At the core of her practice, Donna draws from nearly 20 years of experience in the testing, higher education, and nonprofit industries.
Donna works with a variety of clients on their global data privacy and information security issues, developing privacy programs, advising on cross border data transfers, developing privacy policies, privacy impact assessments, data governance programs, navigating information security standards, and addressing issues in advanced technologies, including biometrics. Donna also advises nonprofits on their general counsel and transactional matters. Donna has significant in-house experience that clients can rely on to help them with their privacy and security matters.
Donna counsels clients on complex global data issues that cross industries, technologies, and borders.
In addition to evaluating and advising on global privacy programs, compliance, and cross-border data transfers, Donna advises clients on European Union data protection laws including the General Data Protection Regulation (GDPR) and has directly interacted with data protection authorities (DPAs) in a variety of Member States. Donna has also worked with clients on their data privacy programs in Africa, Asia, and Latin America.
Donna regularly assists clients with privacy and security requirements and audits, including Privacy Impact Assessments (PIAs), data governance programs, privacy policies, and information security governance and relevant frameworks including NIST, ISO, and SOC standards.
Donna previously served as the Chief Privacy Official and Director of Compliance at the Graduate Management Admission Council (GMAC), the nonprofit owner of GMAT exam with testing in over 115 countries. Donna’s experience also includes PBS, America Online, and a large international law firm.
Publications, Presentations & Recognitions
- ASAE’s Technology Conference, "Community Town Hall: Data Privacy & Security ," December 2018.
- 30th Annual GWSCPA Nonprofit Finance & Accounting Symposium, "Privacy Please! C-Suites Guide to Privacy Risks," November 2018.
- Privacy + Security Forum, "Legal vs Forensics: What Attorneys Should Know About Digital Forensics in Incident Response Management," October 2018.
- Nonprofit Risk Management Center’s 2018 Risk Summit, “Cyber Threats, Incidents, and Breaches: The Looming Risk Environment,” October 2018.
- Asia-Pacific Financial Forum Data Ecosystem Conference, "Data Security," September 2018.
- International Association of Privacy Professionals (IAPP) Webinar on Artificial Intelligence, Machine Learning, and Data Ethics: Mechanics, Benefits, and Dangers, “The Law – Transparency, Notice, and Consent,” July 2018.
- Donna was interviewed in The Cybersecurity Law Report article, "GDPR Essentials for the Financial Sector: Benchmarking and Assessing the Risks (Part One of Three)," Vol. 4, No. 20, July 11, 2018.
- Risk Roundtable Discussion with Aronson on Emerging Strategic, Financial, Operational, and Compliance Risks Affecting the DC Metro Area's Most Prominent Industries, May 2018.
- RiskConnect Virtual Conference, "Trends in Data Privacy Standards, Cyber/Privacy Coverage, & Social Engineering Scams," May 2018.
- URMIA Webinar, "GDPR: Privacy and Emerging International Risks," April 2018.
- Aronson Webinar, "C-Suite's Guide to Enterprise Risk Management and Emerging Risks", March 2018.
- Donna was interviewed in the ABA Banking Journal article, "GDPR: These Four Letters Could Spell a Compliance Headache for Smaller Banks," February 23, 2018.
- Nonprofit Risk Management Center (NRMC) Risk Management Lunch and Learn, "2018 Data Privacy and Security Risks," January 2018.
- ACC-NCR Nonprofits and Privacy Luncheon, "Not-for-Profit but Rich in Data: The Unique Privacy Needs of Nonprofits," December 2017.
- Privacy + Security Forum, “Payment Card Industry Compliance – That Applies to Us?” and “Breaking Down Silos and Navigating Diversity and Parity in Privacy and Security,” October 2017.
- European Association of Test Publishers Conference, “EU Privacy Protection: Views from Practitioners’ Perspectives,” September 2017. (Noordwijk, Netherlands)
- Centre for Information Privacy Leadership (CIPL) Annual Retreat, “EU General Data Protection Regulation (GDPR) Implementation,” July 2017. (Washington, DC)
- Donna was a featured panelist at the Amsterdam Workshop in March 2016, Towards a Successful and Consistent Implementation of the EU GDPR, sponsored by the Dutch Ministry of Security and Justice and CIPL that included representatives from the European Commission and many EU Data Protection Authorities. Donna was on a panel with Karolina Mojzeskwicz, Head of Data Protection Reform, European Commission and Rafael Garcia Garzola, Head of the International Department, Agencia Española de Protección de Datos, Spain concerning Harmonisation and Consistent implementation of the GDPR.
- Donna has also been a featured speaker at the Society of Corporate Compliance and Ethics annual conference and has discussed codes of ethics and nonprofits and compliance.
Donna’s specialties and certifications include:
- Fellow of Information Privacy (FIP)
- Certified Information Privacy Manager (CIPM)
- Certified Privacy Professional (CIPP/US)
- Certified Compliance and Ethics Professional (CCEP)
Donna is a member of the International Association of Privacy Professionals (IAPP) Education Advisory Board and the Women Leading Privacy section of the IAPP. Donna is also a member of the Board of Directors of the Nonprofit Risk Management Center. Donna has been a Forum Leader for the ACC National Capital Area Nonprofits and Association forum, on the Steering Committee for the EU GDPR Implementation Project involved EU data protection authority and industry representatives of the CIPL and a member of the Future of Privacy Forum.
Bar & Court Admissions
- District of Columbia Bar
- Virginia Bar
London Guildhall University,Certificate in European Union Law,1999American University, Washington College of LawJD,1997University of MassachusettsBA,1990