Menu Search through site content What are you looking for?
Menu

Masha Ooijevaar

Legal Director

People

Masha Ooijevaar

Masha Ooijevaar

Legal Director

People

Masha Ooijevaar

Masha Ooijevaar

Legal Director

Full Profile

Masha has extensive experience advising on regional and international data protection, privacy and cybersecurity matters. 

Masha is part of Clyde & Co’s Intellectual Property, Technology and Commercial group based in the Dubai office. She has been based in the region since 2019 and previously worked in London, where she first trained in-house at one of the world’s largest media and entertainment companies. Masha has worked in the legal team at KPMG and in the City of London with a leading international law firm. 

Masha’s practice includes the development of data protection policies and programmes, conducting gap analyses and data protection compliance audits, localising existing frameworks in line with Middle East data protection, privacy and cybersecurity laws, drafting data processing and data sharing agreements, conducting data protection impact assessments, providing in-house data protection training and advising on cross-border data transfers. 

Masha's clients include both public and private sector entities in the healthcare, automotive, financial, education, retail, media and entertainment sectors, as well as some of the world's largest technology companies.

Masha regularly contributes articles and comments on the subject of data protection and privacy including global regulatory research platform OneTrust DataGuidance and international academic journal Privacy Law & Business.

Masha is qualified as a solicitor in England & Wales and admitted to the State Bar of California. In addition, she holds a BCS Data Protection Practitioner certificate and CIPP/E (IAPP) certification.

Masha is fluent in English and Dutch.

Experience
  • Advising a GCC media company on a data protection compliance audit and implementation of a suite of policies and documentation to support a comprehensive data protection programme.
  • Advising leading financial institutions in the UAE and Saudi Arabia on their data protection compliance, including in relation to the UAE Central Bank Consumer Protection Regulation, DIFC Data Protection Law, the Saudi Personal Data Protection Law and international privacy laws relating to the groups’ network, as well as assisting in the development of cross-border data transfer arrangements and advising on the remediation of third-party contracts.

  • Supporting numerous regional and international clients on compliance with local data protection laws, including in the DIFC, ADGM, UAE, Qatar, Bahrain, Oman and Saudi Arabia.

  • Advising a UAE property developer and management company on the deployment of facial recognition and other technologies across key tourism and leisure destinations, including support on data protection impact assessments.

  • Advising a public company in the oil and gas sector on the establishment of a data governance structure to manage data protection compliance across multiple business units and departments within the organisation.

  • Advising an energy and utilities company on the review of a suite of information cybersecurity and data protection policies for compliance with international laws across its global network. 

  • Advising a family group in the Middle East on data privacy issues arising out of the deployment of an AI-enabled lifestyle app, including advising on data analytics and consumer management initiatives.

  • Advising Arabian Contracting Services Company (Al Arabia), a Saudi listed company, on its SAR 1.05 billion acquisition of the entire issued share capital of Faden Media and Advertising Company (Faden Media).

  • Advising an international insurance company on data breach procedures and notifications.

  • Advising a global pharmaceutical company on its international data transfer arrangements with suppliers, in particular focusing on onward transfers by suppliers.

  • Advising a leading education institution on compliance with UAE and Abu Dhabi healthcare laws, regulations and standards for its Health Centre. 

  • Advising a healthtech business on the legal and regulatory issues connected with the launch of a telehealth application in Saudi Arabia. 

  • Advising organisations on legal and regulatory data protection compliance issues in connection with activities relating to online behavioural advertising and direct marketing, artificial intelligence, data monetisation and data analytics. 

  • Advising a leading internet company on data protection law and regulatory policy in the Middle East, including supporting on public consultations with national regulators and governments.

  • Advising on contractual risks, legal obligations and cross-border transfers under the EU GDPR for leading international clients in the legal, retail, pharmaceutical and financial sectors.

  • Advising on the development of data protection and intellectual property policies and contracts for a national cybersecurity regulator in the Middle East.

Go to next section

Practice Areas

Masha is a dual qualified (English and US) senior lawyer in Clyde & Co’s Intellectual Property, Technology and Commercial group based in Dubai. Masha advises on a wide range of legal and regulatory issues in the areas of data protection, privacy, cybersecurity, artificial intelligence and technology.

Regional experience
Full Profile

Masha has extensive experience advising on regional and international data protection, privacy and cybersecurity matters. 

Masha is part of Clyde & Co’s Intellectual Property, Technology and Commercial group based in the Dubai office. She has been based in the region since 2019 and previously worked in London, where she first trained in-house at one of the world’s largest media and entertainment companies. Masha has worked in the legal team at KPMG and in the City of London with a leading international law firm. 

Masha’s practice includes the development of data protection policies and programmes, conducting gap analyses and data protection compliance audits, localising existing frameworks in line with Middle East data protection, privacy and cybersecurity laws, drafting data processing and data sharing agreements, conducting data protection impact assessments, providing in-house data protection training and advising on cross-border data transfers. 

Masha's clients include both public and private sector entities in the healthcare, automotive, financial, education, retail, media and entertainment sectors, as well as some of the world's largest technology companies.

Masha regularly contributes articles and comments on the subject of data protection and privacy including global regulatory research platform OneTrust DataGuidance and international academic journal Privacy Law & Business.

Masha is qualified as a solicitor in England & Wales and admitted to the State Bar of California. In addition, she holds a BCS Data Protection Practitioner certificate and CIPP/E (IAPP) certification.

Masha is fluent in English and Dutch.

Experience
  • Advising a GCC media company on a data protection compliance audit and implementation of a suite of policies and documentation to support a comprehensive data protection programme.
  • Advising leading financial institutions in the UAE and Saudi Arabia on their data protection compliance, including in relation to the UAE Central Bank Consumer Protection Regulation, DIFC Data Protection Law, the Saudi Personal Data Protection Law and international privacy laws relating to the groups’ network, as well as assisting in the development of cross-border data transfer arrangements and advising on the remediation of third-party contracts.

  • Supporting numerous regional and international clients on compliance with local data protection laws, including in the DIFC, ADGM, UAE, Qatar, Bahrain, Oman and Saudi Arabia.

  • Advising a UAE property developer and management company on the deployment of facial recognition and other technologies across key tourism and leisure destinations, including support on data protection impact assessments.

  • Advising a public company in the oil and gas sector on the establishment of a data governance structure to manage data protection compliance across multiple business units and departments within the organisation.

  • Advising an energy and utilities company on the review of a suite of information cybersecurity and data protection policies for compliance with international laws across its global network. 

  • Advising a family group in the Middle East on data privacy issues arising out of the deployment of an AI-enabled lifestyle app, including advising on data analytics and consumer management initiatives.

  • Advising Arabian Contracting Services Company (Al Arabia), a Saudi listed company, on its SAR 1.05 billion acquisition of the entire issued share capital of Faden Media and Advertising Company (Faden Media).

  • Advising an international insurance company on data breach procedures and notifications.

  • Advising a global pharmaceutical company on its international data transfer arrangements with suppliers, in particular focusing on onward transfers by suppliers.

  • Advising a leading education institution on compliance with UAE and Abu Dhabi healthcare laws, regulations and standards for its Health Centre. 

  • Advising a healthtech business on the legal and regulatory issues connected with the launch of a telehealth application in Saudi Arabia. 

  • Advising organisations on legal and regulatory data protection compliance issues in connection with activities relating to online behavioural advertising and direct marketing, artificial intelligence, data monetisation and data analytics. 

  • Advising a leading internet company on data protection law and regulatory policy in the Middle East, including supporting on public consultations with national regulators and governments.

  • Advising on contractual risks, legal obligations and cross-border transfers under the EU GDPR for leading international clients in the legal, retail, pharmaceutical and financial sectors.

  • Advising on the development of data protection and intellectual property policies and contracts for a national cybersecurity regulator in the Middle East.

Services

Services

  • Commercial

  • Data Breach Response & Recovery

  • Data Protection & Privacy

  • Data Security

  • Digital Assets and Blockchain

  • E-commerce

  • Family Businesses

  • Franchising

  • Technology, Outsourcing & Data

Insights
News