Rohan Massey#6679

Rohan Massey

Partner - Data, Privacy and Cybersecurity, Ropes & Gray
Rohan Massey is a leader of the firm’s data, privacy and cybersecurity practice and the managing partner of the London office of Ropes & Gray.
 
Rohan is a trusted advisor to many of the world’s largest corporations and private equity funds, focusing on complex data protection, cybersecurity and intellectual property matters across Europe, the U.S. and Asia. Clients have commented that "He's very good at reading the industry and knowing what the current trends are, enforcement priorities, and what other clients are struggling with. He's got his finger on the pulse." Rohan's legal and commercial insights on data, privacy, and cybersecurity have also earned him recognition from prestigious legal directories including Chambers & Partners and Legal 500.
 
Rohan’s expertise focuses on the intersection of the extra-territorial scope of national data protection laws and data transfer issues for multinational organisations. Rohan has advised on a number of leading breach data management cases, and has assisted clients in successfully obtaining BCR approval from EU regulators. Rohan also advises on issues of risk and value in relation to data and intellectual property in corporate transactions. His industry-focused expertise covers asset management and financial services; life sciences and clinical trials; as well as media, sponsorship, advertising, sales promotions, and intellectual property issues, marketing issues in the sports apparel and food and drink sectors. His client base is international in scope, as he works extensively across Europe, the U.S. and Asia.
Contributed to

1

Generative AI issues when conducting data protection M&A due diligence—checklist
Generative AI issues when conducting data protection M&A due diligence—checklist
Checklists

This Checklist is designed for use by a buyer undertaking data protection due diligence in the course of acquiring the shares or assets of a business that processes personal data in the context of using, developing or supplying generative artificial intelligence (GenAI) systems. It aims to surface data protection risks and enable a buyer to form a comprehensive view of a target’s risk profile in respect of its GenAI systems, models or tools used for internal operational purposes or provided externally to third parties (Business GenAI Systems).GenAI—a type of artificial intelligence that creates new content, such as text, images, audio, video or code, based on patterns learned from training data—is now widely adopted across industries and national borders. GenAI systems typically rely on substantial volumes of data, including personal data, to train and refine their underlying models. Their development and deployment may therefore give rise to significant compliance challenges under the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR) regime, particularly in relation to the principles

Practice Area

Panel

  • Contributing Author

Experience

  • McDermott Will & Emery UK LLP (2000 - 2015)
  • Theodore Goddard (1998 - 2000)
  • Japan Exchange and Teaching Programme (1994 - 1996)

Membership

  • Member, Editorial Board, E-Commerce Law and Policy
  • Secretary, Commercial Law Committee, City of London Law Society
  • Member Association of International Privacy Professionals
  • Member, Data Protection Forum UK

Qualifications

  • PSC Law (1998)
  • Dip Law (1997)

Education

  • College of Law, London (1998)
  • City St. George’s University of London (1997)
  • University College London (1994)
  • Ampleforth College (1991)

If you expected to see yourself on this page, click here.