Category: business law

First Time Entrepreneur Workshop – Saturday September 15th!

crowleylogo 640x480

Crowley Corporate Legal Strategy and the LA Venture Association (LAVA) are pleased to announce the next First Time Entrepreneur training program. The program is open to entrepreneurs that are starting companies in areas that are likely to draw venture capital investment. The program is not open to service providers.

During the five hour program, you will learn how to:

  • Determine the value of your company
  • Put together a capitalization table
  • Understand how VCs screen potential investments
  • Understand the differences between trademarks, copyrights and patents and when you need them
  • Choose and work with co-founders
  • Network at startup events — the right way

Julie Pantiskas of Pasadena Angels will also be the guest investor speaker.


For more information and to purchase tickets, visit:

LAVA – Los Angeles VC Panel

Thank you to the LA Venture Association (LAVA) for hosting the Los Angeles VC Panel and LAVA Annual Membership Meeting last week.



GDPR Article featured in Valley Lawyer

We’re proud to share that our associate attorney, Angela Bandich, wrote an article about the GDPR (Europe’s new data privacy regulations) that was featured in the August 2018 issue of Valley Lawyer!


Read the full article here, starting on page 36: GDPR: New EU Regulations on Data Privacy.

valley lawyer picture


Join us on Saturday September 15th for our next First Time Entrepreneur workshop!

The program is open to entrepreneurs that are starting companies in areas that are likely to draw venture capital investment. (The workshop is not applicable to service providers).


During the workshop you will learn how to:

  • Determine the value of your company
  • Put together a capitalization table
  • Understand how VCs screen potential investments
  • Understand the differences between trademarks, copyrights and patents and when you need them
  • Work with co-founders
  • Network at startup events — the right way





CLIENT BULLETIN: California Supreme Court Changes Standard for Classifying Workers as Independent Contractors



On April 30, 2018, the California Supreme Court changed the standard used to determine whether a person is an independent contractor or employee of a company.

The Dynamex Operations West, Inc. v. Superior Court case centered around whether delivery service drivers for Dynamex were independent contractors or employees. For the past 30 years, companies relied on a multi-factor test in California that focused on whether the company had control over the how the work was being completed to classify a worker. Dynamex, also relying on this standard, argued that their drivers were independent contractors because the drivers set their own driving schedules, used their own vehicles, had the ability to decline delivery assignments and could work for multiple companies.

The Supreme Court, however, adopted a new standard in the Dynamex case and ruled that the drivers were in fact employees and allowed the drivers to be certified for a class action lawsuit.

The new “ABC test” will likely make it difficult for companies to classify workers as independent contractors in California because it presumes all workers are employees unless the company can demonstrate that the worker:

A). is free from the control and direction of the hiring entity in connection with the performance of the work, both under the contract for the performance of such work and in fact; and

B). performs work that is outside the usual course of the hiring entity’s business; and

C). is customarily engaged in an independently established trade, occupation, or business of the same nature as the work performed for the hiring entity.

Part A of the test includes similar language from the previous test with respect to control; however Parts B and C impose new restrictions on companies being able to classify a worker as an independent contractor. For Part B, the Supreme Court provided an example that a plumber or electrician who is hired by a retailer to perform maintenance work at a retail store is truly an independent contractor because the work being provided is outside the usual course of the retailer’s business. Part C is designed to identify those workers who have decided to go into business for themselves, regardless of whether the worker has actually formed a separate entity.

With this new standard in place, companies should reevaluate existing agreements with independent contractors to ensure whether these workers are indeed independent contractors under the new ABC test or should now be classified as employees and afforded the benefits of an employee.

June 18, 2018: Top Legal Mistakes Made by First Time Entrepreneurs


Join us Monday, June 18, 2018, from 6:30 – 8:30 pm, at the General Assembly Los Angeles in Santa Monica, CA.

About This Event

Legal mistakes can doom even the best startup concepts and founding teams. Join Matt Crowley from Crowley Corporate Legal Strategy as he aims to prepare you to deal with the essential legal issues that every startup faces. Making sure the legal matters are in order while you’re running your company is one of the most important things that can make your startup more investible in the future.

What You’ll Take Away: Learn from other people’s mistakes and take away best practices for your own companies.


6:30 – 7:00pm Check-In and Networking

7:00 – 8:00pm Presentation

8:00 – 8:30pm Q&A

For more information and to RSVP visit the General Assembly Website Here

Top 10 Legal Mistakes of Startups and How to Avoid Them

Had a great workshop alongside Justin Hughes, Professor of Law, Loyola Law School; and Shannon Trevino, Business Law Practicum Director, Loyola Law School. We shared our insights on the”Top 10 Legal Mistakes of Startups and How to Avoid Them” with the to Loyola Marymount University entrepreneurship students. Thank you to Professor David Y Choi for organizing the event!

Photograph provided by: Shannon Trevino

February 17th, 2018: First Time Entrepreneur Workshop

Thank you to everyone who attended our First Time Entrepreneur Workshop on Saturday! We hope you enjoyed the workshop, the book, and our guest speaker Rob Vickery. And thank you to LAVA for hosting the event!



February 12, 2018
By: Angela Bandich, Esq.

The European Union’s (“EU”) new data privacy rules, called the General Data Protection Regulation (“GDPR”), will become effective on May 25, 2018 and will impact how U.S. businesses collect and use personal data.

1. Geographical Scope of the GDPR

Despite being a European regulation, the scope of the GDPR reaches far beyond just the EU.  In fact, any company that (i) offers goods and/or services to individuals (called “Data Subjects”) who are located in the EU (even if there’s no payment involved) or (ii) monitors the behavior of Data Subjects in the EU will be subject to the GDPR if the company collects and processes their Personal Data. This means the GDPR rules will apply to companies even if the companies are not located in the EU.

Personal Data” is defined in the GDPR as any information relating to an identified or identifiable natural person (someone who can be identified, directly or indirectly, by reference to data such as name, an identification number, location, an online identifier, or other factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).

The GDPR will therefore likely apply to most companies, particularly those in e-commerce, travel, software or media industries that are global in their reach. For example, in response to the GDPR, Facebook recently notified its users that it will be updating its data policies and procedures (

2. Obligations of Companies

As a result of the GDPR, companies now need to ensure that Personal Data of Data Subjects is (i) collected for specified, explicit, and legitimate purposes, (ii) limited to what is necessary in relation to those purposes, (iii) accurate and up to date, (iv) kept no longer than necessary for the purposes, and (v) processed in a secure manner.

Furthermore, the collection and processing of Personal Data is only lawful under the GDPR if the company satisfies one or more of the following:

  • The Data Subject has given consent to the processing of his personal data for the specific purpose(s); or
  • Processing is necessary:
    • for the performance of a contract for which the Data Subject is a party;
    • for compliance with a legal obligation;
    • to protect the vital interests of a Data Subject or other natural person;
    • for the performance of a task carried out in the public interest or under official authority; or
    • for purposes of legitimate interests, except where such interests overridden by the fundamental rights and freedoms of a Data Subject that requires protection of his or her Personal Data.

Consent. If a company claims that the Personal Data was collected and processed based on consent from the Data Subject, the company must be able to prove it. If a request for consent is included in a written document with other matters, the request must be clearly distinguishable from the other matters and presented intelligibly and in clear and plain language. The Data Subject also has the right to withdraw his or her consent at any time and the Data Subject must be informed of such right prior to giving consent. Finally, the GDPR states that consent must be freely given, particularly in situations where the performance of a contract, including providing services, is conditional on the Data Subject giving consent to the collection and processing his or her Personal Data which is not necessary for the performance of the contract.

There are also specific rules in the GDPR related to the collection and processing of data of children (Article 8) and special categories of Personal Data (Articles 9 and 10).

Article 30 also requires that each company and any third party representatives that assist with the processing of Personal Data maintain records of processing activities, unless the company qualifies for exemption. Designating a Data Protection Officer may also be required under Articles 37-39 if the company’s processing activities require regular and systematic monitoring of Data Subjects on a large scale or of special categories of Personal Data.

Security Measures and Breaches. Companies must implement technical and organizational measures to “ensure a level of security appropriate to the risk” associated with the likelihood and severity of impact to the rights and freedoms of Data Subjects upon a breach (Article 32).

If there is a breach of Personal Data, a company is required to notify an appropriate EU supervisory authority within seventy-two (72) hours after becoming aware of the breach, unless the Personal Data involved in the breach is unlikely to result in a “risk to the rights and freedoms” of the Data Subject or other natural persons. If the security breach is likely to result in a high risk to the rights and freedoms of the Data Subject, the company must notify also the Data Subject of the breach without “undue delay” (Articles 33 and 34). This means that companies and their IT teams must be able to evaluate every breach to determine which level of notice is required, if any.

3. Rights of Data Subjects

Data Subjects have specific rights under the GDPR, including but not limited to:

  • Access to Data (Articles 12 – 15): the right to obtain information about their Personal Data, free of charge (with exceptions), if requested. Companies should also be aware that some information should also be provided to the Data Subject at the time when the Personal Data is collected, such as: the identity and the contact details of the controller of the Personal Data, contact details of the data protection officer, if applicable, the purposes of the Personal Data processing; the recipients of the Personal Data, if any, and whether the Personal Data is to be transferred to another country.
  • Right to rectify (Article 16): the right to have companies rectify any inaccurate Personal Data that is collected without undue delay.
  • Right to be Forgotten (Article 17): the right to request that Personal Data be erased, without undue delay.
  • Right to Restrict (Article 18): the right to restrict the processing of their Personal Data in the future.
  • Data Portability (Article 20): the right to receive the Personal Data collected about the Data Subject in a commonly used, machine readable format to transmit the Personal Data elsewhere.
  • Right to Object (Article 21): the right to object to the processing of Personal Data, particularly if profiling is based on the automatic processing of the Personal Data under Article 6(1)(e) or (f).

 4. Penalties for non-compliance

Data Subjects have the right to file complaints with supervisory authorities in the EU, as well as right to receive compensation for damages suffered as a result of non-compliance with the GDPR (Article 82).

Administrative fines are also possible, depending on the specific circumstances of each individual case. Depending on the type and severity of the non-compliance, the fine can be as much as 20,000 EUR or four percent (4%) of the company’s total worldwide annual revenue, whichever is higher. How the EU plans to enforce such penalties against non-EU companies, however, is not clear.

As a result of the GDPR, companies should implement changes to their data collection and data privacy policies that allow for enough flexibility to be able to analyze and report security breaches, as well as respond to requests by Data Subjects. Companies should also understand what types of Personal Data is being collected from Data Subjects, where the Personal Data is being stored, what the security measures are in place around the Personal Data and who has access to the Personal Data.

Click here for the full GDPR text:


crowleylogo 640x480

First Time Entrepreneur Workshop with VC Speaker: Rob Vickery

We are pleased to announce that Rob Vickery founder of Stage Venture Partners will be joining us at our FTE Workshop on FEBRUARY 17th, 2018! Click here to sign up

About Stage:

Stage Venture Partners is a seed venture capital fund that invests in emerging technology for B2B markets.

Founded in 2015 by two entrepreneurial partners, Stage is designed to deliver active and thoughtful investment. One of us is a successful international operator who has built global businesses. The other an experienced angel investor and venture capitalist with a strong track record.

Stage invests in Founders building frontier technology for enterprise clients. We offer access, services, and expertise that are unique in our market, leading to remarkable results for our portfolio.

We are not thesis, geographic or sector focused, but instead business model focused. We invest only in software companies that solve problems for companies, monetizing either through SAAS or transaction fees.

Rob Vickery:


Before founding Stage with Alex Rubalcava, Rob created the Entertainment and Technology Division for BNY Mellon and was the North America Director for Lloyds International, one of the world’s leading financial institutions, focusing on major corporate entertainment-related investments. He has also spent a number of years working and advising a range of international music and film talent on embracing with new forms of technology.

Rob is also on the board of the British Academy of Film Television Arts (BAFTA) LA Games, British American Business Council, South Central Scholars and the Chairman of the School of Business & Entrepreneurship at Dorsey High School.

Rob graduated from the University of Gloucestershire, UK, in 2003. In his downtime, Rob is an amateur paleontologist, snowboarder and gaming addict (come and find me on PSN (BeverlyHillsBrit) or Xbox Live (saasfundr)