Profile
Gretchen A. Ramos is Global Co-Chair of the Data Privacy & Cybersecurity Practice. Gretchen is a creative problem-solver that various large tech companies rely on to handle their most challenging data protection and AI issues. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach in providing advice. She works closely with her clients to manage data and leverage its value in line with the complex regulatory landscape, instills consumer trust and delivers value to the business.
Gretchen has wide-ranging experience counseling organizations in various industries, including digital health, financial services, cryptocurrency, ecommerce, technology (SaaS), consumer products and academic institutions. She works with clients to undertake comprehensive privacy, cybersecurity and artificial intelligence risk assessments, and provides practical business advice on all aspects of their privacy, cybersecurity and artificial intelligence programs, including website compliance and advertising issues.
Gretchen regularly drafts and negotiates data processing and sharing contracts, is an expert on the cross-border contracting issues, and regularly assists clients in assessing privacy risks in corporate transactions and in relation to new products or services. She has managed hundreds of data breaches, and regularly works with clients in responding, and determining their various notification requirements.
Gretchen defends companies facing FTC and other regulatory investigations, and individual and class action claims involving privacy, information security, and consumer protection.
Concentrations
- CCPA, CPA, CTDPA, UCPA, VCDPA, GLBA, HIPAA, CMIA, COPPA
- EU GDPR, UK GDPR, LGPD, PIPL, Quebec Law 25
- Cross-border transfer mechanisms - EU-U.S. Data Privacy Framework, SCCs, UK IDTA, Binding Corporate Rules, APEC CBPR, and TIAs
- ePrivacy Directive, PECR, TCPA, CAN-SPAM
- FTC CIDs, State Attorney General investigations
Capabilities
Experience
- Certified Information Privacy Professional (CIPP/US, CIPP/EU, CIPM)
- Works with dozens of ecommerce companies to ensure website documentation, registration flows and adtech issues are compliant with applicable laws.
- Assists various digital health startups data privacy and security programs, advertising practices and contracting structure that is compliant with applicable laws and their data needs.
- Counsels leading cryptocurrency exchange platform and various financial institutions in relation to various data protection issues.
- Assists several genomic data companies with developing global privacy programs by advising on and leading compliance efforts relating to GDPR, ePrivacy Directive, HIPAA, CMIA, and various other applicable regulations in the United States and abroad as their businesses expand.
- Advises various multinational corporations on international data transfer mechanisms, including Supplementary Measures for transfer of EEA personal data, Binding Corporate Rules, and APEC’s Cross Border Privacy Rules system.
- Assists various gaming companies with compliance issues relating to COPPA, GDPR, and CCPA.
- Provides guidance to companies on cyber insurance issues and handling coverage disputes that arise with insurers.
Recognition & Leadership
- Listed, The Legal 500 United States, Media, technology and telecoms - Cyber law (including data privacy and data protection), 2024
- Listed, Euromoney's Expert Guides: "Women in Business Law," 2021-2022
- Shortlisted, Euromoney, "Women in Business Awards - Best in Privacy & Data Protection," 2022
- Shortlisted, Euromoney, "Women in Business Awards - Best in Cybersecurity," 2020
- Named, Daily Journal, "Top Women Lawyers," 2019
- Named, Daily Journal, "Top Cyber/Artificial Intelligence Lawyers in California," 2019-2020
Credentials
- J.D., Northeastern University, 1996
- B.A., Hamilton College, 1993
- U.S. District Court for the District of Nevada, 1997-1999
- California
- Massachusetts