Add a bookmark to get started

Carolyn Bigg

Professional QualificationsSolicitor of the High Court of Hong KongSolicitor of the Senior Courts of England and Wales

EXPERIENCE

  • Supporting a global insurer on management of a major ransomware attack, including liaising with insurance and privacy regulators in three APAC jurisdictions. 
  • Supporting a number of luxury brands on management of a variety of cyber incidents involving consumer and loyalty programme data in APAC, including incidents involving Mainland China, Taiwan, Hong Kong and Singapore.
  • Appointed cyber counsel for an Asia-headquartered global hotel chain.
  • Supported a global bank on creating and operationalising a breach notification compliance register, to support breach response processes.
  • Supporting a wide range of clients across diverse industries on data mapping and decision-making on their China cross-border data transfers route(s) and their assessment submission to the authorities, covering personal, important and other regulated data.
  • Advising a global bank on the creation and operationalization of a data sovereignty programme across its international operations.
  • Advising a number of international hotel chains on rollout of their updated privacy compliance programmes, including in connection with digital initiatives and strategic business partnerships in Greater China. 
  • Advising a global retailer on implementing new or refreshed privacy compliance programmes in China, Thailand, Singapore, Australia and New Zealand to reflect new or updated data protection laws. 
  • Advising numerous SaaS platforms on data and regulatory licensing issues to support their MNC clients using their platforms in Mainland China and across Asia Pacific.
  • Advised a multinational automobile manufacturer on the establishment of a China data lake and associated use case guidelines, to support complex analytics of vehicle and customer data.   
Education
  • University of Cambridge, B.A. Hons, M.A. (Cantab)

Awards

  • Band 1 lawyer - 2024 & 2025 Chambers TMT: Data Protection & Privacy Guide
  • Recognised as a Leading Partner for Data Protection in 2024 by Legal 500
  • Recognised as a notable practitioner for TMT in the 2025 Chambers TMT Guide
  • 2024 Recommended Lawyer by Who’s Who Legal for Data Privacy and Protection
  • "Carolyn has a deep understanding of, and insight into, Chinese data privacy laws and rich experience in dealing with complicated data privacy compliance matters.". Her advice and guidance is invaluable. I particularly like her pragmatic and hands-on approach to complicated and nuanced compliance questions". - Chambers Greater China, 2025
  • “Carolyn Bigg wins praise for her practice advising on data privacy and protection, as well as other compliance issues related to technology licensing. One client commends:” Carolyn Bigg is very good at offering pragmatic solutions, and her commercial and pragmatic approach is very important to us”.” Chambers, Greater China, 2022
  • Carolyn Bigg named “Preeminent” for TMT (Doyle’s List Hong Kong, 2020 and 2021)
  • Carolyn Bigg named a Leading Woman in Data (Global Data Review, 2019)

Publications

  • Asia correspondent for Privacy & Data Protection journal.
  • Author of a chapter on services agreements for the Law Society’s Commercial Law Handbook (2009)
  • Co-authored a chapter on rights of access to information in the Law Society’s Freedom of Information Handbook (2nd edition 2008)
  • "The right to be forgotten: the Asian perspective", published in Privacy & Data Protection journal (April 2016).

Seminars

  • Carolyn is a regular speaker at external conferences, client training and internal seminars on a variety of technology and data topics, including cloud computing, outsourcing, international data transfers and cyber security. 

Memberships And Affiliations

  • Carolyn previously served as a member of IAPP's Asia Advisory Board.

Connect