Rie Aleksandra - DPO Hub (Page 3)

The DPO role: Article 37(1)(b)

members – 5 min read

Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?

May 10, 2025

EDPB meeting minutes 8 Apr 2025

members – 1 min read

🇪🇺 Commission gave an update on the EU-US DPF: EO 14086 is still "fully in place" and they'll only continue to "monitor the situation" for now | Little else particularly newsworthy so feel free to skip this read if you already read the agenda

May 9, 2025

🚨 EDPB & EDPS joint letter to the Commission on proposal to simplify ROPA requirements

members –

EDPB & EDPS jointly – positively – responded to the European Commission’s letter proposing to simplify the Article 30 ROPA requirement for SMCs and non-profits with fewer than 500 employees and a “certain annual turnover”, deleting certain references and adding in 'high' risk.

May 8, 2025

CJEU C-313/23 Inspektorat kam Visshia sadeben savet 30 Apr 2025

members – 3 min read

That a court authorises personal data disclosure to another judicial body qualifies as processing under the GDPR – but it doesn’t make the court a controller or a DPA, and it’s not required to ensure compliance unless an Article 79(1) action is brought before it.

May 6, 2025

'Pay or OK' – 'Consent or Pay' resources

members – 2 min read

Updated this post to gather some of the Consent or Pay resources while we wait for the EDPB's Guidelines!

Apr 30, 2025

EDPB meeting minutes 13 Mar 2025

members – 2 min read

Upcoming guidelines: political advertising Regulation | 🇺🇸 MoU on "Defending American Companies ... Overseas Extortion and Unfair Fines" (confidential discussion) | SoMe platforms disinformation & halted fact-checking | CJEU Russmedia + Dun & Bradstreet | Generative AI Enforcement taskforce

Apr 23, 2025

EDPB Guidelines 2/2025 Blockchain (public consultation)

members – 1 min read

New EDPB Guidelines are now open for public consultation (until 9 June) on processing of personal data through blockchain technologies.

Apr 14, 2025

EDPB meeting minutes 11 Feb 2025

members – 2 min read

Skip reading this if you already read the 12 Feb press release. Commission’s watching EU-US DPF “with interest” (but no more info). ChatGPT taskforce now “Generative AI Enforcement”, will cover DeepSeek. Second LED report due May 2026. Three new CSC databases.

Apr 11, 2025

EDPB subgroups and taskforces

members – 4 min read

Guidance, opinions, decisions, statements and letters are prepared in subgroups or taskforces. Here's the overview!

Apr 11, 2025

CJEU C-710/23 Ministerstvo zdravotnictvi 3 Apr 2025

members – 3 min read

GDPR still applies when acting on behalf of a legal person. Plus, major implications for 🇨🇿 Czech – and potentially other – public bodies handling FOI requests: you may need to consult data subjects before disclosure, and even if that's impossible, you must still balance FOI with data protection.

Apr 11, 2025

Norway DPA with new cookie ePrivacy guidance

members – 1 min read

If you're based in Norway, this is a must-read!

Apr 3, 2025

ICO Anonymisation and pseudonymisation guidance

members – 2 min read

The UK ICO has published its updated anonymisation and pseudonymisation guidance – grab the PDF here. And please tell them we want the RSS feeds back.

Mar 30, 2025