Overview

Razvan brings extensive experience in data protection consulting, management, and compliance to McDonald Hopkins' Data Privacy and Cybersecurity Practice Group. His practice focuses on incident response, domestic and global data protection compliance, emerging technologies, and artificial intelligence. Razvan assists clients with various types of cybersecurity incidents, including ransomware, business email compromise, network intrusions, lost or stolen devices, insider threats and rogue employees, fraudulent wire transfers, and other cryptocurrency scams often affecting regulated industries such as financial services and healthcare.

Razvan regularly advises US and foreign clients on matters involving multi-jurisdiction privacy and data protection requirements, including establishing information security and privacy programs under broad regulatory regimes (e.g., GDPR and GDPR-inspired international or US state laws) and industry-specific laws (e.g., GLBA, NCUA Regulations, NYDFS Part 500, and HIPAA); adopting measures and safeguards for international transfers of personal data or threat intelligence information; developing or using emerging technologies, including blockchain-based platforms; and using artificial intelligence tools for automated decision making, behavioral monitoring, profiling, or processing biometric information.

He is on the Board of Directors for the Cybersecurity Association and on the Board of Directors for the Romanian American Chamber of Commerce; co-founding the DC Cyber Task Force in Washington. Razvan is fluent in Romanian and conversational German.

Representative Cases & Matters

Data Privacy and Cybersecurity

  • Global and domestic data protection compliance programs for businesses and non-profit organizations, including external and internal policies and procedures, particularly involving GDPR, UK GDPR, Canadian PIPEDA, and Swiss FADP
  • International data transfers, including subject to the Data Privacy Framework, Binding Corporate Rules, and Standard Contractual Clauses
  • Data protection impact assessments, transfer impact assessments, and legitimate interest assessments
  • US federal privacy and data security compliance, including as to GLBA, NCUA Regulations, Section 5 of FTC Act, FCRA, HIPAA/HITECH, TCPA, as well as applicable regulations and agency-issued guidelines
  • US state comprehensive privacy laws compliance, including data protection laws (e.g. CCPA/CPRA) and cybersecurity laws (e.g., NYDFS Part 500)
  • Incident responses involving domestic and foreign jurisdictions, and managing local counsel relationships
  • Investigations involving “pig butchering” scams and related cryptocurrency investigations
  • Data breach investigations or informal inquiries by state (OAGs) and federal (e.g., OCR, OCC) regulators
    Information security policies and procedures, including as related to mapping to various frameworks or standards, such as NIST Cybersecurity Framework, ISO 27001, AICPA SOC 2 or PCI-DSS Vendor due diligence and contractual/flow-down safeguards
  • Wiretap and other electronic monitoring and surveillance laws
  • Emerging technologies, such as AI and blockchain/DLT, as impacted by data protection laws, including those pertaining to automated decision making, behavioral monitoring, profiling, biometrics, and data retention and accessibility

Intellectual Property

  • Software ownership and licensing – development, end-user, enterprise, distribution, reseller agreements
  • Cloud services – software-as-a service (SaaS), platform-as-a-service (PaaS), infrastructure-as-a-service (Iaas), hosting, and subscription agreements
  • Data broker services – direct marketing (data append, marketing lists), online marketing (registration targeting, collaborative targeting, onboarding), marketing analytics, and risk mitigation (identity verification, fraud detection) agreements
  • IT professional services – web and mobile app development, website development, system integration, tech support, software maintenance, technology consulting, CIO outsourcing, IT department outsourcing agreements
  • Electronic commerce and online platforms – terms of use, privacy policies, DMCA notices, electronic payment agreements
  • IT hardware agreements -- purchases, financing, and leasing agreements

Business and Corporate Law

  • Joint venture agreements
  • Distribution and marketing agreements for non-U.S. companies seeking to expand operations in the United States
  • M&A due diligence with a focus on intellectual property, privacy, and data security
  • Licensing of defense articles brokers under the International Traffic in Arms Regulations (ITAR)
  • Export controls compliance for foreign employees under Export Administration Regulations (EAR)
  • Asset seizures by U.S. Customs
  • Marine financing

Honors & Recognition

The Best Lawyers in America®, Privacy and Data Security Law (2021-Present)

Maryland Super Lawyers®, Technology Transactions and Intellectual Property "Rising Stars" (2013–2019)

Credentials

Education

Notre Dame Law School, J.D.

University of Maryland, M.A.

Hiram College, B.A.

Admissions – Court

  • U.S. District Court for the District of Maryland

Admissions – State

  • Maryland

Languages

  • German
  • Romanian

Professional & Civic

Professional Activities

Cybersecurity Association, Board of Directors, 2024-Present

Romanian American Chamber of Commerce, 2020-Present, Co-founder of the DC Cyber Task Force

Maryland State Bar Association, Vice-Chair, Committee on Data Privacy, Cyber Security, & Technology, 2025-Present

News & Insights

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.