A Less is More Strategy for Data Risk Mitigation
Data Retention and Document Holds
Healthcare Document Retention
The NYDFS Updates Its Stringent Cybersecurity Regulations. Is This a Bellwether of Coming Industry Change? - The Consumer Finance Podcast
Spring Cleaning for Legal Teams: The Cloud and Defensible Deletion of Data
M365 in 5 – Part 7: Teams Audio/Video (A/V) Conferencing
M365 in 5 – Part 6: Teams Channels – The virtual collaboration workspace
M365 in 5 – Part 5: Teams Chats – Modern communications
M365 in 5 – Part 4: Teams – An introduction to collaboration
M365 in 5 – Part 3: OneDrive for Business – Protected personal collaboration
M365 in 5 – Part 2: SharePoint Online – The new file-share environment
M365 in 5 – Part 1: Exchange Online – Not just a mailbox
Sitting with the C-Suite: Information Governance and eDiscovery - Key Compliance Issues for In-House Counsel
Sitting with the C-Suite: Trial Teams – Narrowing Data through Centric Search
Sitting with the C-Suite: Normalizing Business Practices through Litigation Data
Compliance Perspectives: Regulatory Conflicts in Data Privacy Laws
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
[WEBINAR] Public Records Act - Taming the Email Tiger
E14: The Three Pillars of GDPR
Three Key Data Retention Questions
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
On January 03, 2025, the government released the much awaited draft Digital Personal Data Protection Rules, 2025, (Draft Rules / Rules) for public consultation and invited stakeholder feedback by February 18, 2025 (access the...more
On January 3, 2025, India’s Ministry of Electronics and Information Technology ("MeitY") released the Draft Digital Personal Data Protection Rules, 2025 ("Draft Rules") for public comment. The primary aim of these Draft Rules...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
The Italian Data Protection Authority has adopted an updated version of a guideline document on email retention that it originally issued in December 2023, but which had been suspended....more
Introduction - Below is a brief outline of the legal regulation of personal protection in Ukraine. Governing Data Protection Legislation - 2.1. Overview of principal legislation - The main legal act governing...more
Introduction - The General Data Protection Regulation (Regulation (EU) 2016/679) is the EU regulation which is directly applicable in all member states of the EU, including the Czech Republic, as of 25 May 2018. The new...more
Introduction - As a federal state with law-making powers shared between federal and provincial/territorial governments, Canada has both federal and provincial/territorial privacy laws that govern the private and public...more
In Argentina, data protection is governed by comprehensive legislation aimed at safeguarding individuals' personal data. Below you will find an outline of the key aspects including governing legislation, exploring their scope...more
On February 1, 2024, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement with that would require Blackbaud Inc. (“Blackbaud”) to delete personal data it does not need to retain and upgrade...more
In joined Cases C‑26/22 and C‑64/22, related to the German Credit Reference Agency Schufa (see A&O blog on the automated decision making case), the CJEU considered the retention of personal data regarding individuals who had...more
On September 12, 2023, Delaware became the 13th state to adopt a consumer data privacy act, joining Florida, another state to recently adopt consumer privacy laws, and others in providing resident consumers with rights...more
The British Virgin Islands ("BVI") Data Protection Act, 2021 ("DPA") came into force on 9 July 2021. It was introduced so the BVI would have a data protection framework which is broadly similar to EU and UK standards. To...more
Our 2022 Data Security Incident Response Report discussed how businesses can be better positioned to meet the tight data breach notification deadlines now imposed in dozens of countries worldwide. In particular, we...more
You know that cleaning out the garage is a good idea. You would have more storage space and would even be able to put the car into the garage, which is better for security, for keeping it clean, and for ensuring an easy start...more
Welcome to the latest edition of Updata - the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
On 13 April 2021, the British Virgin Islands (“BVI” or “Virgin Islands”) became the latest jurisdiction to enact a comprehensive information privacy law when the territory published the Data Protection Act, 2021 (the “DPA...more
In our four-part blog series on Schrems II and its impacts, we have already given the state of data transfers in light of the Schrems II decision as well as some practical tips on how to conduct a risk assessment. In sum, the...more
On 19 February 2021, CNIL released guidance on the use of chatbots in compliance with data protection law (the Guidelines). The CNIL notes that in order to operate the chatbots, controllers will often need to process personal...more
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
What Happened? On October 1, 2020, the Hamburg Data Protection Commissioner (“Hamburg DPA”) fined clothing retailer H&M 37.8 million dollars (EURO 35.2 million) for several violations of the GDPR....more
Every organization needs to develop an effective data retention policy to gain visibility and control over its information. But given the increasing complexity of today’s data systems and the constantly evolving regulatory...more
Everyone has been talking about the California Consumer Privacy Act (CCPA) lately, namely because the 2018 law became enforceable as of July 1, 2020. This law provides California consumers with a number of privacy-related...more
On January 15, the Court of Justice of the European Union’s (CJEU) Advocate General (AG) Manuel Campos Sánchez-Bordona delivered his Opinion on four references for preliminary rulings on the topic of retention of and access...more