EDPB - DPO Hub (Page 4)

EDPB Guidelines 1/2024 Legitimate interests (public consultation)

members – 4 min read

The EDPB's recent new legitimate interest guidelines are on public consultation until 20 Nov 2024. Initial analysis: 📝 Document, document, document.

Oct 28, 2024

EDPB Opinion 22/2024: obligations when relying on (sub-)processors

members – 8 min read

📚 You must list all (sub-sub-sub-sub...)processors (name, address, contact person, processing activity, roles & responsibilities) and always verify they've provided 'sufficient guarantees'—though the extent might vary based on risk—also for onwards transfers.

Oct 22, 2024

EDPB Guidelines 2/2023 Technical Scope of Art. 5(3) ePrivacy Directive

members – 1 min read

Likely one of the EDPB’s most controversial documents to date, though the sub-processor Opinion will definitely give it strong competition for first place!

Oct 16, 2024

EDPB meeting minutes 17 Sep 2024

members – 1 min read

New 💸 fines guidelines coming at the end of 2025. Plus, an exciting Support Pool of Experts legal report on 'the extra-territorial enforcement of the GDPR' is coming soon.

Oct 15, 2024

EDPB Strategy 2024-2027 and Work Programmes

members – 3 min read

New comparison table for their three Work Programmes. Check out which documents have just disappeared! 🧐

Oct 11, 2024

🚨 EDPB: (sub-)processor Opinion, legitimate interest Guidelines, draft enforcement regulation Statement, 2024-2025 work programme

members – 1 min read

Controllers should keep identity of *all* processors and sub-processors "readily available at all times" and their obligation to verify (sub-)processors' ‘sufficient guarantees’ should apply regardless of the risk. The EDPB also shares legitimate interest Guidelines for public consultation and more.

Oct 9, 2024

EDPB meeting minutes 16 July 2024

members – 2 min read

Systems overload! Is the EDPB taking on too much?

Oct 3, 2024

EDPB meeting minutes 18-19 June 2024

members – 2 min read

Noteworthy points on involving others (earlier) in their work, opinions vs. guidelines, the political ads Regulation, and 🇸🇪 Supreme Admin. Court CJEU request regarding Art. 13-14 and camera surveillance.

Jul 28, 2024

EDPB Guidelines 1/2022 Right of access

members – 3 min read

A snapshot of the EDPB Guidelines dealing with DSARs: Brief overview, key points, and some advice for data protection pros.

Jul 19, 2024

EDPB press release: DPAs AI Act role, EU-US DPF FAQs, new European Data Protection Seal

members – 1 min read

EDPB opines that DPAs should be designated AI Act MSAs, adopted 🇪🇺-🇺🇸 DPF FAQs for individuals and businesses, and an opinion approving the EuroPriSe Criteria Catalogue for certifying processors' processing activities, resulting in a European Data Protection Seal.

Jul 17, 2024

Right to object and right to erasure: insights from OSS decisions

members – 2 min read

EDPB SPE project: Article 60 One-Stop-Shop thematic case digest analysing Articles 17 and 21. Key takeaway: Create, document, implement and control policies and procedures, including complaints management. PS: The 'data subject journey' is your secret weapon!

Jul 9, 2024

EDPB meeting minutes 23 May 2024

members – 1 min read

Noteworthy points on both EUC and Microsoft appealing the EDPS decision, next steps for the Consent or Pay guidelines, and AI Act national competent authorities.

Jun 27, 2024