Rie Aleksandra - DPO Hub (Page 4)

The Coordinated Supervision Committee (CSC)

members – 2 min read

EU Entry Exit System took effect on 12 Oct – EDPS press release 24 Oct | The CSC brings together DPAs and the EDPS to coordinate supervision of large-scale IT systems (e.g. IMI, Europol, SIS, Eurojust) and EU bodies under the EUDPR or relevant EU laws.

Oct 24, 2025

The DPO role: Key resources

members – 3 min read

🇧🇷 Interesting DPO survey highlighting familiar challenges | 🇪🇸 Andalusia DPA in June: DPOs in public sector can't also be infosec officer | 🇱🇹 2025 DPO guide | 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Oct 23, 2025

EDPB Support Pool of Experts (SPE) projects

members – 6 min read

Latest: The Digital Euro and its token-based offline modality (Oct) | AI and Data Protection Training curriculum (Jun) | An overview of SPE projects.

Oct 21, 2025

EDPB meeting minutes 8 Jul 2025

members – 2 min read

Oct 17, 2025

DPIAs: Key resources

members – 5 min read

Data Protection Impact Assessments (DPIAs) key resources v1 – starting with every DPA's website!

Oct 12, 2025

UK ICO fines Clearview AI €8.9m and orders stop in processing

members – 2 min read

And on 8 Oct 2025, the 🇬🇧 Upper Tribunal (appeal court) upheld three of Information Commissioner’s four grounds of appeal, sending the case back to the lower appeal court.

Oct 12, 2025

The DPO role: Article 37(1)(b)

members – 5 min read

10 Oct: Estonia's thresholds for 'large-scale' (5k, 10k, 50k) | Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?

Oct 10, 2025

CJEU T-384/20 RENV OC v Commission (C-479/22 P)

members – 4 min read

🔥 Update: After the CJEU sent the case back, the General Court has ordered the European Commission to pay a Greek scientist €50,000 for unlawfully processing her personal data in a press release, causing reputational, career and health-related harm.

Oct 7, 2025

Norway DPA fines the Labour and Welfare Administration (NAV) NOK 20 million

members – 6 min read

[updated] After the Privacy Appeals Board overturned substantial parts of the DPA's decision against the Labour and Welfare Administration (NAV), including the record NOK 20 million fine, the DPA has decided to reassess the case.

Oct 1, 2025

Norway DPA fines Telenor ASA NOK 4 million for DPO violations

members – 9 min read

[updated] After initially flagging a potential NOK 99m (~€8.3m) fine, Datatilsynet fined Telenor ASA NOK 4m (~€351,000) for failing to properly assess and document the DPO role (independence, conflicts of interest, reporting lines) – the case is now with the 🇳🇴 Privacy Appeals Board.

Sep 29, 2025

CJEU C-199/24 Legal Newsdesk Sweden 4 Sep 2025 AG Opinion

members – 3 min read

AG Szpunar: National law can’t make defamation the only remedy if criminal conviction data are published online for payment. Publishing conviction records online for payment, without any processing or editing, isn’t processing for journalistic purposes.

Sep 16, 2025

CJEU C-655/23 Quirin Privatbank 4 Sep 2025

members – 3 min read

GDPR offers no judicial remedy outside erasure requests to stop future unlawful processing, but Member States may. Non-material damage covers negative feelings – if proven. A controller’s fault doesn’t affect compensation, and a court order banning repeat GDPR violations can’t reduce or replace it.

Sep 7, 2025