Sophie Devlin

Legal Director


Sophie specialises in information law, and leads DAC Beachcroft's health and public sector information law practice in the North.
Successfully added
Failed to add

About Sophie

  • Biography

    Sophie specialises in information law, and leads DAC Beachcroft's health and public sector information law practice in the North.

    She has over 12 years’ experience advising clients in the health and public sector, and is known for her proactive and commercially focused approach, and in depth knowledge of information law. She advises on a wide range of information law matters, including the UK GDPR, Data Protection Act 2018 and confidentiality obligations, as well as FOIA, EIR, AHRA and RPSI. Having previously worked in-house and completed secondments at a number of health and public sector organisations, she is well aware of the unique information governance issues that affect them, as well as private organisations operating in the sector.

    Sophie’s key clients include NHS commissioners and providers, independent operators of health and social care, government bodies and regulators, and charities. She advises on data protection compliance and remediation, ensuring that information governance frameworks are practicable and manage risk appropriately. She is particularly experienced in handling matters which are politically sensitive or facing public scrutiny. She is also an experienced litigator, handling complaints to the ICO, First Tier Tribunal, and data breach claims.

    Relevant experience includes:

    • defending information law claims, including the precedent-setting High Court claim of Scott v LGBT Foundation in which it was successfully argued that a verbal disclosure does not constitute the processing of personal data for the purposes of data protection legislation;
    • handling data breaches and complaints, including drafting submissions in response to a proposed ICO fine, successfully achieving a reduction of 92%;
    • advising on AI and MedTech/HealthTech matters. She advised a government body on the privacy issues arising out of the proposed use of an algorithm on a national scale for research purposes; and
    • advising various public sector bodies on the handling of information relating to transgender individuals, including the interplay with obligations under the Equality Act 2010 and Gender Recognition Act 2004, and advising on associated ICO complaints and human rights claims.

    Sophie is regularly invited to speak and deliver training on information governance matters, and has spoken at the Future Healthcare conference at London Olympia. She is a contributor to LexisNexis.

Sector Expertise
  • Health and Social Care

Service Expertise
  • Data, Privacy and Cyber

  • Public law and judicial review

Office Location

Newcastle Skyline


  • Bank House
  • East Pilgrim Street
  • Newcastle upon Tyne, NE1 6QF

+44 (0) 191 404 4000

View our office


  • Industry Specialisms
What We Think

There are no matching articles, please try a different filter.

Industry Specialisms

6 min read

Transgender individuals: information governance and the Equality Act 2010


3 Min Read

The Data Protection and Digital Information Bill: An Overview


6 Min Read

Former NHS employee prosecuted and fined after illegally accessing patient records without a valid legal reason

Health and Social Care

6 Min Read

New era of lower data breach fines for public authorities?

Health and Social Care

6 Min Read

Latest on what lies ahead for data in health and social care

Health and Social Care

2 Min Read

A guide to: General Data Protection Regulation in Health and Social Care

Health and Social Care

3 Min Read

NHSX publishes Template Data Sharing Agreement