Rie Aleksandra - DPO Hub (Page 2)

Adequacy decisions

members – 3 min read

20 Oct: EDPB adopts opinions on UK GDPR & LED | 16 Sep: Republic of Korea EU adequacy decision | 5 Sep: Commission with 🇧🇷 Brazil draft adequacy decision – Up next: EDPB Opinion, Member States reps approval and EP "right of scrutiny" | 22 July: Commission deems 🇬🇧 UK DUAA adequate.

Oct 20, 2025

EDPB meeting minutes 8 Jul 2025

members – 2 min read

Oct 17, 2025

Events 2025

members – 5 min read

Up next: 🇩🇪 ENISA Annual Privacy Forum 🇲🇹 IDPC FRIA workshop 🇫🇮 Cyber Security Nordic 🇮🇪 PDP Data Protection Conference 🇬🇧 Privacy Space 🇧🇪 IAPP 🇬🇧 WI Data Protection Conference 🇳🇴 Personvernkonferansen 🇳🇱 AI Supervisory Congress 🇸🇪 IMY DPO "conference" (=3-hour webinar)

Oct 17, 2025

EDPB CEF: Coordinated Enforcement Framework

members – 2 min read

2026 topic: 📝 transparency & information | 2025 report due in "months" | The EDPB created the CEF initiative under its 2021-2023 Strategy to enhance enforcement and strengthen cooperation among DPAs. Each year, they collectively choose a priority enforcement topic for coordinated (voluntary) action.

Oct 15, 2025

DPIAs: Key resources

members – 5 min read

Data Protection Impact Assessments (DPIAs) key resources v1 – starting with every DPA's website!

Oct 12, 2025

UK ICO fines Clearview AI €8.9m and orders stop in processing

members – 2 min read

And on 8 Oct 2025, the 🇬🇧 Upper Tribunal (appeal court) upheld three of Information Commissioner’s four grounds of appeal, sending the case back to the lower appeal court.

Oct 12, 2025

The DPO role: Article 37(1)(b)

members – 5 min read

10 Oct: Estonia's thresholds for 'large-scale' (5k, 10k, 50k) | Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?

Oct 10, 2025

EDPB Guidelines 1/2025 Pseudonymisation (public consultation)

members – 2 min read

STAKEHOLDER EVENT – more details to come. EDPB hotly debated pseudonymisation guidelines – to be finalised after the public consultation closed in Feb 2025.

Oct 9, 2025

EDPB meeting agendas and minutes

members – 7 min read

9 Oct Press release: DMA ↔ GDPR interplay guidelines published for public consultation | Oct agenda: 🚨 Draft 'Consent or Pay' guidelines to be discussed | Enforcement strategies | EDPB stakeholder engagement | Selecting topics for CEF 2026 | BCR draft decisions: 🇫🇷 Tessi, 🇵🇱 Box

Oct 9, 2025

CJEU T-384/20 RENV OC v Commission (C-479/22 P)

members – 4 min read

🔥 Update: After the CJEU sent the case back, the General Court has ordered the European Commission to pay a Greek scientist €50,000 for unlawfully processing her personal data in a press release, causing reputational, career and health-related harm.

Oct 7, 2025

CJEU T-553/23 Latombe v Commission 3 Sep 2025

members – 3 min read

[🇬🇧 version finally available!] "The General Court dismisses the action for annulment" and the EU-US DPF remains valid.

Oct 2, 2025

Norway DPA fines the Labour and Welfare Administration (NAV) NOK 20 million

members – 6 min read

[updated] After the Privacy Appeals Board overturned substantial parts of the DPA's decision against the Labour and Welfare Administration (NAV), including the record NOK 20 million fine, the DPA has decided to reassess the case.

Oct 1, 2025