Rachel M. Naegeli

Rachel Naegeli is a member of Kirton McConkie’s International, Cybersecurity and Data Privacy, and Southern Utah Legal Services sections. She advises U.S.-based and globally operating organizations on cross-border governance, data privacy, regulatory compliance, and international commercial strategy.

Ms. Naegeli works closely with executive leadership teams on complex, multi-jurisdictional legal issues arising from international expansion, regulated sales models, data protection obligations, and operational growth. She regularly counsels clients on international and U.S. privacy frameworks, including the EU and UK GDPR, the CCPA/CPRA and other evolving U.S. state privacy laws, as well as sector-specific regulatory regimes, such as HIPAA and FERPA. Her work includes developing privacy governance programs, drafting data processing and cross-border transfer agreements, and implementing compliance strategies aligned with business objectives.

She has extensive experience advising direct selling and multi-level marketing companies on state, federal, and international regulatory requirements affecting compensation structures, distributor agreements, advertising practices, and consumer protection compliance. She assists clients in structuring compliant compensation plans and navigating regulatory scrutiny in highly regulated, multi-jurisdictional environments.

Her international practice includes advising companies expanding into Asia, Latin America, and Europe on permanent establishment risk, entity selection, employment compliance, B2B and B2C sales frameworks, and cross-border contractual strategy. She coordinates with local counsel in multiple jurisdictions to ensure consistent and defensible compliance across markets.

Ms. Naegeli previously served in a long-term associate outside general counsel role for a multinational organization and represented Kirton McConkie on the staff of an international nonprofit’s principal legal entity, providing integrated legal leadership across contracting, governance, and regulatory compliance.

Education

• UC San Diego School of Global Policy and Strategy, Master of Pacific International Affairs, with honors, 2004
• Duke University School of Law, JD, 2000
• Duke University School of Law and Faculty of Law, University of Hong Kong, Asia-America Institute in Transnational Law, 1998
• Pepperdine University, BA, Political Science, magna cum laude, 1997

Experience

• Advises U.S. companies looking to expand into Asia, Latin America, and Europe in the areas of permanent establishment, employment, B2C and B2B sales, and entity selection.
• Designs and assist with implementing cross-border sales strategies for companies seeing to expand their business presence in the European Union, including drafting the corresponding legal documents and policies.
• Assists direct selling companies with navigating state, federal, and international laws and regulations that apply to compensation plans, distributor agreements, and company policies.
• Provides guidance to U.S. companies on compliance with laws implicated by the online collection, transmission, and storage of personal information; assist with GDPR compliance and Privacy Shield certification.

Representative Area of Focus

• International and cross-border data privacy compliance (GDPR, CCPA/CPRA, HIPAA, FERPA)
• Privacy governance program development and implementation
• Direct selling and multi-level marketing regulatory compliance
• Compensation plan and distributor agreement structuring
• Cross-border expansion and permanent establishment analysis
• International employment and sales compliance
• Public-private and multi-jurisdictional commercial agreements
• Outside general counsel support for globally operating organizations

Publications

• How to Choose a Solid MLM For Your Side Hustle, ViewOn Magazine, May/Jun 2023
• What You Need to Know About China’s Personal Information Protection Law, Utah Bar Journal, May/Jun 2023
• The California Privacy Rights Act (CPRA): Key Changes to California’s Privacy Laws, Utah Bar Journal, Mar/Apr 2023
• Transferring UK Personal Data to the US Using the UK International Data Transfer Agreement or the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses, Utah Bar Journal, Jan/Feb 2023
• Data Protection in the Financial Sector, OneTrust Data Guidance, 2022
• Cybersecurity Affirmative Defense Act – A Safe Harbor for Data Breaches, OneTrust Data Guidance, 2022
• Developments in European Data Privacy Law, Southern Utah Business Journal, 2021
• Changes to European Union Data Privacy – Tools to Guide Your Clients, Utah Bar Journal, Nov/Dec 2021
• Help Your MLM Client Avoid Legal Pitfalls When Expanding Internationally, Utah Bar Journal, Jan/Feb 2016

• California
• Utah

• State Bar of California, International Law Section
• Utah State Bar, International Law Section
• Southern Utah Bar Association
• American Bar Association, International Law Section

• Utah Legal Elite: International Law (2021-2022)