Legal Guidance and Research / Experts / Aaron Simpson
Aaron Simpson#4165
LinkedIn External

Aaron Simpson

Hunton Andrews Kurth
Aaron Simpson is a partner at Hunton Andrews Kurth and leader on the firm’s Global Privacy and Cybersecurity team. He advises clients on a broad range of complex data protection, privacy and cybersecurity matters, including international and US federal and state privacy and data security requirements. His work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United Kingdom and The Legal 500 United States guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters. He is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. Aaron is a frequent speaker and has written and co-written numerous articles, book chapters and handbooks on data protection, privacy and information security issues.

Practice Area

Panel

  • Contributing Author

Qualified Year

  • 2003

Membership

  • Member, International Association of Privacy Professionals
  • Member, Section of Antitrust LawPrivacy and Information Security Committee, American Bar Association
  • Member, Association of the Bar of the City of New York

Education

  • JD, University of Virginia School of Law, 2002
  • BA, The University of Texas, High Honors, 1997

1 Contributions by Aaron Simpson

UK GDPR territorial scope: establishment, goods or services and monitoring tests; enforcement and UK representative requirements
PRACTICE NOTES
UK GDPR territorial scope: establishment, goods or services and monitoring tests; enforcement and UK representative requirements
This Practice Note explores the territorial reach of the regime set by the United Kingdom General Data Protection Regulation (UK GDPR), the Assimilated Regulation (EU) 2016/679. It also outlines when a UK representative must be designated. For high-level introductions to UK data protection, see Practice Notes: Data protection law—new starter guide and The UK General Data Protection Regulation (UK GDPR). The UK data protection law collection assembles further general guidance on the UK GDPR framework and is a recommended place to begin research. In brief In outline, and subject to certain limited exceptions, the UK GDPR may apply to: processing of personal data undertaken in connection with the activities of a controller’s or processor’s establishment in the UK, irrespective of whether the processing itself occurs inside or outside the UK processing personal data of data subjects in the UK by a controller or processor with no UK establishment, where the processing is linked to: offering goods or services to such data subjects in the UK (whether or not payment by the data subject is required), or monitoring their behaviour...
Information Law
Expert page AD
If you expected to see yourself on this page, click here.