Rie Aleksandra - DPO Hub (Page 3)

Binding Corporate Rules (BCRs)

members – 1 min read

The EDPB has updated the cooperation procedure for BCR approvals, detailing the roles of lead DPAs, review phases and the EDPB’s opinion process. 💡 This document replaces WP263rev.01.

Mar 20, 2025

Adequacy decisions

members – 1 min read

The Commission proposes to extend the UK's adequacy decisions until 27 December to allow time to complete the legislative process. Next up is EDPB's review. Also, EU and Japan open adequacy extension talks.

Mar 19, 2025

CJEU GC EUDPR T‑354/22 Bindl v Commission 8 Jan 2025

members – 2 min read

Latest: The case has been appealed! The CJEU's General Court orders the European Commission to pay €400 in non-material damages for US transfers made in March 2022, when no adequacy decision or alternative safeguard was in place.

Mar 19, 2025

New SCCs on public consultation

members – 1 min read

Latest: The public consultations for new SCCs (third-country importers directly subject to the GDPR), announced in Sep 2024, are delayed from Q2 to Q3 2025. 🤔

Mar 19, 2025

Lawfulness: Consent

members – 6 min read

Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).

Mar 17, 2025

CJEU C-247/23 Deldits 13 Mar 2025

members – 2 min read

A Member State can't, under any circumstances, require a data subject to provide proof of gender reassignment surgery to exercise their right to rectification. However, they may need to provide relevant and sufficient evidence reasonably needed to show that the data is inaccurate.

Mar 13, 2025

CJEU C‑829/24 Commission v Hungary 12 Feb 2025 Order

members – 1 min read

The CJEU fast-tracks a case against Hungary where the European Commission claims violations of multiple EU laws, including the GDPR Articles 5, 6, 9 and 10.

Mar 13, 2025

Personal data breaches

members – 2 min read

Upcoming topic page for breaches, prompted by EDPB's recent summary document.

Mar 13, 2025

Your OSS for the EDPB

members – 2 min read

Overview page for all things EDPB: Documents (Guidelines on consultation or done, Opinions, Recommendations etc.), Members, Meetings, Strategy & Work Programmes, CEF, SPE, OSS, Art. 65 Binding Decisions, WP29, CSC etc. All and newest versions, always at your fingertips!

Mar 12, 2025

CJEU C-203/22 Dun & Bradstreet Austria 27 Feb 2025

members – 4 min read

You must clearly explain actual procedures and principles applied in ADM and if you claim information contains protected data or trade secrets, you must provide it to the DPA or court, which'll balance rights and interests and determine the extent of a DSAR.

Mar 10, 2025

Your OSS for the EU-US DPF

public – 7 min read

Time for an exit strategy? Must-read US transfer guidance from Datatilsynet (x2) and IMY. And we're discussing EEA alternatives in the Community. February update: Microsoft "completes EU Data Boundary".

Mar 8, 2025

Lawfulness: Legitimate interests

members – 2 min read

v1 of the legitimate interest topic page is ready, with key resources, CJEU rulings and DPA guidance - though only from ICO, CNIL, Datatilsynet and IMY. Have anything to share from your country? Submit your contribution and earn a gold star!

Mar 6, 2025