Rie Aleksandra - DPO Hub

The Coordinated Supervision Committee (CSC)

members – 1 min read

New Activities report (likely irrelevant for most). The CSC brings together DPAs and the EDPS to coordinate supervision of large-scale IT systems (e.g. IMI, Europol, SIS, Eurojust) and EU bodies under the EUDPR or relevant EU laws.

Feb 21, 2025

DPA priorities and annual reports

members – 1 min read

Latest: 🇸🇪IMY annual report. 🇩🇰 Datatilsynet focus areas.

Feb 21, 2025

AI (Act) resources

members – 11 min read

🇬🇧 Gov. AI Playbook + ICO debunks myths 🇫🇷 CNIL: Responsible innovation recommendations. Commission: AI systems definitions + illegal practices guidances 🇦🇹 DPA: AI ↔ data protection FAQ 🇸🇪 IMY: Gen. AI ↔ GDPR. Great tool from D. Rosenthal: Office AI add-in (Windows).

Feb 21, 2025

Member memos

members – 33 min read

Important update: Member memos have moved to the NoTies Community. If you’re not a member yet, reply to the last email update to request an invite, as the link isn’t shared publicly.

Feb 20, 2025

Dealing with access requests in practice

members – 3 min read

Recommendations on how to deal with the Right of access - DSARs - in practice (with grumpy DSARs checklist).

Feb 18, 2025

EDPB meeting minutes 16 jan 2025

members – 1 min read

Anonymisation Guidelines coming (no date yet), Revised DPO Guidelines due Q2 2026, IAB Europe TC String 🇧🇪 national ruling due 19 March, New Support Pool of Experts report: AI bias and data subjects’ rights.

Feb 18, 2025

EDPB meeting minutes 17 Dec 2024

members – 1 min read

No big news - summary of their AI models Opinion discussion (where, interestingly, one EU member voted against adoption). You can safely skip this update.

Feb 18, 2025

Sweden DPA: DPIA practical guidance

members – 1 min read

IMY has shared a DPIA guide, primarily for those with little or no experience. It sets out a clear 10-step process for conducting an "acceptable" DPIA, to be used alone or with their templates. Grab the documents here (Swedish and DeepL translation).

Feb 17, 2025

Events 2025

members – 4 min read

From Alpine days in Switzerland, via Privacy Space in Old Milverton Lane, to Global Privacy Summit in Washington and Global Privacy Assembly in Seoul. Want to connect with fellow hubsters? Read where people are heading in the NoTies Community.

Feb 16, 2025

EDPB Guidelines 1/2025 Pseudonymisation (public consultation)

members – 1 min read

The EDPB's recently shared pseudonymisation guidelines are on public consultation until 28 Feb. Today they've also shared a handy diagram.

Feb 14, 2025

CJEU C-383/23 ILVA (GDPR fine) 13 Feb 2025

members – 3 min read

When fining a controller in a corporate group, DPAs must base the maximum fine on the *group’s* total worldwide turnover from the previous business year. A crucial ruling for anyone in a company group – here's also text you can copy for an email to your Management/Board.

Feb 13, 2025

EDPB press release: AI enforcement task force, age assurance and WADA recommendations

members – 1 min read

EDPB sets up an AI enforcement task force with a "quick response team" and adopts recommendations for WADA's 2027 World Anti-Doping Code, along with a statement on age assurance.

Feb 13, 2025