Welcome to January's GrailMail! We’re back with essential updates, in depth analysis, and actionable insights to help you stay ahead of the curve in the data privacy landscape.
View in browser
DataGrail-Logo-HorizontalLockup-969690
GrailMail_Hero_Update_240531
 

Happy January, folks. ✨

 

This was a huge month for data privacy, kicking off with 5 new state privacy laws going into effect. We also wrapped up January with Data Privacy Week, which included our exclusive Privacy Huddle and a trivia raffle featuring daily challenges in our community.

 

Data privacy is evolving rapidly, and 2025 promises significant change. Consumers will demand greater control over their personal information, while businesses face mounting regulations, tech challenges, and rising expectations.

 

We’re sharing our five key data privacy predictions that will shape 2025, as well as the growing trends that businesses and consumers alike will need to navigate.

unnamed-1

In case you’re not up to speed with the new laws that came out this month watch our on demand webinar: How January’s 5 New Privacy Laws Will Change Data Privacy in 2025. Your peers from Benchling, Outreach, Route, and NETGEAR shared how they are managing new regulations. 

 

Now, let’s dive into the top news stories in January.
GrailMail Headers

🌍 In a first, EU Court fines EU for breaching own data protection law

  • The EU General Court ruled that the European Commission must pay damages to a German citizen for failing to comply with its own data protection regulations.
  • The court determined that the Commission transferred the citizen's personal data to the United States without proper safeguards and ordered it to pay him 400 euros ($412) in damages. Read more on the story here.

 

đźš— FTC announces proposed settlement with GM for selling connected vehicle data

  • The Federal Trade Commission has reached a settlement agreement with General Motors Co. and its OnStar subsidiary for collecting and selling driving behavior data from millions of vehicles in the U.S. without adequate consent. 
  • As part of the proposed agreement, GM will be banned from disclosing sensitive data to consumer reporting agencies for five years from the date the order is entered. 
  • The automaker must also provide greater transparency to consumers over the collection, use and disclosure of their connected vehicle data. You can learn more about the FTC’s proposed settlement here. 

 

🚩 Texas’s Left Turn On AI Regulation

  • A surprising new piece of legislation—the Texas Responsible AI Governance Act (TRAIGA)—threatens to upend the state’s pro-business reputation. 
  • The proposed bill, introduced as HB 1709, is one of the most aggressive AI regulatory efforts yet seen in the United States, rivaling even California and Europe in its scope. Read more here.

 

🤖 China’s DeepSeek AI poses formidable cyber, data privacy threats

  • China’s DeepSeek AI model represents a transformative development in China’s AI capabilities, and its implications for cyberattacks and data privacy are particularly alarming. 
  • By leveraging DeepSeek, China is on its way to revolutionizing its cyber-espionage, cyber warfare, and information operations, all of which pose significant threats to the U.S. and the West. Read more here.

5 new state privacy laws went into effect this month, signaling growing privacy protections across states. But each comes with its own mix of requirements for consent, data rights, and business obligations. Visit our blog to get a breakdown of what you need to know about each new law.

 

Get Ready for the EU AI Act, Phase 1: Discover & Catalog

The AI Act outlines a set of rules for organizations operating in the EU with enforcement starting in late 2024 and expanding through 2027. Security and risk management leaders should immediately start discovering and cataloging AI-enabled capabilities ahead of the mandatory risk assessment.
GrailMail Headers (2)

This week we announced several new DataGrail Live Data Map features that make it even easier for privacy and security teams to find and mitigate privacy risk across their business.

 

As data privacy and compliance requirements continue to evolve, privacy and security professionals must shift from chasing scattered personal data across a sea of systems to proactively pinpointing, prioritizing, and managing risk in real-time. Live Data Map is purpose-built to support this evolution by bringing together AI-powered system detection, data discovery, and risk management across the entire tech ecosystem—in the most secure way possible.

 

🔍 What’s New?

  • Day 1 risk insights for +2,400 apps with no tedious, costly scanning
  • Real-time processing risks, system details, and mitigation activities in one place
  • Streamlined PIA and DPIAs directly from Live Data Map
  • Dynamic RoPA generation for your entire business or custom slices

 

Check out our monthly product release blog here.
GrailMail Headers (3)

DataGrail included in IDC ProductScape: Worldwide Data Privacy Compliance Software, 2025

  • We’re proud to announce that DataGrail was included in the inaugural IDC ProductScape: Worldwide Data Privacy Compliance Software, 2025 report, which compares the offering functionality among technology product or services suppliers in data privacy compliance software.
  • According to the IDC ProductScape, “DataGrail has a robust ecosystem of connectors that consider the most popular SaaS applications but also include connectors to hosted or on-premises databases.” 

 

What You Need To Know About New Jersey’s New Data Privacy Law

  • On January 15, 2025, the NJDPA went into effect, granting residents greater control over their personal information while holding businesses to higher standards of transparency and accountability.
  • The NJDPA stands out with its broad definition of sensitive data and unique provisions that apply to a wide range of organizations, including nonprofits and higher education institutions. For businesses, this marks a pivotal moment to reevaluate data practices and embrace a new era of compliance.

 

What You Need To Know About Hampshire’s New Data Privacy Law

  • The NHPA grants residents greater control over their personal data while introducing clear obligations for businesses handling such information.
  • Signed into law on March 6, 2023, the NHPA mirrors privacy principles seen in other state laws but takes a more balanced approach, focusing on consumer rights, transparency, and business feasibility. It avoids the heavy-handed regulatory complexities of stricter laws like California’s while still giving consumers meaningful control over their data.

Are you passionate about privacy, legal, or security issues? Want to connect with like-minded professionals and stay ahead in a rapidly evolving landscape?

 

Become a member of our Privacy Community!

Privacy_Community

Whether you're just starting out or a seasoned pro, there’s a place for you here! Don’t miss out on the chance to be part of a vibrant network committed to advancing data privacy.

See you next time! đź‘‹

Megan

This was sent to your email. If you do not wish to receive news and product updates in this format, please manage your preferences below.

© 2024 DataGrail, Inc. and/or its affiliates. All rights reserved.
Various trademarks held by their respective owners.

DataGrail, 225 Bush Street, Suite 360, San Francisco, CA 94104

Unsubscribe Manage preferences

DataGrail-Emblem-969690
LinkedIn
X
YouTube