Featured

Cybersecurity month starts with a critical compliance date for the Department of Justice (DOJ)’s Data Security Program (DSP). Starting on Oct. 6, any U.S. person or company handling Americans’ bulk sensitive or personal data or U.S. government-related data must implement a written data compliance program that lays out specified due diligence, audit, reporting, and recordkeeping processes for covered data transactions.
Continue Reading Incoming Deadlines and Requirements for DOJ’s Data Security Program on Oct. 6, 2025

On Sept. 23, 2025, the California Privacy Protection Agency (CPPA) announced that the state’s Office of Administrative Law (OAL) had formally approved the CPPA’s wide-ranging package of revised and new California Consumer Privacy Act (CCPA) regulations.
Continue Reading Revised and New CCPA Regulations Set to Take Effect on Jan. 1, 2026 – Summary of Near-Term Action Items

The EU Data Act (Regulation (EU) 2023/2854) introduces a comprehensive framework to enhance data portability and reduce vendor lock-in across the EU digital economy. One impactful component is the cloud switching regime (Chapter VI), which establishes broad obligations to facilitate switching between “data processing services.” For providers of cloud-based services (such as Infrastructure

Greenberg Traurig is hosting a timely webinar on October 15, guiding organizations through the upcoming DOJ enforcement of the Data Security Program. GT experts will cover compliance obligations, risk mitigation strategies, and practical steps to identify and manage sensitive data transactions ahead of the July 2025 enforcement deadline.

Continue Reading Webinar | From Risk to Readiness: Preparing for DOJ Enforcement of the Data Security Program

Greenberg Traurig’s 2025 Data Privacy Symposium in Chicago gathered more than 100 professionals for interactive sessions exploring the latest in data privacy, cybersecurity, and technology. Expert speakers led conversations on AI, AdTech, breach response, privacy litigation, and more, while attendees enjoyed networking opportunities at a lively reception and dinner.


Continue Reading Highlights from the Data Privacy Symposium 2025

The effective date for Colorado’s groundbreaking Artificial Intelligence Act has been pushed back by five months, now set for June 30, 2026. Gov. Jared Polis signed amendments after extensive debate in a special legislative session, giving lawmakers more time to address substantive concerns. With continued disagreement among stakeholders, it remains uncertain if further changes will be made before the new deadline.
Continue Reading Colorado Delays Comprehensive AI Law With Further Changes Anticipated

On Sept. 3, 2025, in a much-anticipated legal decision, the European General Court (EGC) rejected the request of a French member of Parliament to annul the EU-U.S. Data Privacy Framework (DPF or Framework). 

Although this decision reinforces that U.S. organizations that have self-certified as to their adherence to the DPF principles may continue to receive

The upcoming EU Data Act introduces a user-centric approach to data generated by IoT devices, giving individuals and organizations unprecedented control over both personal and non-personal data. Discover what this paradigm shift means for data holders, business models, and the future of data sharing in the EU.
Continue Reading Action Required for Manufacturers of Connected Devices: Challenges Under the EU Data Act

NIS 2 (Directive (EU) 2022/2555), the European Union’s updated framework for cybersecurity, is designed to enhance cybersecurity across the EU by establishing a high common level of security for network and information systems.
Continue Reading EU NIS 2 Directive: Expanded Cybersecurity Obligations for Key Sectors