Rie Aleksandra - DPO Hub (Page 4)

EDPB CEF 2025: Right to erasure (right to be forgotten)

members – 2 min read

Updated 5 Mar 2025: Press release announcing the formal launch. The right to erasure is one of the most frequently exercised GDPR rights and a major source of DPA complaints. This CEF action aims to assess how controllers have implemented it in practice.

Mar 5, 2025

CJEU C-638/23 Amt der Tiroler Landesregierung 27 Feb 2025

members – 2 min read

An entity without legal personality can be a controller if it can fulfil those obligations and national law at least implicitly defines the processing scope; it doesn’t need to precisely specify processing activities or purpose.

Mar 3, 2025

Rights: Access (DSAR, Right of access)

members – 3 min read

[Latest: C-203/22 Dun & Bradstreet, updated elements table.] Got a DSAR? Start here for all things right of access: Article 15 elements table, DSAR flowchart and key CJEU rulings.

Feb 28, 2025

The Coordinated Supervision Committee (CSC)

members – 2 min read

New Activities report (likely irrelevant for most). The CSC brings together DPAs and the EDPS to coordinate supervision of large-scale IT systems (e.g. IMI, Europol, SIS, Eurojust) and EU bodies under the EUDPR or relevant EU laws.

Feb 21, 2025

Member memos

members – 33 min read

Important update: Member memos have moved to the NoTies Community. If you’re not a member yet, reply to the last email update to request an invite, as the link isn’t shared publicly.

Feb 20, 2025

Dealing with access requests in practice

members – 3 min read

Recommendations on how to deal with the Right of access - DSARs - in practice (with grumpy DSARs checklist).

Feb 18, 2025

EDPB meeting minutes 16 jan 2025

members – 1 min read

Anonymisation Guidelines coming (no date yet), Revised DPO Guidelines due Q2 2026, IAB Europe TC String 🇧🇪 national ruling due 19 March, New Support Pool of Experts report: AI bias and data subjects’ rights.

Feb 18, 2025

EDPB meeting minutes 17 Dec 2024

members – 1 min read

No big news - summary of their AI models Opinion discussion (where, interestingly, one EU member voted against adoption). You can safely skip this update.

Feb 18, 2025

Sweden DPA: DPIA practical guidance

members – 1 min read

IMY has shared a DPIA guide, primarily for those with little or no experience. It sets out a clear 10-step process for conducting an "acceptable" DPIA, to be used alone or with their templates. Grab the documents here (Swedish and DeepL translation).

Feb 17, 2025

EDPB Guidelines 1/2025 Pseudonymisation (public consultation)

members – 1 min read

The EDPB's recently shared pseudonymisation guidelines are on public consultation until 28 Feb. Today they've also shared a handy diagram.

Feb 14, 2025

CJEU C-383/23 ILVA (GDPR fine) 13 Feb 2025

members – 3 min read

When fining a controller in a corporate group, DPAs must base the maximum fine on the *group’s* total worldwide turnover from the previous business year. A crucial ruling for anyone in a company group – here's also text you can copy for an email to your Management/Board.

Feb 13, 2025

EDPB press release: AI enforcement task force, age assurance and WADA recommendations

members – 1 min read

EDPB sets up an AI enforcement task force with a "quick response team" and adopts recommendations for WADA's 2027 World Anti-Doping Code, along with a statement on age assurance.

Feb 13, 2025