undefined
Skip to main content
Global Site|en

Add a bookmark to get started

Global Site
Africa
MoroccoEnglish
South AfricaEnglish
Asia Pacific
AustraliaEnglish
Hong Kong SAR ChinaEnglish简体中文
KoreaEnglish
New ZealandEnglish
SingaporeEnglish
ThailandEnglish
Europe
BelgiumEnglish
Czech RepublicEnglish
HungaryEnglish
IrelandEnglish
LuxembourgEnglish
NetherlandsEnglish
PolandEnglish
PortugalEnglish
RomaniaEnglish
Slovak RepublicEnglish
United KingdomEnglish
Middle East
BahrainEnglish
QatarEnglish
North America
Puerto RicoEnglish
United StatesEnglish
OtherForMigration
Carolyn Bigg

Carolyn Bigg

Partner
Global Co-Chair of Data Protection, Privacy & Security Group
Carolyn Bigg is a name to note for advice on data protection matters, particularly multijurisdictional compliance projects across the Asia Pacific region.
Legal 500, TMT (Hong Kong), 2022
About

Carolyn Bigg heads DLA Piper’s APAC Data, Privacy and Cybersecurity team.

Carolyn is an experienced data lawyer, focusing on China and APAC data compliance and international data transfers. Carolyn advises businesses on the best practice approach to navigating regional and international data privacy compliance, to help them seize opportunities to make the most of their data and digital opportunities in APAC within a compliant governance framework.  

Carolyn also has extensive experience of managing data incidents across the APAC region, including notifying...

Carolyn Bigg heads DLA Piper’s APAC Data, Privacy and Cybersecurity team.

Carolyn is an experienced data lawyer, focusing on China and APAC data compliance and international data transfers. Carolyn advises businesses on the best practice approach to navigating regional and international data privacy compliance, to help them seize opportunities to make the most of their data and digital opportunities in APAC within a compliant governance framework.  

Carolyn also has extensive experience of managing data incidents across the APAC region, including notifying affected individuals; reporting to privacy and industry regulators; responding to follow up regulatory investigations; liaising with forensic technology consultants, cyber insurers, and credit agencies; and supporting remediation and compliance programme update activities. Her experience gives her clients the benefit of on-the-ground practical advice to navigate the realities of enforcement priorities and risks in different Asia jurisdictions. 

As a result of her leading work and outreach in the field, Carolyn is recognized as a leading TMT and data practitioner by publications such as Legal 500 and Chambers locally and regionally. She was named in the inaugural “Women in Data” list by Global Data Review in 2019 and is ranked Pre-Eminent by Doyle’s Guide. She is regularly quoted in media publications, including the BBC and the Financial Times. She was from 2021-2023 a member of IAPP’s Asia Advisory Board.

 
Professional QualificationsSolicitor of the High Court of Hong KongSolicitor of the Senior Courts of England and Wales

EXPERIENCE

  • Supporting a global insurer on management of a major ransomware attack, including liaising with insurance and privacy regulators in three APAC jurisdictions. 
  • Supporting a number of luxury brands on management of a variety of cyber incidents involving consumer and loyalty programme data in APAC, including incidents involving Mainland China, Taiwan, Hong Kong and Singapore.
  • Appointed cyber counsel for an Asia-headquartered global hotel chain
  • Supporting a global insurer on management of a major ransomware attack, including liaising with insurance and privacy regulators in three APAC jurisdictions. 
  • Supporting a number of luxury brands on management of a variety of cyber incidents involving consumer and loyalty programme data in APAC, including incidents involving Mainland China, Taiwan, Hong Kong and Singapore.
  • Appointed cyber counsel for an Asia-headquartered global hotel chain.
  • Supported a global bank on creating and operationalising a breach notification compliance register, to support breach response processes.
  • Supporting a wide range of clients across diverse industries on data mapping and decision-making on their China cross-border data transfers route(s) and their assessment submission to the authorities, covering personal, important and other regulated data.
  • Advising a global bank on the creation and operationalization of a data sovereignty programme across its international operations.
  • Advising a number of international hotel chains on rollout of their updated privacy compliance programmes, including in connection with digital initiatives and strategic business partnerships in Greater China. 
  • Advising a global retailer on implementing new or refreshed privacy compliance programmes in China, Thailand, Singapore, Australia and New Zealand to reflect new or updated data protection laws. 
  • Advising numerous SaaS platforms on data and regulatory licensing issues to support their MNC clients using their platforms in Mainland China and across Asia Pacific.
  • Advised a multinational automobile manufacturer on the establishment of a China data lake and associated use case guidelines, to support complex analytics of vehicle and customer data.   
Languages
  • English
Education
  • University of Cambridge, B.A. Hons, M.A. (Cantab)

Awards

  • Band 1 lawyer - 2024 & 2025 Chambers TMT: Data Protection & Privacy Guide
  • Recognised as a Leading Partner for Data Protection in 2024 by Legal 500
  • Recognised as a notable practitioner for TMT in the 2025 Chambers TMT Guide
  • 2024 Recommended Lawyer by Who’s Who Legal for Data Privac...
  • Band 1 lawyer - 2024 & 2025 Chambers TMT: Data Protection & Privacy Guide
  • Recognised as a Leading Partner for Data Protection in 2024 by Legal 500
  • Recognised as a notable practitioner for TMT in the 2025 Chambers TMT Guide
  • 2024 Recommended Lawyer by Who’s Who Legal for Data Privacy and Protection
  • "Carolyn has a deep understanding of, and insight into, Chinese data privacy laws and rich experience in dealing with complicated data privacy compliance matters.". Her advice and guidance is invaluable. I particularly like her pragmatic and hands-on approach to complicated and nuanced compliance questions". - Chambers Greater China, 2025
  • “Carolyn Bigg wins praise for her practice advising on data privacy and protection, as well as other compliance issues related to technology licensing. One client commends:” Carolyn Bigg is very good at offering pragmatic solutions, and her commercial and pragmatic approach is very important to us”.” Chambers, Greater China, 2022
  • Carolyn Bigg named “Preeminent” for TMT (Doyle’s List Hong Kong, 2020 and 2021)
  • Carolyn Bigg named a Leading Woman in Data (Global Data Review, 2019)

Publications

  • Asia correspondent for Privacy & Data Protection journal.
  • Author of a chapter on services agreements for the Law Society’s Commercial Law Handbook (2009)
  • Co-authored a chapter on rights of access to information in the Law Society’s Freedom of Information Handbook (2nd edition 2008)
  • "The right to be forgotten: the Asian perspective", published in Privacy & Data Protection journal (April 2016).

Seminars

  • Carolyn is a regular speaker at external conferences, client training and internal seminars on a variety of technology and data topics, including cloud computing, outsourcing, international data transfers and cyber security. 

Memberships And Affiliations

  • Carolyn previously served as a member of IAPP's Asia Advisory Board.

Connect

Location

Hong Kong
25th Floor Three Exchange Square 8 Connaught Place Central
Hong Kong
China