Rie Aleksandra - DPO Hub

EDPB meeting agendas and minutes

members – 7 min read

Sep 11, 2025

CJEU C-655/23 Quirin Privatbank 4 Sep 2025

members – 3 min read

GDPR offers no judicial remedy outside erasure requests to stop future unlawful processing, but Member States may. Non-material damage covers negative feelings – if proven. A controller’s fault doesn’t affect compensation, and a court order banning repeat GDPR violations can’t reduce or replace it.

Sep 7, 2025

CJEU C-413/23 P EDPS v SRB (Concept of personal data) 4 Sep 2025

members – 3 min read

CJEU on General Court: 1) ❌ Someone's comment = their personal data, no need to examine further 2) ✅ Pseudonymised data isn’t always personal data for everyone, in every case 3) ❌ Identifiability must be assessed when data is collected and from the controller’s perspective; Deloitte's not relevant.

Sep 7, 2025

Adequacy decisions

members – 3 min read

5 Sep: Commission with 🇧🇷 Brazil draft adequacy decision – Up next: EDPB Opinion, Member States reps approval and EP "right of scrutiny" | 22 July: Commission deems 🇬🇧 UK DUAA adequate.

Sep 6, 2025

National DPA news

members – 4 min read

Latest: Not-so-new 🇬🇧 encryption guidance (#IAPPfail) | New 🇨🇿 Cybersecurity Act | Annual reports: 🇮🇸

Sep 6, 2025

AI (Act) resources

members – 17 min read

Latest: 🇳🇱 AI Act Guide (in 🇬🇧) | 🇩🇪 DPAs protest proposal to move AI oversight | Commission seeks feedback on AI dynamics, fairness and contestability in DMA review | Commission & AI Board confirms GPAI Code of Practice can demonstrate compliance (and see combined PDFs)

Sep 6, 2025

CJEU T-553/23 Latombe v Commission 3 Sep 2025

members – 2 min read

"The General Court dismisses the action for annulment" and the EU-US DPF remains valid! For now – the case will likely be appealed.

Sep 3, 2025

CJEU C-383/23 ILVA (GDPR fine) 13 Feb 2025

members – 4 min read

2 Sep: 💸 ILVA fined €201k | When fining a controller in a corporate group, DPAs must base the maximum fine on the *group’s* total worldwide turnover from the prior business year. A crucial ruling for anyone in a company group – here's also text you can copy for an email to your Management/Board.

Sep 2, 2025

Events 2025

members – 5 min read

Added 15-17 Oct 🇫🇷 Paris: European Health Data Protection Congress | Registration open for 13-14 Oct 🇧🇪 Brussels: CEDPO DPO Conference

Sep 2, 2025

Welcome! Start here 👇

members – 2 min read

Bumping this as reminder – to make the most out of your subscription, read through this post: How to use DPO Hub effectively and find your way around.

Aug 30, 2025

10x CJEU in Sep + Community Learning Seasons: risks, DPIAs

members – 3 min read

🚨 Two key CJEU rulings: EDPS v SRB on personal data & pseudonymisation (3 Sep.) and Latombe v Commission on the EU-US DPF (4 Sep.), plus one more ruling and seven Advocate General opinions. Buckle up!

Aug 29, 2025

The DPO role: Key resources

members – 3 min read

Latest: 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Aug 25, 2025