GDPR Compliance & Due Diligence for M&A Transactions

Melinda McLellan is a seasoned privacy and cybersecurity law advisor whose practice focuses on the regulation of emerging technologies, compliance with evolving U.S. state and federal privacy legislation, and cross-border data protection matters. As co-leader of the firm’s EU General Data Protection Regulation (GDPR) initiative, Melinda works with multinational clients to identify, evaluate, and manage the myriad of compliance obligations associated with corporate privacy and information security practices. Her broader practice includes advising on a wide variety of privacy and data security issues, including the use of biometrics, securing the Internet of Things, implementation of blockchain technologies, cybersecurity threats to the financial services and energy sectors, autonomous vehicles, genetic privacy, artificial intelligence, Big Data, information security incident response, and negotiating complex tech transactions.

Select Experience:

• Advises on compliance with international data transfer restrictions and data localization requirements, including through the implementation of cross-border transfer mechanisms such as the EU-U.S. Privacy Shield framework, standard contractual clauses, intercompany agreements, and binding corporate rules.
• Developed and implemented EU General Data Protection Regulation (GDPR) compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers, and employee training.
• Advises companies on new requirements under the California Consumer Privacy Act (CCPA), including by developing broad-based compliance strategies to address other pending state and federal privacy legislation.
• Counsels clients on regulatory compliance strategies and best practices for private-sector use of cloud computing solutions, biometric authentication, facial recognition technology, geolocation tracking systems, mobile applications, behavioral marketing tools, social media platforms, data analytics services, and other emerging technologies. 
• Manages complex technology transactions on both the vendor side and the customer side, drafting and negotiating multiparty contracts and outsourcing agreements from the RFP through follow-up compliance assessments.
• Counsels clients on the development and implementation of enterprise-wide privacy and information security programs, including by creating employee privacy training modules and drafting company codes of conduct, policies, standards, procedures, and guidelines related to the protection of personal data.

Seth advises clients on cross border transactions, U.S. securities offerings and international dispute resolution. Having practiced in both France and New York, he works hand in hand with public and private companies in Asia, Europe and the United States to advise on strategic transactions and disputes, including advising boards of directors and special committees. He also represents clients in international arbitrations.

Seth previously taught at the Sorbonne in Paris and acted as Assistant Counsel in multiple pre-trial cases at the International Criminal Court in The Hague. He is admitted to the bar in New York and Paris. He attended Georgetown University Law Center and has a Master’s degree from the Sorbonne and from the Institut de Sciences Politiques de Paris.