• L.L.B (Hons), National University of Singapore
  • Admitted to the Singapore Bar in May 2007
  • Cybersecurity for Business Leaders, University of Oxford

Anastasia is a Director with the Corporate & Finance Department in Drew & Napier.

Her key areas of practice are Technology, Media, and Telecommunications (TMT), Data Protection, Privacy and Cybersecurity, as well as Artificial Intelligence (AI) and Digital Trust.

Prior to joining the firm, Anastasia was Deputy Chief Counsel to Singapore’s Personal Data Protection Commission (PDPC) and Info-communications Media Development Authority (IMDA) for over 9 years. She was lead counsel for PDPC’s matters, IMDA’s procurement and intellectual property portfolios, as well as IMDA’s Data Administration Group.

Anastasia has advised on a broad range of regulatory, compliance and commercial matters, both in her role as in-house counsel as well as in private practice. Her extensive experience includes advising on the administration, application, and enforcement of Singapore’s Personal Data Protection Act 2012 (PDPA). A significant national project would be the amendments to the PDPA, which came into effect on 1 February 2021.

Data Protection & Privacy 

  • ​Advised on the development, administration, enforcement, and review of the PDPA, including the amendments to the PDPA and related regulations that came into effect on 1 February 2021.
  • Advised on the advisory guidelines issued by PDPC, which set out PDPC’s interpretation of the PDPA.
  • ​Advised on regulatory compliance issues as well as investigations in respect of data breaches.
  • Advised on the interaction of the PDPA with other legislation.
  • Advised on the development of data protection policies, data retention schedules, privacy notices, and contractual clauses.
  • Advised on data protection compliance programmes, which included conducting the data mapping and preparing the audit report with recommendations for remediation.
  • Advised on cross-border transfers of data, including data transfer agreements, and coordinating the preparation of compliance documentation for multi-jurisdictional projects.
  • Advised on data transfer impact assessments for the potential transfer of personal data from Europe to Singapore, with reference to the European Data Protection Board’s guidelines on the European Essential Guarantees for surveillance measures.
  • Advised on the conduct of a data protection impact assessments, such as in respect of the adoption of a telemedicine communications system and the related vendor agreement so as to address data protection risks.
  • Assisted with data protection-related due diligence exercises for prospective acquisitions and financing. This included preparing the due diligence questionnaire and report, as well as drafting data protection-related provisions in the Facility Agreement to address requirements and risks under Singapore laws.
  • Advised on PDPC’s Data Protection Trustmark certification.
  • Advised on the implementation of the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules and Privacy Recognition for Processors certification systems.
  • Conducted seminars on the PDPA, and developed course materials for trainers and participants.
TMT & Corporate
  • ​Advise Advised on the commercial use of a large language model (chat platform), including regulatory compliance and mitigation of potential legal risks.
  • Advised on an AI Governance Addendum to a vendor contract.
  • Advising on regulatory issues relating to data centres.
  • Advised on gaming development and licensing agreements.
  • Acted for the producers in television and film productions including the drafting of co-production agreements, distribution agreements, cast agreements, crew agreements, and sponsorship agreements.
  • Rendered legal opinions for errors and omission insurance.
  • Acted for an international concert promoter in regaining its rights to a music festival in Singapore.
  • Drafted artiste engagement contracts for artiste management companies.
  • Advised software development, advertising, and graphic design companies on their contract for services. 
  • Drafted and reviewed shareholder agreements and share subscription agreements.
  • Advised companies in the move of their operations from foreign jurisdictions to Singapore.
  • For Art’s Sake: The “Artistic or Literary Purposes” exception in the Personal Data Protection Act 2012 [2017] PDP Digest 277
  • Year-in-Review: Personal Data Protection Commission’s Decisions in 2022 [2022] PDP Digest 185
  • Global Legal Insights – AI, Machine Learning & Big Data Laws, and Regulations 2023 (Singapore)
  • Lexology GTDT – Data Protection & Privacy 2024
  • Lexology GTDT: Cybersecurity 2023
  • The Legal 500 Comparative Guides: Artificial Intelligence 2023
  • The Legal 500: Data Protection & Cybersecurity 2023 (Singapore)
  • International Comparative Legal Guides: Data Protection 2023
  • Member, Cybersecurity and Data Protection Committee, Law Society of Singapore
  • Member, Law Society of Singapore
  • Member, Singapore Academy of Law