Gretchen A. Ramos is Global Co-Chair of the Data, Privacy & Cybersecurity Practice. Gretchen is a creative problem-solver that various large tech clients rely on to handle their most challenging data protection issues. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach in providing advice. She works closely with her clients to manage data and leverage its value in ways to meet compliance obligations, as well as deliver value to the business and instill consumer trust.
Gretchen has wide-ranging experience counseling organizations in various industries, including digital health, financial services/cryptocurrency, ecommerce, technology (SaaS), consumer products and academic institutions. She provides clients with practical business advice on compliance with state and federal U.S. laws, CCPA, CPRA, GDPR, ePrviacy Directive, and other global privacy laws in relation to their websites and internal privacy and security procedures, product and app development, and advertising practices. Gretchen also regularly drafts and negotiates contracts concerning data-related issues, assists clients in assessing privacy risks in corporate transactions, and provides guidance on and conducts privacy and security assessments. She has also managed hundreds of data breaches, and regularly assists clients prepare for, immediately respond, and determine their various notification requirements.
Gretchen defends companies facing FTC and other regulatory investigations, and individual and class action claims involving privacy, information security, and consumer protection. She has litigated, mediated, and arbitrated commercial disputes, including class actions, at state and federal courts nationwide, and has tried numerous cases to verdict. Her wide-ranging litigation background allows her to advise clients on the litigation risks they face in determining how to handle data protection issues.
- EU GDPR, ePrivacy compliance
- Cross-border transfer mechanisms (Standard Contractual Clauses, Binding Corporate Rules, APEC Cross-Border Privacy Rules ), and data processing and sharing agreements
- HIPAA, CMIA, COPPA,TCPA CAN-SPAM
- Behavioral advertising, automated processing and profiling
- FTC CIDs, State Attorney General investigations
- Security breach response and notification
- Privacy and security gap assessments
- Data protection due diligence in relation to mergers and acquisitions
- DPIAs and addressing complicated privacy issues relating to product development