Rie Aleksandra - DPO Hub (Page 2)

🇮🇪 DPC fines TikTok €530m for China transfers

members – 3 min read

10 July: DPC launches new investigation into China transfers. Earlier: transparency breach by failing to disclose the third countries involved and didn't explain the nature of the transfers in its privacy policy --> get compliant in six months or stop the transfers (but order paused until Oct).

Jul 22, 2025

CNIL shares transfer impact assessment (TIA) practical template

members – 2 min read

NB: On 9 July, CNIL appears to have updated the webpage with that date, though there don’t seem to be any actual changes – and the PDFs are still from January. Either way, here’s a quick reminder! 💬 "CNIL TIA template is one of the best templates available to the public!"

Jul 22, 2025

Events 2025

members – 5 min read

Registration open for 13-14 Oct 🇧🇪 Brussels: CEDPO DPO Conference

Jul 17, 2025

GDPR 2.0?

members – 6 min read

Latest: 🇩🇰 Digital Affairs Minister wants AI Act & DSA simplified too | EDPB & EDPS shares their Joint Opinion: no derogation for the public sector – and stay tuned for Community meetup! The Commission is proposing to simplify the European Single Market, including the GDPR Articles 4, 30, 40 and 42.

Jul 17, 2025

Welcome! Start here 👇

members – 2 min read

Bumping this as reminder – to make the most out of your subscription, read through this post: How to use DPO Hub effectively and find your way around.

Jul 6, 2025

EDPB Helsinki Statement 2 Jul 2025

members – 2 min read

In a "landmark statement", the EDPB announces ready-to-use templates, a harmonised breach notification form, practical checklists and case law-style publications, plus more agile guidance updates and cross-regulatory cooperation to simplify GDPR compliance – especially for SMEs!

Jul 4, 2025

EDPB Guidelines 2/2024 Article 48

members – 5 min read

Update 4 Jul: EDPB shared high-res diagram! Earlier: I've reviewed the final version – mostly clarifications and my annotations on the public consultation one are still valid | EDPB Guidelines on Article 48 covering official requests from third country public authorities for personal data transfers.

Jul 4, 2025

EDPB meeting minutes 5 May 2025

members – 3 min read

No major news, though lots going on in 🇧🇪 (interesting FATCA decision, "abuse of law by NOYB" and mass rejection of NOYB complaints) | Approved 🇬🇧 GDPR & LED adequacy decisions extensions | Interesting 🇫🇷 case the CNIL will "propose a collective and coordinated action" for.

Jun 30, 2025

The UK Data (Use and Access) Act 2025 (DUAA)

members – 8 min read

Get quickly up to speed on the new UK Data (Use and Access) Act. 💬 "there is no need to panic. Many of the changes empower rather than require, and even if embraced could be done so incrementally."

Jun 25, 2025

CJEU C-40/17 Fashion ID 29 Jul 2019

members – 4 min read

You’re a (joint) controller if you use third-party tools on your website that share personal data with the provider – but only for parts where you (jointly) determine purposes and means. If you collect the data, you must inform and get consent, and each controller must pursue a legitimate interest.

Jun 17, 2025

EDPB Support Pool of Experts (SPE) projects

members – 5 min read

An overview of SPE projects. Latest: AI and Data Protection Training curriculum (Jun) | AI Privacy Risks and Mitigations LLMs (Apr) | AI: Complex Algorithms and effective Data Protection Supervision + OSS Case Digest: Right of access (Jan)

Jun 8, 2025

EDPB Annual report 2024

members – 4 min read

EDPB Chair Anu Talus is proud of their 2024 achievements, including the "significantly increased number of consistency opinions adopted under Art. 64(2)". They've also launched a new strategy 2024-2027. But should you read either? (Added link to EDPS' annual report too.)

Jun 8, 2025