Rie Aleksandra - DPO Hub (Page 2)

UK ICO fines Capita £14 million for breach after weak security and slow reaction

members – 8 min read

After first flagging a fine with a potential starting point of £97m, the 🇬🇧 DPA heavily reduced it after several mitigating factors we can all learn from. A decision packed with practical lessons for DPOs, data protection and security teams alike!

Oct 26, 2025

Data breaches

members – 2 min read

🇳🇴 DPA with significant breach page change | Upcoming topic page for breaches, prompted by EDPB's summary document. Links so far: Denmark, Finland, France, Greece, Ireland, Italy, Norway, Spain, Sweden, ICO, EDPB, EDPS, EC.

Oct 26, 2025

The Coordinated Supervision Committee (CSC)

members – 2 min read

EU Entry Exit System took effect on 12 Oct – EDPS press release 24 Oct | The CSC brings together DPAs and the EDPS to coordinate supervision of large-scale IT systems (e.g. IMI, Europol, SIS, Eurojust) and EU bodies under the EUDPR or relevant EU laws.

Oct 24, 2025

The DPO role: Key resources

members – 3 min read

🇧🇷 Interesting DPO survey highlighting familiar challenges | 🇪🇸 Andalusia DPA in June: DPOs in public sector can't also be infosec officer | 🇱🇹 2025 DPO guide | 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Oct 23, 2025

Norway DPA fines Grindr NOK 65 million

members – 3 min read

The Borgarting Court of Appeal has upheld the record NOK 65m (~€5.6m) fine! It can still be appealed to the Supreme Court – we’ll know in about a month.

Oct 21, 2025

CJEU C-621/22 KNLTB (legitimate interests) 4 Oct 2024

members – 4 min read

[update] Article 6(1)(f) allows disclosure for a commercial interest if the processing is *strictly* necessary and not outweighed by the interests, rights or freedoms of the data subjects. The interest doesn't have to be determined by law, but it must be lawful. And CJEU nudges consent again.

Oct 21, 2025

EDPB Support Pool of Experts (SPE) projects

members – 6 min read

Latest: The Digital Euro and its token-based offline modality (Oct) | AI and Data Protection Training curriculum (Jun) | An overview of SPE projects.

Oct 21, 2025

'Pay or OK' – 'Consent or Pay' resources

members – 4 min read

ICO shares guidance for the public | EDPB to discuss "draft 'Consent or Pay' guidelines" on 7 Oct | Dutch court orders Meta to change Facebook and Instagram timeline settings (DSA) |🇬🇧 ICO on Meta ads model | 🇦🇹 Court rules newspaper's Pay or OK model not OK – likely heading for a CJEU referral next

Oct 20, 2025

EDPB meeting minutes 8 Jul 2025

members – 2 min read

Oct 17, 2025

Events 2025

members – 5 min read

Up next: 🇬🇧 Privacy Space 🇧🇪 IAPP 🇬🇧 WI Data Protection Conference 🇳🇴 Personvernkonferansen 🇳🇱 AI Supervisory Congress 🇸🇪 IMY DPO "conference" (=3-hour webinar)

Oct 17, 2025

EDPB CEF: Coordinated Enforcement Framework

members – 2 min read

2026 topic: 📝 transparency & information | 2025 report due in "months" | The EDPB created the CEF initiative under its 2021-2023 Strategy to enhance enforcement and strengthen cooperation among DPAs. Each year, they collectively choose a priority enforcement topic for coordinated (voluntary) action.

Oct 15, 2025

DPIAs: Key resources

members – 5 min read

Data Protection Impact Assessments (DPIAs) key resources v1 – starting with every DPA's website!

Oct 12, 2025