Suzy McMillan

Senior Associate - Corporate and Commercial

Suzy is a leading commercial and technology lawyer specialising in privacy and data protection. She regularly assists clients on a wide range of privacy, data, and cyber related matters in what is an evolving and complex compliance landscape.

Suzy has over 10 years’ experience helping private and public sector clients navigate compliance requirements under the Privacy Act 2020 and the EU General Data Protection Regulation (GDPR), including privacy policies, data transfer agreements, privacy impact assessments, direct marketing permissions, and the use of new technologies. Suzy advises on the management and response to privacy and data breaches and other cyber related incidents. She also helps with assessing and responding to individual privacy requests and investigations by the Privacy Commissioner.

Providing clients with pragmatic, strategic, and tailored advice is one of Suzy’s key strengths. Her personable and down to earth approach means she is regularly sought after by clients to provide simple advice and guidance on understanding complex and niche legal requirements.

Given the cross-jurisdictional compliance requirements in this area of law, Suzy works closely with our offshore MinterEllison colleagues and a network of internationally recognised law firms to provide seamless privacy related advice to clients operating on an international scale.

In addition to her privacy law practice, Suzy is an experienced commercial lawyer helping clients with a wide range of legal matters such as technology agreements (including SaaS subscriptions, agile development, and IT transformation projects), consumer protection and unfair contract terms, supply and distribution agreements, and other commercial contracts. She also regularly assists clients with the commercialisation and licensing of existing and new intellectual property.

Suzy has in depth experience representing clients in the technology, financial services, sports, and health and pharmaceutical sectors.

Prior to joining MinterEllisonRuddWatts in 2016, Suzy worked both in New Zealand as an in-house lawyer at the State Services Commission and in London for a major global payment card organisation. This extensive in-house experience has developed and refined Suzy’s ability to draft and provide concise and commercially focused advice taking into account internal client drivers, priorities, and business needs.

Suzy is regularly sought after by the New Zealand Law Society CLE programme, Legalwise and industry specific bodies to provide specialist and insightful privacy training to lawyers and other professionals across New Zealand. She also offers clients tailored in-house training sessions on all aspects of privacy, consumer and commercial law.

Related Articles


12 August 2021

Privacy Commissioner updates guidelines around notification


24 May 2021

Consent to track: Apple’s new move to change global practice


28 August 2020

Are you thinking about privacy? Reassess and prepare for the new ...

Professional background

Recent work

Managing data breach incidents

Providing advice and assistance to a New Zealand financial services provider on the management of and response to a major data breach.

Privacy Act compliance

Providing advice and assistance to a range of local and international clients on the implementation and compliance requirements required by the new Privacy Act 2020, including updating privacy policies, drafting data breach response plans, and offshore data transfer agreements.

Regulatory and contractual advice to major pharmaceutical company

Advising a large international pharmaceutical company on local regulatory compliance requirements and contractual negotiations with PHARMAC.

Application of unfair contracts regime

Assisting a number of major New Zealand banks on the implementation and compliance requirements in relation to new privacy laws and the extension of the unfair contract terms regime to small trade contracts.

Data and privacy implications of acquisition

Advising on the data and privacy elements of the acquisition of a New Zealand agri-tech business unit, including data access and use rights, the transfer of IP, and the protection of personal information.

Advice to technology start-ups

Providing advice and assistance to a kiwi start up on the development and sale of artistic NFTs through a new online platform.


  • 2010, New Zealand


  • LLB, BA, University of Otago


  • Commercial Contracts
  • Commercialisation and Licensing of Intellectual Property
  • Consumer Law
  • Privacy, Cyber and Data Protection
  • Procurement
  • Regulatory Compliance
  • Technology


  • Member of MinterEllisonRuddWatts’ internationally recognised Tier 1 TMT team (The Legal 500 Asia Pacific)