Welcome to January's GrailMail! We’re back with essential updates, in depth analysis, and actionable insights to help you stay ahead of the curve in the data privacy landscape.
This was a huge month for data privacy, kicking off with 5 new state privacy laws going into effect. We also wrapped up January with Data Privacy Week, which included our exclusive Privacy Huddle and a trivia raffle featuring daily challenges in our community.
Data privacy is evolving rapidly, and 2025 promises significant change. Consumers will demand greater control over their personal information, while businesses face mounting regulations, tech challenges, and rising expectations.
In case you’re not up to speed with the new laws that came out this month watch our on demand webinar: How January’s 5 New Privacy Laws Will Change Data Privacy in 2025. Your peers from Benchling, Outreach, Route, and NETGEAR shared how they are managing new regulations.
Now, let’s dive into the top news stories in January.
🌍 In a first, EU Court fines EU for breaching own data protection law
The EU General Court ruled that the European Commission must pay damages to a German citizen for failing to comply with its own data protection regulations.
The court determined that the Commission transferred the citizen's personal data to the United States without proper safeguards and ordered it to pay him 400 euros ($412) in damages. Read more on the story here.
đźš— FTC announces proposed settlement with GM for selling connected vehicle data
The Federal Trade Commission has reached a settlement agreement with General Motors Co. and its OnStar subsidiary for collecting and selling driving behavior data from millions of vehicles in the U.S. without adequate consent.
As part of the proposed agreement, GM will be banned from disclosing sensitive data to consumer reporting agencies for five years from the date the order is entered.
A surprising new piece of legislation—the Texas Responsible AI Governance Act (TRAIGA)—threatens to upend the state’s pro-business reputation.
The proposed bill, introduced as HB 1709, is one of the most aggressive AI regulatory efforts yet seen in the United States, rivaling even California and Europe in its scope. Read more here.
🤖 China’s DeepSeek AI poses formidable cyber, data privacy threats
China’s DeepSeek AI model represents a transformative development in China’s AI capabilities, and its implications for cyberattacks and data privacy are particularly alarming.
By leveraging DeepSeek, China is on its way to revolutionizing its cyber-espionage, cyber warfare, and information operations, all of which pose significant threats to the U.S. and the West. Read more here.
5 new state privacy laws went into effect this month, signaling growing privacy protections across states. But each comes with its own mix of requirements for consent, data rights, and business obligations. Visit our blog to get a breakdown of what you need to know about each new law.
Get Ready for the EU AI Act, Phase 1: Discover & Catalog
The AI Act outlines a set of rules for organizations operating in the EU with enforcement starting in late 2024 and expanding through 2027. Security and risk management leaders should immediately start discovering and cataloging AI-enabled capabilities ahead of the mandatory risk assessment.
This week we announced several new DataGrail Live Data Map features that make it even easier for privacy and security teams to find and mitigate privacy risk across their business.
As data privacy and compliance requirements continue to evolve, privacy and security professionals must shift from chasing scattered personal data across a sea of systems to proactively pinpointing, prioritizing, and managing risk in real-time. Live Data Map is purpose-built to support this evolution by bringing together AI-powered system detection, data discovery, and risk management across the entire tech ecosystem—in the most secure way possible.
🔍 What’s New?
Day 1 risk insights for +2,400 apps with no tedious, costly scanning
Real-time processing risks, system details, and mitigation activities in one place
Streamlined PIA and DPIAs directly from Live Data Map
Dynamic RoPA generation for your entire business or custom slices
We’re proud to announce that DataGrail was included in the inaugural IDC ProductScape: Worldwide Data Privacy Compliance Software, 2025 report, which compares the offering functionality among technology product or services suppliers in data privacy compliance software.
According to the IDC ProductScape, “DataGrail has a robust ecosystem of connectors that consider the most popular SaaS applications but also include connectors to hosted or on-premises databases.”
On January 15, 2025, the NJDPA went into effect, granting residents greater control over their personal information while holding businesses to higher standards of transparency and accountability.
The NJDPA stands out with its broad definition of sensitive data and unique provisions that apply to a wide range of organizations, including nonprofits and higher education institutions. For businesses, this marks a pivotal moment to reevaluate data practices and embrace a new era of compliance.
The NHPA grants residents greater control over their personal data while introducing clear obligations for businesses handling such information.
Signed into law on March 6, 2023, the NHPA mirrors privacy principles seen in other state laws but takes a more balanced approach, focusing on consumer rights, transparency, and business feasibility. It avoids the heavy-handed regulatory complexities of stricter laws like California’s while still giving consumers meaningful control over their data.
Are you passionate about privacy, legal, or security issues? Want to connect with like-minded professionals and stay ahead in a rapidly evolving landscape?
Whether you're just starting out or a seasoned pro, there’s a place for you here! Don’t miss out on the chance to be part of a vibrant network committed to advancing data privacy.
See you next time! đź‘‹
Megan
This was sent to your email. If you do not wish to receive news and product updates in this format, please manage your preferences below.