A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Whether you are swamped by a deluge of subject rights requests or just want more time to spend on strategic work, managing SRRs effectively is a highly sought-after goal — one that's seldom achieved. Between parsing...more
Privacy pros are passionate about doing good work, in every sense of the word. Yes, we care about managing privacy as thoroughly and efficiently as possible (and not getting fined). But we are all in this line of work for a...more
On February 27 2025, the Court of Justice of the European Union (CJEU) delivered a judgment in CK v Dun & Bradstreet (Case C-203/22). This judgment clarifies the GDPR provisions regarding the right of access to personal...more
It’s no longer good enough for your business to have a reactive approach to consumer privacy – you need a proactive strategy to manage compliance, foster consumer trust, and stay competitive in this modern era. While many...more
Join our enlightening webinar to explore the critical role of data discovery in constructing a comprehensive and accurate data inventory, essential for streamlining privacy compliance and enhancing data governance. In this...more
An in-depth exploration of Data Subject Access Request (DSAR) workflows and discover best practices for managing privacy requirements efficiently and effectively. In this educational webinar, we'll delve into the intricacies...more
On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only...more
Welcome to the latest edition of Updata – the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
When you’re feeling curious about what a business is doing with your personal data, what do you do? You could head down to their brick-and-mortar offices and demand to speak with a manager—but aside from maybe going...more
Under UK data protection legislation, individuals, also called “data subjects”, have the right to make a data subject access request (DSAR) to organisations that “process” their personal data. Similar rights are required by...more
If you don’t know where your business collects, stores, and processes consumer data, you can’t manage that data in a compliant fashion. You won’t know whether...more
As many employers will be aware, data subject access requests (DSARs) can take up a significant amount of business resources and are a common tactic used by disgruntled employees. A recent decision from the Court of Justice...more
Getting into compliance with the California Consumer Privacy Act (CCPA) can seem like an overwhelming task. After all, the law is comprised not only of a dense statute and detailed regulations, but the amendment effective...more
Both the EU and UK GDPR grant data subjects rights in relation to their personal data. Article 15 gives data subjects the right to access their personal data and increasingly, data subjects are exercising this right by...more
Iowa has joined California, Colorado, Utah, Connecticut, and Virginia in the growing rank of states to enact a statewide consumer data privacy law. Dubbed the Iowa Consumer Data Protection Act (ICDPA), the regulation was...more
For the most part, businesses gather employee data without too much thought. Sure, some data is obviously private, like employee social security numbers, but other than that, businesses can pretty much do what they want with...more
To date, 71% of the world’s countries feature some form of privacy legislation. More and more businesses are subject to data privacy regulations, and more and more businesses are working hard to ensure they’re respecting...more
According to research by the International Association of Privacy Professionals (IAPP), privacy is growing—but not fast enough. Privacy teams are growing by 12% year-over-year, but many organizations are still struggling to...more
In 2023, new comprehensive data privacy laws come into effect in five states — California, Colorado, Connecticut, Utah, and Virginia. The California Privacy Rights Act of 2020 (CPRA) and the Virginia Consumer Data Protection...more
At midnight on the 25th of May, 2018, millions of people were suddenly in possession of legal rights they lacked minutes before thanks to the General Data Protection Regulation (GDPR). Among those rights were the ability to...more
Anybody whose responsibilities include privacy can relate: Most people vastly underestimate the complexity of data privacy compliance. And that’s if they understand why data privacy compliance matters at all....more
The ability to verify compliance with applicable law, notice and opt-out requirements for subcontractors, and flowing through data minimization principles are key requirements under new US state data protection laws. As...more
Data is what makes the modern business world go around. But as the amount of data that organizations collect and process grows, so, too, do concerns about data security and how organizations respond to DSARs. These...more