The German data protection supervisory authorities have released their take on international data transfers in medical research.
Continue Reading New DSK Guidelines Aim to Set the Standard for International Research Collaborations
Nov. 12-14 EVENT | 2025 Privacy + Security Forum Fall Academy
Greenberg Traurig is a sponsor of the 2025 Privacy + Security Forum Fall Academy taking place from November 12 – 14, at George Washington University in Washington, D.C.
Continue Reading Nov. 12-14 EVENT | 2025 Privacy + Security Forum Fall Academy
2025 CO-ACC Signature Event: Greenberg Traurig Presents The Practicalities of Implementing a Privacy Program
On Oct. 28, 2025, please join Greenberg Traurig and leaders from its Chambers USA Band 1 Retail Industry Group and Privacy & Cybersecurity Practice, along with a legal director from Scott’s Company LLC, for a CLE exploring the evolving landscape of data privacy and security laws and their impact on in-house legal teams.
This expert
Preparing for a CMMC Audit: The System Security Plan
In September, DoD finalized the CMMC Program, along with the accompanying contract clauses, with an effective date of Nov. 10, 2025.
Continue Reading Preparing for a CMMC Audit: The System Security Plan
Recapping CMMC Level 3: Considerations for Government Contractors
On Sept. 10, 2025, the Department Defense (DoD) issued a final rule amending the Defense Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program for government contractors.
Continue Reading Recapping CMMC Level 3: Considerations for Government Contractors
Recapping CMMC Level 2: Considerations for Government Contractors
Starting Nov. 10, 2025, contractors and subcontractors handling controlled unclassified information (CUI) may be required to have a current CMMC Level 2 self-assessment for new contracts and option exercises involving CUI.
Continue Reading Recapping CMMC Level 2: Considerations for Government Contractors
Recapping CMMC Level 1: Considerations for Government Contractors
On Sept. 10, 2025, the Department Defense (DoD) issued a final rule amending the Defense Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program for government contractors. This final rule established a November 10, 2025 go-live date for the start of phase 1 of CMMC. As we covered in our prior
Software Bill of Materials Guidance for Government Contractors
In June 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued draft updated guidance for public comment on the Minimum Elements for a Software Bill of Materials (SBOM), which the National Telecommunications and Information Administration (NTIA) first published in 2021 for federal agencies in response to Executive Order 14028 on Improving the Nation’s Cybersecurity.
Continue Reading Software Bill of Materials Guidance for Government Contractors
Incoming Deadlines and Requirements for DOJ’s Data Security Program on Oct. 6, 2025
Cybersecurity month starts with a critical compliance date for the Department of Justice (DOJ)’s Data Security Program (DSP). Starting on Oct. 6, any U.S. person or company handling Americans’ bulk sensitive or personal data or U.S. government-related data must implement a written data compliance program that lays out specified due diligence, audit, reporting, and recordkeeping processes for covered data transactions.
Continue Reading Incoming Deadlines and Requirements for DOJ’s Data Security Program on Oct. 6, 2025
Revised and New CCPA Regulations Set to Take Effect on Jan. 1, 2026 – Summary of Near-Term Action Items
On Sept. 23, 2025, the California Privacy Protection Agency (CPPA) announced that the state’s Office of Administrative Law (OAL) had formally approved the CPPA’s wide-ranging package of revised and new California Consumer Privacy Act (CCPA) regulations.
Continue Reading Revised and New CCPA Regulations Set to Take Effect on Jan. 1, 2026 – Summary of Near-Term Action Items