Welcome to October's GrailMail! We’re back with essential updates, in depth analysis, and actionable insights to help you stay ahead of the curve in the data privacy landscape.
It’s been a busy month across the data privacy landscape, with major state laws advancing and new compliance challenges on the horizon. Here’s what’s shaping the landscape and what’s new from DataGrail.
In case you missed it, last week, DataGrail’s 2025 Privacy Risk Summit brought together top voices in privacy, legal, and security for a half-day of real-world insights and tactical guidance. Check out the section below to watch sessions on demand and explore top takeaways from the event.
We’re also gearing up for IAPP PSR in San Diego this week (October 30–31). Stop by the DataGrail booth (#319) for complimentary craft coffee, exclusive swag, and conversations with our privacy experts.
Privacy Risk Summit 2025: Watch On Demand 🎥
Couldn’t make it live? You can now watch the Privacy Risk Summit on demand featuring top privacy experts and industry leaders sharing tactical insights for 2025 and beyond.
Staying Ahead of AI and Global Privacy Regulations Omer Tene (Goodwin), Shannon Yavorsky (Orrick), and Dr. Gabriela Zanfir-Fortuna (Future of Privacy Forum) unpacked global privacy enforcement trends and shared strategies to prepare for new AI-focused laws.
DataGrail Product Spotlight: AI-Powered Risk Management DataGrail’s Chief Product Officer, Eric Brinkman and Senior Product Manager, Lisa Wang unveiled Risk Register and shared how DataGrail is using advanced connectivity, automation, and responsible AI to help privacy teams reduce risk.
Privacy in Action: Lessons from Data Privacy Heroes Anna Rogers (nCino), Randy Wood (Cricut), and Jennifer Dickey (Dykema) shared how privacy teams are driving business impact through cross-functional trust.
Whether you’re focused on compliance, AI governance, or risk reduction, these sessions offer actionable takeaways and peer-driven insights to help future-proof your privacy program.
Here’s what you need to know from October’s data privacy news. 👇
🚨 UK Government Issues New Data Demand for Apple Users
The UK government has granted itself new authority to demand access to Apple users’ personal data, escalating its dispute with the company over encryption and user privacy. This move underscores growing tensions between tech firms and governments over access to private information. Read more here.
🏛 Governor Newsom Signs Landmark Opt-Out Law
California Governor Gavin Newsom has signed the California Opt Me Out Act (AB 566) into law — the first of its kind in the U.S. The law requires browsers to include a setting that allows consumers to send an opt-out signal, giving Californians an easier way to exercise their privacy rights. Read more here.
💼 States Turn to Outside Firms for Major Privacy Settlements
State attorneys general — including those from Texas and Nebraska — are partnering with private law firms to bring major data privacy lawsuits against tech companies. This new model is driving multimillion-dollar settlements and signaling a more aggressive wave of state-level enforcement. Read more here.
🔒 Apple Prepares to Comply with Texas Age Assurance Law, Warns of Privacy Risks
Apple announced its intent to comply with Texas’s new age assurance law (SB2420), but raised concerns that the law’s requirements to collect personal data could undermine user privacy. The company highlighted that even basic app downloads could soon require sensitive information.Read more here.
We’re thrilled to announce the launch of Risk Register, the next evolution in privacy program technology. Built for today’s rapidly shifting environment of data regulations, AI-enabled workflows, and decentralized systems, Risk Register gives privacy, security and compliance teams a centralized hub to identify, score and mitigate risk across the enterprise.
With Risk Register, teams can:
Centralize risk tracking across systems, vendors, and processes.
Leverage AI-powered insights to automatically surface and prioritize emerging risks.
Simplify reporting and demonstrate compliance readiness with confidence.
When a breach hits, every minute counts. This blog introduces a GPT-powered prompt that builds a complete, regulator-ready incident response plan in minutes — timelines, roles, deadlines, and communications included.
Traditional compliance roadmaps can’t keep up with constant change. Learn how dynamic privacy planning helps teams stay agile amid evolving laws, new technologies, and shifting business priorities.
Turn GPT-5 into your expert privacy reviewer. This prompt helps legal teams analyze data processing agreements faster and more consistently — flagging risks, obligations, and compliance gaps with precision.
Join us for an inside look at Risk Register, DataGrail’s newest AI-powered hub for centralized risk management. See how privacy, security, and compliance teams leverage intelligent automation to identify, prioritize, and mitigate risks, all from one unified platform
Are you passionate about privacy, legal, or security issues? Want to connect with like-minded professionals and stay ahead in a rapidly evolving landscape?
We’ve got everything from privacy law updates to career tips, monthly privacy huddles, and exclusive resources tailored for the privacy community. Don’t miss out on the chance to be part of a vibrant network committed to advancing data privacy.
See you next time! 👋
Colleen
This was sent to your email. If you do not wish to receive news and product updates in this format, please manage your preferences below.
.png?upscale=true&width=1040&upscale=true&name=Upcoming%20Deadlines%20and%20Regulations%20(1).png)
.png?upscale=true&width=1120&upscale=true&name=October%20(2).png)
.png?upscale=true&width=1040&upscale=true&name=GrailMail%20Headers%20(2).png)
.png?upscale=true&width=1040&upscale=true&name=GrailMail%20Headers%20(3).png)
