A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Privacy pros are passionate about doing good work, in every sense of the word. Yes, we care about managing privacy as thoroughly and efficiently as possible (and not getting fined). But we are all in this line of work for a...more
On February 27 2025, the Court of Justice of the European Union (CJEU) delivered a judgment in CK v Dun & Bradstreet (Case C-203/22). This judgment clarifies the GDPR provisions regarding the right of access to personal...more
It’s no longer good enough for your business to have a reactive approach to consumer privacy – you need a proactive strategy to manage compliance, foster consumer trust, and stay competitive in this modern era. While many...more
Welcome to the latest edition of Updata – the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
When you’re feeling curious about what a business is doing with your personal data, what do you do? You could head down to their brick-and-mortar offices and demand to speak with a manager—but aside from maybe going...more
Under UK data protection legislation, individuals, also called “data subjects”, have the right to make a data subject access request (DSAR) to organisations that “process” their personal data. Similar rights are required by...more
If you don’t know where your business collects, stores, and processes consumer data, you can’t manage that data in a compliant fashion. You won’t know whether...more
Iowa has joined California, Colorado, Utah, Connecticut, and Virginia in the growing rank of states to enact a statewide consumer data privacy law. Dubbed the Iowa Consumer Data Protection Act (ICDPA), the regulation was...more
For the most part, businesses gather employee data without too much thought. Sure, some data is obviously private, like employee social security numbers, but other than that, businesses can pretty much do what they want with...more
According to research by the International Association of Privacy Professionals (IAPP), privacy is growing—but not fast enough. Privacy teams are growing by 12% year-over-year, but many organizations are still struggling to...more
In 2023, new comprehensive data privacy laws come into effect in five states — California, Colorado, Connecticut, Utah, and Virginia. The California Privacy Rights Act of 2020 (CPRA) and the Virginia Consumer Data Protection...more
At midnight on the 25th of May, 2018, millions of people were suddenly in possession of legal rights they lacked minutes before thanks to the General Data Protection Regulation (GDPR). Among those rights were the ability to...more
Anybody whose responsibilities include privacy can relate: Most people vastly underestimate the complexity of data privacy compliance. And that’s if they understand why data privacy compliance matters at all....more
The ability to verify compliance with applicable law, notice and opt-out requirements for subcontractors, and flowing through data minimization principles are key requirements under new US state data protection laws. As...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
On 18 July 2022, the UK government introduced the Data Protection and Digital Information Bill to Parliament for its first reading. Following the UK leaving the European Union in 2020, the Bill sets out the proposed reforms...more
Data subject access requests (DSARs) are a cornerstone of the data protection regime, being fundamental in helping individuals to exercise their rights. If individuals do not know what information an organisation has about...more
With the use of Data Subject Access Requests (DSARs) becoming increasingly common, it is important that anyone dealing with personal data understands what a DSAR is, when it can be used, how an organisation should respond to...more
In the not-so-distant past, data risk was primarily seen as a technology challenge. How can organizations store all the data they accumulate? How can they sort and analyze it? How can they protect it from exfiltration by...more
Data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are a major cause for concern for organizations. While the biggest fines garner headlines, such as...more
The Information Commissioner’s Office (ICO) recently released its response to the UK government consultation, ‘Data: A new direction’. The consultation was conducted by the Department for Digital, Culture, Media and Sport...more
China recently enacted its Personal Information Privacy Law (PIPL), which came into effect November 1, 2021. PIPL has global reach and broadly regulates entities of all industries that process the personal data of Chinese...more
UK employers have just about got used to the idea of GDPR, but the government has launched a consultation on reforms to the data protection regime....more
In the last few years, data privacy laws and regulations have been big news. Much of the coverage—including one of our recent blog posts—concerned website compliance. Companies scrambled to post notices and forms on their...more
Back in November, I wrote on this blog about Big Data being one of the challenges that is forcing technology to move more to the data sooner in the discovery process. One of the most notable fun facts that illustrate just how...more