European Privacy Invasion (GDPR) One Year In, California Privacy Takeover (CCPA) Six Months Out

Date: May 21, 2019, 8:00 - 10:00 am
Location: The Hotel at Arundel Preserve - 7795 Arundel Mills Blvd, Hanover, MD 21076

When GDPR became effective one year ago, on May 25, 2018, it triggered a seismic wave of data protection compliance activity.  Companies around the world scrambled to determine whether and how to comply.  Whiteford, Taylor & Preston is pleased to host a panel of international privacy professionals – including Netherlands-based privacy law specialist Joyce de Jong of Audittrail and Gabriela Zanfir-Fortuna, a thought leader in transatlantic privacy – for an in-depth discussion of how implementation of GDPR has played out in actual practice.
A stream of guidelines from the European Data Protection Board, enforcement actions and decisions by various Supervisory Authorities, and national laws adopted at the EU Member State level have impacted the interpretation of, and compliance with, the GDPR.  Questions the panel will address include:
  • How have unsuspecting companies been caught in the wake of GDPR?
  • How likely is it that your company is directly affected by GDPR?
  • How can GDPR impact M&A transactions?
  • How have some companies avoided GDPR risk by changing their processes and practices?
  • What companies have been investigated or fined pursuant to GDPR in Year One?
Importantly, the panel will provide insights into the new era of global data protection that GDPR has spawned, including enactment of the California Consumer Privacy Act (CCPA), which, in turn, has encouraged a flood of stricter U.S. state privacy law initiatives and may ultimately compel enactment of a comprehensive federal U.S. data protection law.

S. Keith Moulsdale

Keith Moulsdale is an intellectual property lawyer who also co-chairs the Cyber Security, Information Management & Privacy practice at Whiteford Taylor & Preston. His legal practice focuses on licensing, intellectual property, data security, privacy and other e-commerce and technology-related legal issues that companies face, both in the U.S. and internationally. He regularly counsels both for-profit and nonprofit organizations in connection with IP screening and registration matters, IP concerns in the M&A context and data security breach attempts; leads breach assessment, containment and response efforts; develops data breach risk mitigation strategies; and assists clients in preparing information security plans and policies and complying with notification requirements in the U.S. and internationally, including pursuant to GLBA, HIPAA, GDPR, PIPEDA and various state laws. Keith also represents a wide range of software and technology companies, including those that develop and distribute products and services that mitigate data security risks. He is a member of the Advisory Board for the Cyber Incubator at UMBC and the board for the Cybersecurity Association of Maryland, taught Cybersecurity Law in the M.B.A. program at Loyola University Maryland, is a member of his firm’s Executive Committee, and is past co-chair of his firm’s Technology & Intellectual Property practice.

Joyce de Jong
Joyce de Jong is an experienced privacy lawyer from the Netherlands and Director of GDPR Consultancy at Audittrail Group. She specializes in GDPR implementation and advises companies on managing compliance when faced with different privacy law frameworks. Based in Leiden and regularly working from the Baltimore office of Audittrail, Joyce is passionate about driving forward the privacy revolution on both sides of the Atlantic by offering practical compliance advice to organizations. Her work is characterized by a common sense approach, making compliance both feasible and beneficial for business. Joyce holds Masters degrees from both Leiden University (International & European Law) and the University of Glasgow (Commercial Law) and is an IAPP certified US privacy professional (CIPP/US).

Gabriela Zanfir-Fortuna
A thought leader in Transatlantic privacy, Gabriela Zanfir-Fortuna works as EU Policy Counsel for the Future of Privacy Forum, a think tank based in Washington DC, where she leads the work on European privacy law and policy and its impact on all focus areas of the FPF, including de-identification, AI, mobility, adtech and education. Prior to moving to the US, she worked for the European Data Protection Supervisor in Brussels, being part of the team that advised the EU legislator on the GDPR during its legislative process. She dealt with both enforcement and policy matters, was a member of the EDPS litigation team, and actively participated in the work of the Article 29 Working Party. She independently consults with organizations ranging from universities to start-ups and not-for-profits on their GDPR compliance programs. She often publishes research and analysis on privacy law and policy and speaks at international conferences.  Gabriela holds a PhD in law (2013, University of Craiova) with a thesis on the rights of the data subject from the perspective of their adjudication in civil law and an LLM in Human Rights, after obtaining her law degree. She is also associated researcher with the Law, Science, Technology and Society Center at Vrije Universiteit Brussel, and runs

Razvan E. Miutescu
Raz Miutescu is a technology and information governance attorney.  As a data protection professional, he is experienced with all stages in the lifecycle of data. He handles data management and regulatory matters, including as to U.S. federal and state law compliance, the adoption and implementation of information security programs, transnational data transfers, data breach investigations and responses, and other matters arising out of corporate and government surveillance of individuals. He has handled numerous compliance projects involving foreign data protection laws affecting U.S. entities, including the GDPR, the ePrivacy Directive and implementing national laws of EU member states, and Canada’s PIPEDA and Anti-Spam Legislation (CASL).  Regarding IP and technology matters generally, Raz regularly advises clients on matters related to software development and licensing, open source licenses, cloud services, data broker services, IT professional services, electronic commerce, hardware agreements, and blockchain and distributed ledger technology (DLT) development and licensing. He is a Co-Chair of the Committee on Data Privacy, Cyber Security & Technology of the Maryland State Bar Association.