitment activities. She is active in the Firm's BakerWomen, BakerEthnicity and BakerOpportunity initiatives and spearheads the Firm's CyberReady Girls' initiative which aims to encourage more females into coding and wider tech roles. Dyann also supports School-Aid, a charity that promotes the advancement of education in disadvantaged schools and communities in Africa.

Practice Focus

Dyann's main areas of focus include cyber security, binding corporate rules (BCRs), international data transfers, data breach, data protection audits, compliance frameworks, information governance and cloud computing. Other areas of focus include regulatory approvals, employee privacy, as well as technology roll-outs, direct marketing and Big Data initiatives.

Representative Legal Matters

Prior to joining the Firm, Dyann has been involved in a broad range of matters. In particular, she:

  • Advised on the structure and implementation of projects with a personal data impact, such as BCR, data loss prevention, AML compliance, employee screening, HR processing Big Data, bring your own device (BYOD) as well as cloud computing, new system roll outs and social media initiatives.
  • Counseled on regulatory clearances and approvals, including registrations, filings and notifications.
  • Pursued effective cross-functional engagement with compliance, IT, security, HR, marketing, sourcing and regulatory affairs.
  • Advocated on data protection by participating in industry groups and drafting position papers for submission to governments and regulators.
  • Established an information governance framework and privacy programme.
  • Advised on cyber threats and vulnerabilities as well as privacy breaches.
  • Drafted and implemented privacy policies and data protection agreements including intragroup agreements (IGA) and model clauses.
  • Carried out privacy impact assessments on new tools, products and initiatives.
  • Delivered generic and specialist training, education and awareness programmes.

Corporate Responsibility

  • CyberReady Girls Initiative 
  • Volunteer, School-Aid, 5 years


  • England & Wales (2001)
  • England & Wales~North America (2001)