Anna Gamvros

Head of Information governance, privacy and cybersecurity, Asia Pacific
Norton Rose Fulbright Australia

Anna Gamvros

Anna Gamvros

vCard

Biography

Anna heads the firm's Information Governance, Privacy and Cybersecurity practice for Asia Pacific. Anna's practice focuses on privacy and data protection; cybersecurity and breach response; technology agreements; telecommunications and Internet regulatory issues.

Anna is one of the leading data protection lawyers in Asia-Pacific and has worked on some of the largest and most high-profile cybersecurity breaches in Asia involving a variety of threats and threat actors. She has experience in dealing with regulators across multiple jurisdictions in terms of both notifications and investigations.

She has over 20 years of experience in Hong Kong, and has assisted clients with Hong Kong and China based projects. As a result, Anna has a wealth of experience in advising clients on multi-jurisdictional projects, particularly focused on data management.

Anna is recognized in The Legal 500 and Chambers Asia as a leading individual for her experience in technology and data protection. In particular she is described as being someone who "is really able to bring her experience to bear and find pragmatic solutions".

Anna is a member of the Board of the International Association of Privacy Professionals (IAPP). She is a Fellow of Information Privacy (FIP) with the IAPP and holds the CIPT and CIPP/Asia certifications.  She is admitted as a solicitor in Hong Kong and Queensland, Australia.


Professional experience

Expand all Collapse all
  • Solicitor, qualified in Hong Kong
  • Solicitor, qualified in Queensland, Australia
  • An Asian bank – assisted with the implementation of terms for preparation and the use of biometric authentication for its mobile app.
  • A major global financial institution – advised on a US$100 million outsourcing of its processes to the service provider facilities in China and Ireland.
  • An international hotel group – acted on contractual arrangements for the acquisition of the group's cloud data facilities.
  • A major Chinese e-commerce company – represented on the set up of its points of presence and internet data centres globally.
  • An international financial institution – assisted with the negotiation regarding renewal of its data centre contract with a leading IT company.
  • An international education provider – represented on its data hub strategy and implementation of its global privacy compliance program.
  • An international fashion brand – acted on its setup of a global e-commerce website for use in over 40 countries, including drafting and reviewing the website terms or use, privacy and cookies policy.
  • A leading cosmetic brand – advised on handling a breach incident affecting its website, including customer management and regulatory notification in 20 countries.
  • An international airline – assisted with its implementation and rollout of a global privacy compliance program for customer and employees data.
  • An international hotel group – acted on breach response and regulatory issues following a cyber-attack on its reservation booking provider, affecting its hotels in Asia, Europe and the US.
  • A luxury fashion brand – represented on the data privacy implications of the implementation of a regional CRM system.
  • Leading e-commerce platform providers – advised on its joint venture to launch an online auction marketplace in China.
  • A US software company – assisted with the build and operation of a development centre in China to accommodate the outsourcing of development, testing and support services for its products and services.
  • A US fashion retailer – advised on the set up and rollout of its Asian e-commerce platform, including the review of terms and conditions, privacy and marketing policies and providing on going assistance to use of data for targeted promotions. ​