Razvan E. Miutescu

Razvan E. Miutescu

T: 410.347.8744
F: 410.223.3725

Mr. Miutescu is a business, technology, and information governance attorney. His practice focuses on privacy and data security, information technology transactions and licensing, intellectual property, and data management, including data broker transactions, cloud services, distributed ledgers + blockchainand related regulatory and compliance matters.

In addition to his tech/IP practice, Mr. Miutescu is passionate about and has experience of over a decade with all aspects of wholesale and retail financing, sales, and acquisitions of recreational luxury yachts.

He speaks fluent Romanian and conversational German.


  • Listed in Maryland Super Lawyers as a "Rising Star," 2013 - present

Memberships & Activities

  • Maryland Volunteer Lawyers for the Arts
    • Director and Vice-President, 2007-present
  • Maryland State Bar Association
    • Vice-Chair, Committee on Data Privacy, Cyber Security & Technology, 2015-present
  • Bar Association of Baltimore City
    • Chair, Business Law Committee, 2015-2017
  • Federal Communications Bar Association
  • Lecturer: Maryland SBDC, Smart Start Program, 2007-present

Privacy & Data Security

Mr. Miutescu is a privacy professional experienced with all stages in the lifecycle of data, including as to:

  • Federal regulatory compliance – Gramm-Leach-Bliley Act (and Reg. P) (“GLBA”), Section 5 of The Federal Trade Commission Act (the “FTC Act”), the Fair Credit Reporting Act as amended by the Fair and Accurate Transactions Act (“FACTA”), the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”), and the Telephone Consumer Protection Act (“TCPA”), as well as applicable regulations and agency-issued guidelines
  • State laws compliance -- Maryland Personal Information Privacy Act (“PIPA”), Maryland Social Security Privacy Act (“SSPA”),  Maryland Confidential Financial Records Act (“CFRA”), and Maryland’s Identity Theft Laws
  • E.U. – U.S. data transfers, including subject to the Privacy Shield, Binding Corporate Rules, and Standard Contractual Clauses; assisting clients with General Data Protection Regulation (“GDPR”) compliance
  • Written information security policies
  • Data breaches and data breach notifications
  • Mobile marketing planning and implementation
  • Wiretap and other electronic monitoring and surveillance laws

Technology and IP

Mr. Miutescu regularly advises and counsels clients with the negotiation and drafting of contracts with their vendors and customers:

  • Software ownership and licensing – development, end-user, enterprise, distribution, reseller agreements
  • Cloud services – software-as-a service (SaaS), platform-as-a-service (PaaS), infrastructure-as-a-service (Iaas), hosting, and subscription agreements
  • Data broker services –  direct marketing (data append, marketing lists), online marketing (registration targeting, collaborative targeting, onboarding), marketing analytics, and risk mitigation (identity verification, fraud detection) agreements
  • IT professional services – web and mobile app development, website development, system integration, tech support, software maintenance, technology consulting, CIO outsourcing, IT department outsourcing agreements
  • Electronic commerce and online platforms – terms of use, privacy policies, DMCA notices, electronic payment agreements
  • IT hardware agreements -- purchases, financing, and leasing agreements
  • Blockchain and distributed ledger technology (DLT) development and licensing

Business and Corporate Law

Mr. Miutescu regularly advises domestic and international technology companies on business formation, operations, and compliance matters, including as to:

  • Joint venture agreements
  • Distribution and marketing agreements for non-U.S. companies seeking to expand operations in the United States
  • M&A due diligence with a focus on intellectual property, privacy, and data security
  • Licensing of defense articles brokers under the International Traffic in Arms Regulations (ITAR)
  • Export controls compliance for foreign employees under Export Administration Regulations (EAR)
  • Asset seizures by U.S. Customs
  • Corporate organizational documents


Mr. Miutescu has extensive maritime law experience, particularly in the areas of financing, sales, and acquisitions of vessels, including as to:

  • Wholesale (i.e., floor plan) and retail financing by yacht dealers
  • Financing secured by boats that are either state-titled or documented with the U.S. Coast Guard
  • Vessel charter agreements
  • Excise taxes applicable to vessels under the Maryland State Boat Act
  • Vessel repossessions – judicial (i.e., vessel arrests) and non-judicial (i.e., self-help)

CyberMaryland 2019 Conference: Data Protection by Design: Will Your Blockchain/DLT Database Survive the Global Privacy Minefield?, December 5-6, 2019

Panelist, Institute for Credentialing Excellence (ICE) Exchange: Key Steps to Data Management Preparedness by Credentialing Bodies in Quasi-Governmental Roles, November 21, 2019

Panelist, LeadingAge Annual Meeting + Expo: Protecting Privacy and Maintaining Data Security in a Connected Age, October 28, 2019

Speaker, Maryland Cyber Breakfast Club: Risk Mitigation Strategies for Cybersecurity Product and Service Providers, June 25, 2019

Author, U.S. Cybersecurity Magazine, Incident Response: Making the Most of the Attorney-Client Privilege and the Work Product Doctrine, Spring 2019 Issue

Panelist, bwtech@UMBC: European Privacy Invasion (GDPR) One Year In, California Privacy Takeover (CCPA) Six Months Out, May 21, 2019

Presenter, Association Forum & American Bar Association (Chicago), Privacy and Data Protection: The GDPR and the Rising Global Tide of New Laws, April 30, 2019

Moderator, Baltimore Development Corporation: Free Trade Zones and Opportunity Zones Roundtable, April 10, 2019

bwtech Executive Workshop for Int'l CyberSecurity Companies - What are the TOP Things a Foreign Company Should Know When Establishing a Business in the US?, April 1, 2019

Co-author and co-reviewer, Bloomberg Law, Privacy & Data Security: State Profile – Maryland, February 2019

Panelist, Meeting Professionals International, MACE 2019: GDPR, Privacy and Events - Lessons Learned and Looking to the Future, February 22, 2019

Speaker, ASAE - DC Idea Swap, Cybersecurity 2019: Navigate through the Changing Privacy and Data Security Landscape, January 24, 2019

Speaker, UMBC Cyber Defense Lab: Legal Aspects of Privacy and Data Protection, November 9, 2018

Speaker, Institute for Credentialing Excellence (ICE) Exchange (2018): What Certification Boards Need to Know About Cybersecurity and Privacy Rules Like the GDPR, November 8, 2018

Panelist, Howard Technology Council: Cyber Security Tricks & Treats, October 30, 2018

Guest speaker, Through the Noise podcast: GDPR for Nonprofits and Other Associations, May 24, 2018

Presenter, Webinar for Private Client: GDPR Compliance – A Practical Approach, April 30, 2018

Speaker, MSBA Advanced Business Law Institute (2018): Privacy & Data Security – Before the Incident, April 19, 2018

Moderator, bwtech@UMBC Cyber Innovation Briefing: The Global Impact, Promise & Perils of Blockchain, March 20, 2018

Presenter, Webinar for a nonprofit organization with a global data footprint: What You Need To Know About GDPR Compliance, March, 2018

Guest lecturer, Stevenson University School of Design: Intellectual Property Law Considerations for Graphic Designers, November 16, 2017

Speaker, CyberMaryland Conference (2017): Risk Mitigation Strategies for Cybersecurity Product and Service Providers, October 11, 2017

Speaker, MSBA Advanced Business Law Institute (2017): Contracting for IT Services & Electronic Contracting, April 20, 2017

Speaker, MSBA Advanced Business Law Institute (2016): What Lawyers Need to Know about Cybersecurity and Data Privacy, April 14, 2016

Moderator, Bar Association of Baltimore City, Privacy and Data Security – Is Your Law Firm Prepared?, March 21, 2016

Guest blogger, The Daily Record, Keep Calm and Prepare for a Cybersecurity Breach, August 3, 2015

Co-author, Vessel Excise Taxes, Chapter 11, Maryland Taxes, 5th Edition, Maryland State Bar Association

Regular lecturer, Smart Start Program, Maryland Small Business Development Centers


Client Alert: COVID-19 Cyber Scams: Protect Your Organization

With everyone’s attentions devoted to the COVID-19 crisis and the disruptions it has caused to the normal rhythms of business and personal affairs, it should come as no surprise that criminals and scammers are seeking to take advantage of the situation.

Client Alert: Guidelines on the Territorial Scope of the GDPR: 5 Takeaways For U.S. Based Associations and Nonprofit Organizations

On November 23, 2018, the European Data Protection Board (the “EDPB”) published the Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (adopted on November 16), which are open to public comments until January 18, 2019. As the EDPB announced in its news release, the purpose of the Guidelines is to help provide a common interpretation of the territorial scope of the GDPR and clarify the GDPR’s application in various situations, in particular where the data controller or processor is established outside of the EU.

GDPR Compliance Quick Guide for U.S. Nonprofit Organizations and Associations

The General Data Protection Regulation (GDPR) is a privacy regulation of the European Union designed to give individuals control over their personal data. The GDPR protects the privacy of individuals regardless of their nationality when their data is collected when they are located in the European Union, Iceland, Liechtenstein or Norway (EEA). For example, the personal data of an organization’s employee, independent contractor, or volunteer located in the EEA may be protected by the GDPR even if that individual is a U.S. citizen and resident.