General Data Protection Regulation (GDPR), Data Protection, Data Retention

Germany: New Government Plans to Centralize Data Protection Supervision and Reduce Regulation for Small and Medium-Sized Companies

DLA Piper on 4/14/2025

On April 9, 2025, the coalition agreement of the future German Federal Government, consisting of the three German parties CDU, CSU and SPD, was published. The document entitled “Responsibility for Germany” contains several...more

Belgian Data Protection Authority Issues Updated Guidance on Direct Marketing Rules

Alston & Bird on 3/21/2025

On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more

[Webinar] Data Minimization: Why Less is More - February 26th, 11:00 am CST

HaystackID on 2/13/2025

Data minimization is a legal and operational necessity in today’s privacy landscape. There are now legal and operational curbs to the pervasive practice of keeping everything forever. With the rise of global frameworks like...more

Dechert Cyber Bits - Issue 69

Dechert LLP on 1/31/2025

UK Data Regulator Responds to Google’s Policy Shift on Fingerprinting - Google announced that starting February 16, 2025, its platform program policies will change to remove the prohibition in its current policies against...more

GDPR Enforcement: Lessons from Recent Data Privacy Penalties

Pillsbury - Consumer Protection Dispatch on 10/15/2024

Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more

New guidelines for retention of emails

Ius Laboris on 8/8/2024

The Italian Data Protection Authority has adopted an updated version of a guideline document on email retention that it originally issued in December 2023, but which had been suspended....more

Data Privacy Guide - Czech Republic

International Lawyers Network on 5/3/2024

Introduction - The General Data Protection Regulation (Regulation (EU) 2016/679) is the EU regulation which is directly applicable in all member states of the EU, including the Czech Republic, as of 25 May 2018. The new...more

CJEU considers approach to retention of personal data from public debt registers

A&O Shearman on 1/11/2024

In joined Cases C‑26/22 and C‑64/22, related to the German Credit Reference Agency Schufa (see A&O blog on the automated decision making case), the CJEU considered the retention of personal data regarding individuals who had...more

GDPR Data Mapping: A How-To Guide

Osano on 6/2/2023

If you don’t know where your business collects, stores, and processes consumer data, you can’t manage that data in a compliant fashion. You won’t know whether...more

Secure Data Disposal and Data Minimization

Alston & Bird on 2/13/2023

What data can companies collect, and how long can they keep it? Our Privacy, Cyber & Data Strategy Team outlines best practices for companies to comply with international, federal, and state laws and guidance to avoid...more

Data Protection in the British Virgin Islands

Walkers on 2/9/2023

The British Virgin Islands ("BVI") Data Protection Act, 2021 ("DPA") came into force on 9 July 2021. It was introduced so the BVI would have a data protection framework which is broadly similar to EU and UK standards. To...more

Caveat Employer? In the EU and California, Employers Must Beware!

Fox Rothschild LLP on 11/28/2022

Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian Data Protection...more

Deeper Dive: Why Personal Data Deletion Matters

BakerHostetler on 7/15/2022

Our 2022 Data Security Incident Response Report discussed how businesses can be better positioned to meet the tight data breach notification deadlines now imposed in dozens of countries worldwide. In particular, we...more

“One Size Fits All” Data Retention Policies: A Unicorn for International Employers?

Littler on 5/27/2022

Employers often want to have a data retention policy that works for all of their international operations. We look at the challenges with this approach and how to make it work in practice....more

The RIPTA Data Breach May Provide Valuable Lessons About Data Collection and Retention

Jackson Lewis P.C. on 1/13/2022

Efforts to secure systems and data from a cyberattack often focus on measures such as multifactor authentication (MFA), endpoint monitoring solutions, antivirus protections, and role-based access management controls, and for...more

Making the Case for Information Governance and Why You Should Address it Now

Lighthouse on 8/17/2021

You know that cleaning out the garage is a good idea. You would have more storage space and would even be able to put the car into the garage, which is better for security, for keeping it clean, and for ensuring an easy start...more

Updata: Your quarterly privacy & cybersecurity update - April to June 2021

Eversheds Sutherland (US) LLP on 7/16/2021

Welcome to the latest edition of Updata - the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team. Updata provides you with a compilation of privacy and cybersecurity regulatory and...more

France – CNIL releases guidance on data protection aspects of chatbots

A&O Shearman on 3/2/2021

On 19 February 2021, CNIL released guidance on the use of chatbots in compliance with data protection law (the Guidelines). The CNIL notes that in order to operate the chatbots, controllers will often need to process personal...more

Privacy & Cybersecurity Update - January 2021

Skadden, Arps, Slate, Meagher & Flom LLP on 2/4/2021

In this month's edition, we examine the European Commission's Digital Services Act and its potential regulatory impact, the National Institute of Standards and Technology's draft guidance on internet-of-things devices'...more

2020 data protection greatest hits in Spain

Hogan Lovells on 1/7/2021

This is the time of the year in which we look back to what has happened during the last 12 months and try to get ready for what is to come. This can be done in many ways, although one of the most common practices is to rely...more

H&M fined 35 million euros for GDPR violation

Society of Corporate Compliance and Ethics... on 12/16/2020

CEP Magazine (December 2020) - The Hamburg Data Protection Authority issued their largest fine ever under the General Data Protection Regulation (GDPR) for employee-related offenses. A fine of more than €35 million was...more

Further Tension Between National Security and Protecting Privacy: Latest EU Judgments

Akin Gump Strauss Hauer & Feld LLP on 10/14/2020

United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more

H&M Fined 37.8 Million Dollars for Alleged GDPR Violations

Polsinelli on 10/14/2020

What Happened? On October 1, 2020, the Hamburg Data Protection Commissioner (“Hamburg DPA”) fined clothing retailer H&M 37.8 million dollars (EURO 35.2 million) for several violations of the GDPR....more

Client Update: H&M Fined 37.8 Million Dollars for Alleged GDPR Violations

Polsinelli on 10/13/2020

What Happened? On October 1, 2020, the Hamburg Data Protection Commissioner (“Hamburg DPA”) fined clothing retailer H&M 37.8 million dollars (EURO 35.2 million) for several violations of the GDPR....more

How to Maintain CCPA Compliance in the Cloud

Reveal on 10/2/2020

As more organizations find themselves under scrutiny for the way they collect and use consumer data, maintaining CCPA compliance has never been more important. CCPA has been introduced to give control back to consumers,...more

General Data Protection Regulation (GDPR) › Data Protection › Data Retention

"My best business intelligence, in one easy email…"