Rie Aleksandra - DPO Hub (Page 2)

GDPR 2.0 - Digital Omnibus

members – 24 min read

26 Feb: Simpler GDPR life for SMEs & SMCs moves forward! | 11 Feb: EDPB & EDPS Joint Opinion ready! | Digital Omnibus: COM's proposal to simplify AI, cybersecurity and (personal) data rules to "save businesses up to €5bn by 2029".

Feb 27, 2026

EDPB CEF 2025: Right to erasure (right to be forgotten)

members – 4 min read

💡 Should-read key takeaways for controllers from the final report. And do we need to sift through back-ups when we get an erasure request..?

Feb 22, 2026

EDPB Guidelines 1/2025 Pseudonymisation (public consultation)

members – 2 min read

New report from the Dec 2025 stakeholder event | EDPB hotly debated pseudonymisation guidelines – still in the works.

Feb 18, 2026

EDPB CEF: Coordinated Enforcement Framework

members – 2 min read

2025 report ready | 2026 topic: 📝 transparency & information | The EDPB created the CEF initiative under its 2021-2023 Strategy to enhance enforcement and strengthen cooperation among DPAs. Each year, they collectively choose a priority enforcement topic for coordinated (voluntary) action.

Feb 18, 2026

Denmark Google Workspace for Education Chromebook case (Helsingørgate)

members – 12 min read

[12 Feb: 🇩🇰 DPA webinar coming up!] [29 Jan: 🇩🇰 DPA applies dreaded EDPB Opinion and signal enforcement change. Must-read for 🇩🇰 folks but crucial to everyone using 🇺🇸 processors] Datatilsynet's landmark decision of 2022 to ban certain use of Google products and US transfers.

Feb 13, 2026

National DPA news

members – 6 min read

🇳🇴 Datatilsynet initiates comprehensive audit of every municipality's security measures.

Jan 28, 2026

Adequacy decisions

members – 4 min read

On 26 Jan, 🇪🇺🇧🇷 COM & Brazil adopted mutual adequacy decisions, allowing businesses, public authorities and researchers to freely exchange data.

Jan 27, 2026

noyb 🇦🇹 DPA Microsoft 365 Education complaints

members – 2 min read

[update – another win!] In 2024, noyb lodged two complaints against Microsoft's 365 Education platform on 1) lack of transparency and insufficient information, and 2) invasive and illegal cookie tracking of kids in schools. The Austrian DPA sided with noyb in both cases.

Jan 27, 2026

Your OSS for the EU-US DPF

public – 8 min read

EDPB shares updated DFP docs – added nuance on transfer of HR Data.

Jan 26, 2026

CJEU C-413/23 P EDPS v SRB (Concept of personal data) 4 Sep 2025 – Case closed!

members – 6 min read

Pseudonymised data isn’t always personal in every case to everyone – but measures must be effective. Comments are personal by nature – no need to assess content, purpose or effects. Whether a person can be identified must be assessed from the controller’s perspective, when collecting the data.

Jan 26, 2026

CJEU C-604/22 IAB Europe TC String 7 Mar 2024

members – 6 min read

[9 Jan: DPA must reassess] GDPR definitions are broad: information = personal data if someone can be identified using third-party data. Joint controllership doesn’t automatically cover further processing, but you are one if you set binding rules and jointly decide purposes and means.

Jan 23, 2026

DPO Hub 2.0 from 1 April

members – 3 min read

NB! If you'd like to keep access and get the 💰 Founding rate from 1 April, reply to my email. You can still purchase access later, though at a different rate. DPO Hub runs as normal until 31 March and then your subscription ends automatically. If you pre-paid for longer, you'll be refunded pro rata.

Jan 19, 2026