Rie Aleksandra - DPO Hub (Page 2)

AI (Act) resources

members – 11 min read

Mar 16, 2025

CJEU C-247/23 Deldits 13 Mar 2025

members – 1 min read

A Member State can't, under any circumstances, require a data subject to provide proof of gender reassignment surgery to exercise their right to rectification. However, they may need to provide relevant and sufficient evidence reasonably needed to show that the data is inaccurate.

Mar 13, 2025

CJEU C‑829/24 Commission v Hungary 12 Feb 2025 Order

members – 1 min read

The CJEU fast-tracks a case against Hungary where the European Commission claims violations of multiple EU laws, including the GDPR Articles 5, 6, 9 and 10.

Mar 13, 2025

Personal data breaches

members – 2 min read

Upcoming topic page for breaches, prompted by EDPB's recent summary document.

Mar 13, 2025

EDPB meeting agendas and minutes

members – 3 min read

13 March agenda: Nothing noteworthy (🇸🇪 Alfa Laval BCRs, updating BCRs approval procedure, PNR Directive ↔ CJEU ruling Ligue des droits humains, external experts use annual report, AI Enforcement (formerly 'ChatGPT') task force request for mandate, new EDPB visual identity)

Mar 13, 2025

Your OSS for the EDPB

members – 2 min read

Overview page for all things EDPB: Documents (Guidelines on consultation or done, Opinions, Recommendations etc.), Members, Meetings, Strategy & Work Programmes, CEF, SPE, OSS, Art. 65 Binding Decisions, WP29, CSC etc. All and newest versions, always at your fingertips!

Mar 12, 2025

🚨 CJEU C-203/22 Dun & Bradstreet Austria 27 Feb 2025

members – 4 min read

[Updated 10 March with Rie's POV] You must clearly explain actual procedures and principles applied in ADM and if you claim information contains protected data or trade secrets, you must provide it to the DPA or court, which'll balance rights and interests and determine the extent of a DSAR.

Mar 10, 2025

Your OSS for the EU-US DPF

public – 7 min read

Time for an exit strategy? Must-read US transfer guidance from Datatilsynet (x2) and IMY. And we're discussing EEA alternatives in the Community. February update: Microsoft "completes EU Data Boundary".

Mar 8, 2025

Lawfulness: Legitimate interests

members – 2 min read

v1 of the legitimate interest topic page is ready, with key resources, CJEU rulings and DPA guidance - though only from ICO, CNIL, Datatilsynet and IMY. Have anything to share from your country? Submit your contribution and earn a gold star!

Mar 6, 2025

EDPB CEF 2025: Right to erasure (right to be forgotten)

members – 2 min read

Updated 5 Mar 2025: Press release announcing the formal launch. The right to erasure is one of the most frequently exercised GDPR rights and a major source of DPA complaints. This CEF action aims to assess how controllers have implemented it in practice.

Mar 5, 2025

CJEU C-638/23 Amt der Tiroler Landesregierung 27 Feb 2025

members – 2 min read

An entity without legal personality can be a controller if it can fulfil those obligations and national law at least implicitly defines the processing scope; it doesn’t need to precisely specify processing activities or purpose.

Mar 3, 2025

Rights: Access (DSAR, Right of access)

members – 3 min read

[Latest: C-203/22 Dun & Bradstreet, updated elements table.] Got a DSAR? Start here for all things right of access: Article 15 elements table, DSAR flowchart and key CJEU rulings.

Feb 28, 2025