Kuan works with a broad variety of UK, EU, US, Canadian and Asian clients, mainly international groups with cross-border operations. Her clients span many sectors, including cloud/technology, financial services and manufacturing. She advises on all aspects of UK and EU data protection/privacy, e-privacy, cybersecurity and data/tech regulatory laws (such as GDPR, NIS2 Directive/NIS Regulations, Data Act, AI, etc.), from strategy and compliance to operationalisation and ongoing issues, including compliance/governance programs, risk assessments, legitimate interests assessments, data protection impact assessments/audits, and security and data protection by design and by default; data processing agreements and data sharing agreements; international transfers including SCCs/data transfer agreements; cybersecurity compliance, incident response preparedness, incident management and incident/breach notification; privacy and cookie notices/banners; data subject requests, complaints and claims; and regulatory liaison and cooperation.

With computing science as well as law degrees, and having participated in penetration testing training/events, Kuan is particularly well placed to advise on AI, technology- and security-related matters.