Add a bookmark to get started

carol umhoefer

Carol A. F. Umhoefer

Co-Chair, EMEA Data Protection, Privacy and Security group
Foreign Legal Consultant, Not Admitted to Practice Law in Florida
Admitted in New York and France
Certified as a Foreign Legal Consultant by the Florida Supreme Court
Carol Umhoefer is recognized for her IT expertise. She has a particular strength in dealing with data protection work.
Chambers & Partners

Carol Umhoefer's practice encompasses information technology and regulatory compliance. She has extensive experience advising clients on international and multi-jurisdictional privacy compliance and cyber issues, including data protection, privacy rights, cyber security and breach notification, document retention, and encryption regulations.

As a member of the Paris bar and having practiced for more than 20 years in France, Carol has experience with respect to GDPR, EU ePrivacy, and EU e-commerce requirements.

She also has extensive experience advising on multinational privacy assessments and compliance programs. She regularly conducts privacy impact assessments and privacy-by-design reviews on a variety of products and technology solutions. Carol advises clients on privacy issues in connection with the deployment of blockchain and related services, artificial intelligence, and machine learning.

Carol advises clients with data protection issues arising in a variety of regulatory compliance and investigations scenarios, in particular with consumer protection issues, and pharmaceuticals and medical devices, as well as OFAC and DoJ. She regularly advises on global and regional whistleblowing hotline and e-discovery projects.

Carol’s practice encompasses a broad range of sectors, including pharmaceutical, medical device, and medtech companies; financial services and fintech companies; professional services; online and traditional retailers; and many technology providers in both the B2B and B2C channels.

She is certified as a Foreign Legal Consultant by the Florida Supreme Court, in addition to being admitted in New York and Paris, France.

Bar admissionsNew YorkParis
  • French
  • English
  • Harvard Law School, J.D. cum laude, 1992
  • University of Wisconsin B.A. Phi Beta Kappa, 1988


The Legal 500 United States

  • Leading Lawyer, Cyber Law (including Data Privacy and Data Protection) (2020-2023) 
  • Leading Lawyer, Data Privacy and Data Protection (2020)
  • Recommended, Cyber Law (including Data Privacy and Data Protection) (2018-2019) 
  • Recommended, Data Privacy and Data Protection (2018-2019) 
  • Recommended, Technology: Data Protection & Privacy (2017)

Chambers Global

  • Spotlight Table Foreign Expert, USA Privacy & Data Security (Foreign Expert for France) (2018-2024)
Additional Awards
  • Selected as the sole Client Choice Award recipient for Information Technology in the New York market (2017)
  • The Best Lawyers in France has repeatedly recognized Carol for her practice in Information Technology Law and Privacy and Data Security Law (2014-2024)


  • Author, "CCPA and GDPR: Getting to the finish line," LegiTech, June 2020 
  • Co-author, "Are You Subject to E.U. Personal Data Regulations?," NAPBS Journal, July-August, 2016
  • Co-author, "EU: new obligations for digital services providers and operators of essential services," Intellectual Property and Technology News, June 2016
  • Co-author, "Recent French developments raise the heat on encryption," Cyber Security Law & Practice, June 2016
  • Co-author, "French Data Protection Authority Orders Fine of 100,000 Euros Against Google Inc. for Violation of Right to Be Forgotten," Privacy and Security Law Report, May 2016
  • Author, "Retailer trends: In-store big data analytics," Law à la Mode Issue 19, April 2016
  • Co-author, "The WP29’s updated Opinion following the Costeja ruling," E-Commerce Law and Policy, March 2016
  • Co-author, "Wearable technologies, Watch out for fashion’s new market opportunities and challenges," Law à la Mode, May-June 2015
  • Co-author, "La construction controversée du droit à l’oubli," Option Droit & Affaires, April 2015
  • Author, "Retailers need to prepare for the new EU Data Protection Regulation," Law à la Mode, February 2015
  • "Motorola v. Uzan: What happens when non-US statutes block US court discovery served on US branches?," January 2015
  • Author, "How EU Data Protection Laws Impact Cross-Border FCPA Investigations," Global Anti-Corruption Perspective, September 2014
  • Co-author, "EU law on cookies," Intellectual Property Update, September 2014
  • Co-author, "France: CNIL to Begin Cookies Enforcement in October," Data Protection, Privacy and Security Alert (US), September 2014
  • Co-author, "France’s Data Protection Authority unveils its inspection targets for 2014," Data Protection, Privacy and Security Alert (US), May 2014
  • Author, "CNIL's new rules on whistleblowing simplify hotline implementation in France," Data Protection, Privacy and Security Alert (US), February 2014
  • Co-author, "Data Protection Laws of the World Handbook: Third Edition," Data Protection Alert (EMEA), January 2014


  • Speaker, "GDPR – Latest Developments," AIPLA, December 2020
  • Speaker, "Transatlantic data protection law – a US perspective," INFOTECH, Austria, November 2020
  • Speaker, "Navigating the changing seas of privacy laws (CCPA, GDPR and other data security and privacy laws)," Franchise Crew In-house Counsel Event, Atlanta, January 2020
  • Speaker, "How data catalogs help you prepare for CCPA," sponsored by Data.World, January 2020
  • Speaker, "GDPR Update," The Conference Board – HR M&A Council, Princeton, New Jersey, October 2019
  • Speaker, "Cyber-Security and Data Privacy in the IP World: What You Need to Know About the Intersection of Cyber-Security, Data Privacy and IP Law," AIPLA CLE Webinar, July 2019
  • Speaker, "DLA Piper TechLaw Series - California Consumer Privacy Act," Chicago, July 2019
  • Speaker, "HCP Marketing," DLA Piper’s GDPR and Life Sciences Day, London, June 2019
  • Speaker, "Are You GDPR Compliant? Understanding Its Requirements, Penalties, and Impact on the IP World," AIPLA Spring Meeting, Philadelphia, May 2019
  • Panelist, "Consumer Privacy," TransUnion Insurance Summit, Chicago, May 2019
  • Speaker, "Managing Data Privacy Compliance at the Crossroads of HIPAA, GDPR, and CCPA: Guidance for Attorneys on Managing Operational Issues," Blue Cross Blue Shield National Summit, Grapevine, Texas, April 2019
  • Speaker, "The California Consumer Privacy Act and Its Impact on Healthcare Companies," DLA Piper webinar, April 2019 
  • Speaker, "Impacts of GDPR & Big Data," ALIS Law, Los Angeles, January 2019
  • Speaker, "Operationalizing CCPA," DLA Piper webinar, January 2019
  • Speaker, "California Consumer Privacy Act and GDPR – how do they differ?" DLA Piper webinar, November 2018
  • Speaker, "National Association of Women Lawyers," November 2018
  • Speaker, "What you need to know about GDPR: for recruiters and HR professionals," January 2018
  • Speaker, “EU Data Privacy, Cybersecurity and their Impact on Reporting and Bribery Investigations: Strategic Insights for Cross-Border Transfers,” 18th Annual New York Conference on Foreign Corrupt Practices Act, May 2016
  • Speaker, "The Digital Landscape in Europe: How Will a New Safe Harbor agreement and an Expansive New Privacy Law Shape Business Strategy?" The Association of General Counsel Spring Meeting, California, May 2016
  • Speaker, "Stay Ahead of Global Privacy Trends at this Essential Live Even," Bloomberg Law, Washington, DC, February 2016
  • Speaker, DLA Piper Tech Day, The Peninsula Hotel, Paris, December 2014
  • Speaker, "Innovation, "Data Security and Data Protection", Atos Stakeholder Day, Bezons, France, October 2014
  • Speaker, on the topics of fashion bloggers, e-commerce and wearable technologies, FashiOnline, Milan, January 2014
  • Speaker "Codes of Conduct for Global Companies in Global Markets", Compliance Week Europe, Brussels, October 2013

Memberships And Affiliations

  • International Association of Privacy Professionals