LEXISNEXIS_ICON4_SIGNIN Contact us
Contact us
Aaron Simpson#4165

Aaron Simpson

Hunton Andrews Kurth
Aaron Simpson is a partner at Hunton Andrews Kurth and leader on the firm’s Global Privacy and Cybersecurity team. He advises clients on a broad range of complex data protection, privacy and cybersecurity matters, including international and US federal and state privacy and data security requirements. His work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United Kingdom and The Legal 500 United States guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters. He is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. Aaron is a frequent speaker and has written and co-written numerous articles, book chapters and handbooks on data protection, privacy and information security issues.
Contributed to

2

EU GDPR—extra-territorial reach
EU GDPR—extra-territorial reach
Practice notes

This Practice Note discusses the territorial scope of the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). This applies whenever the use of personal data by an organisation relates to: (i) the offering of goods or services to individuals in the EEA, irrespective of whether a payment is required, or (ii) the monitoring of those individuals’ behaviour in the EEA.

UK GDPR—extra-territorial reach
UK GDPR—extra-territorial reach
Practice notes

This Practice Note discusses the territorial scope of the regime established by the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR). In summary, the UK GDPR regime may apply: (1) whenever the processing of personal data occurs in the context of the activities of an establishment of a controller or a processor in the UK, (2) where the use of personal data by an organisation relates to: (i) the offering of goods or services to individuals in the UK, irrespective of whether a payment is required, or (ii) the monitoring of those individuals’ behaviour in the UK or (3) by virtue of public international law. This Practice Note also considers the regime requiring the appointment of UK representatives in certain circumstances.

Practice Area

Panel

  • Contributing Author

Qualified Year

  • 2003

Membership

  • Member, International Association of Privacy Professionals
  • Member, Section of Antitrust LawPrivacy and Information Security Committee, American Bar Association
  • Member, Association of the Bar of the City of New York

Education

  • JD, University of Virginia School of Law, 2002
  • BA, The University of Texas, High Honors, 1997
Lexis+
Clear, practical guidance for all legal professionals

If you expected to see yourself on this page, click here.