No.

The European GDPR permits a company to retain personal data for “no longer than is necessary for the purposes for which the personal data are processed.”[1]  As a result, if a company no longer needs information to accomplish a specific purpose, the company is, theoretically, required to delete that information.  The requirement that

No.

The European GDPR permits a company to collect only that information which is “adequate, relevant and limited to what is necessary in relation to the purposes” for which the information is to be processed.”[1]  As a result, a company arguably is not permitted to collect personal data that is not “necessary” for a

On Friday, Oct. 9 at 9:00 a.m. PST, GT Shareholder Gretchen Ramos (SF) will present “Practical Solutions: Cross Border & Onward Transfers of EEA Data During Uncertain Times” during the PrivacyConnect San Francisco webinar. PrivacyConnect is a free, virtual series that provides an overview of the latest global regulatory updates, requirements, and trends. Through an

On August 27, 2020 the Dutch Data Protection Authority (Dutch DPA) announced that it approved the first ‘code of conduct’ in the Netherlands, the Data Pro Code. The Data Pro Code was drafted by NL Digital, the Dutch industry association for organizations in the ICT sector in the Netherlands.

What is a ‘Code of

The U.S. Department of Homeland Security (DHS)’s Cybersecurity and Infrastructure Security Agency (CISA) has released updated chapters to its Cyber Essentials Toolkits (revised August 17, 2020). CISA, the U.S. risk advisor, is tasked with key responsibilities in relation to defending cyber threats against “.gov” networks while collaborating with federal government partners to build more secure

As the way we work, consume, travel, and interact has changed due to Coronavirus Disease 2019 (COVID-19), so too has the way our children learn and play changed. Millions of children (and families) affected by the closures of in-person schools, day cares, athletics, summer camps, and other kids programming now rely on home computers and

The Court of Justice of the European Union (CJEU)’s historic decision in Schrems II, in which the EU-U.S. Privacy Shield was invalidated, requires businesses to rethink the mechanism they can rely on to transfer personal data from the EU to the United States and other countries. However, how the decision will be enforced remains

On June 24, the California Secretary of State announced that the California Privacy Rights Act (CPRA) has qualified as a statewide ballot initiative to be listed on this November’s General Election ballot.

The announcement follows official confirmation that the nonprofit group behind the ballot initiative, Californians for Consumer Privacy, obtained in excess of the 623,212

Following much anticipation, the Office of the California Attorney General (OAG) moved one step closer to the California Consumer Privacy Act (CCPA)’s wide-ranging implementing regulations becoming enforceable by law by filing the final CCPA Regulations with the California Office of Administrative Law (OAL) on June 1.

The CCPA grants the OAG the authority to begin