Suzy McMillan

Senior Associate

Suzy is a leading commercial and technology lawyer specialising in privacy and data protection. She regularly assists clients on a wide range of privacy, data, and cyber related matters in what is an evolving and complex compliance landscape.

Suzy has more than 10 years’ experience helping private and public sector clients navigate compliance requirements under the Privacy Act 2020 and the EU General Data Protection Regulation (GDPR), including privacy policies, data transfer agreements, privacy impact assessments, direct marketing permissions, and the use of new technologies. Suzy advises on the management and response to privacy and data breaches and other cyber related incidents. She also helps with assessing and responding to individual privacy requests and investigations by the Privacy Commissioner.

Providing clients with pragmatic, strategic, and tailored advice is one of Suzy’s key strengths. Her personable and down to earth approach means she is regularly sought after by clients to provide simple advice and guidance on understanding complex and niche legal requirements.

Given the cross-jurisdictional compliance requirements in this area of law, Suzy works closely with our offshore MinterEllison colleagues and a network of internationally recognised law firms to provide seamless privacy related advice to clients operating on an international scale.

In addition to her privacy law practice, Suzy is an experienced commercial lawyer helping clients with a wide range of legal matters such as technology agreements (including SaaS subscriptions, agile development, and IT transformation projects), consumer protection and unfair contract terms, supply and distribution agreements, and other commercial contracts. She also regularly assists clients with the commercialisation and licensing of existing and new intellectual property.

Suzy has in depth experience representing clients in the technology, financial services, sports, and health and pharmaceutical sectors.

Prior to joining MinterEllisonRuddWatts in 2016, Suzy worked both in New Zealand as an in-house lawyer at the State Services Commission and in London for a major global payment card organisation. This extensive in-house experience has developed and refined Suzy’s ability to draft and provide concise and commercially focused advice taking into account internal client drivers, priorities, and business needs.

Suzy is regularly sought after by the New Zealand Law Society CLE programme, Legalwise and industry specific bodies to provide specialist and insightful privacy training to lawyers and other professionals across New Zealand. She also offers clients tailored in-house training sessions on all aspects of privacy, consumer and commercial law.

Career highlights

Providing advice and assistance to a New Zealand financial services provider on the management of and response to a major data breach.

Providing advice and assistance to a range of local and international clients on the implementation and compliance requirements required by the new Privacy Act 2020, including updating privacy policies, drafting data breach response plans, and offshore data transfer agreements.

Advising a large international pharmaceutical company on local regulatory compliance requirements and contractual negotiations with PHARMAC.

Assisting a number of major New Zealand banks on the implementation and compliance requirements for new privacy laws and the extension of the unfair contract terms regime to small trade contracts.

Advising on the data and privacy elements of the acquisition of a New Zealand agri-tech business unit, including data access and use rights, the transfer of IP, and the protection of personal information.

Providing advice and assistance to a Kiwi start up on the development and sale of artistic NFTs through a new online platform.

Achievements and recognition
  • Band 1 team, Technology, Media & Telecommunications (TMT), Chambers Asia-Pacific
  • Tier 1 team, Technology, Media & Telecommunications (TMT), The Legal 500 Asia-Pacific