An overview of SPE projects. Latest: AI and Data Protection Training curriculum (Jun) | AI Privacy Risks and Mitigations LLMs (Apr) | AI: Complex Algorithms and effective Data Protection Supervision + OSS Case Digest: Right of access (Jan)
Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?
After initially flagging a potential NOK 99m (~€8.3m) fine, Datatilsynet fined Telenor ASA NOK 4m (~€351,000) for failing to properly assess and document the DPO role – particularly around independence, potential conflicts of interest and a direct reporting line to top management.
🚨 My final writeup of the EDPB's CEF DPO report, which you shouldn't spend time on unless you have time to spare or are simply burning with curiosity! PS: We just released our Grumpy GDPR episode on this.