resource - DPO Hub

Data breaches

members – 2 min read

🇳🇴 DPA with significant breach page change | Upcoming topic page for breaches, prompted by EDPB's summary document. Links so far: Denmark, Finland, France, Greece, Ireland, Italy, Norway, Spain, Sweden, ICO, EDPB, EDPS, EC.

Oct 26, 2025

National DPA news (2025)

members – 5 min read

🇳🇴 DPA changes breach guidance (must-read!) | 🇳🇱 DPA fines Experian €2.7m | 🇬🇧 ICO fines Capita (sep. writeup) | 🇦🇹 DPA: Microsoft unlawfully tracks students in 365 Education | 🇬🇧 ICO shares Internal AI Use Policy | 🇮🇪 DPC fines TikTok €530 million over China transfers

Oct 25, 2025

Privacy, data protection & security legal landscape

members – 6 min read

GDPR Procedural Regulation: EP voted in favor, next up: Council's 1st reading | 12 Sep: Data Act applies | 'Age Verification Blueprint' testing in 🇩🇰🇫🇷🇬🇷🇮🇹🇪🇸

Oct 23, 2025

The DPO role: Key resources

members – 3 min read

🇧🇷 Interesting DPO survey highlighting familiar challenges | 🇪🇸 Andalusia DPA in June: DPOs in public sector can't also be infosec officer | 🇱🇹 2025 DPO guide | 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Oct 23, 2025

EDPB Support Pool of Experts (SPE) projects

members – 6 min read

Latest: The Digital Euro and its token-based offline modality (Oct) | AI and Data Protection Training curriculum (Jun) | An overview of SPE projects.

Oct 21, 2025

DPIAs: Key resources

members – 5 min read

Data Protection Impact Assessments (DPIAs) key resources v1 – starting with every DPA's website!

Oct 12, 2025

The DPO role: Article 37(1)(b)

members – 5 min read

10 Oct: Estonia's thresholds for 'large-scale' (5k, 10k, 50k) | Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?

Oct 10, 2025

AI (Act) resources

members – 20 min read

🔥 EC launches AI Act Service Desk | Master's Thesis on legitimate interest for AI training | ICO shares their Internal AI Use Policy | CNIL partners with research institute Inria | Commission draft guidance & serious AI incidents reporting template – feedback wanted ⏰ 7 Nov

Oct 9, 2025

Your OSS for the EU-US DPF

public – 7 min read

EDPS opines on EU-US data exchanges for security screenings and identity verifications | The General Court dismissed Latombe's action for annulment – and the EU-US DPF is safe for now.

Sep 23, 2025

CNIL shares transfer impact assessment (TIA) practical template

members – 2 min read

NB: On 9 July, CNIL appears to have updated the webpage with that date, though there don’t seem to be any actual changes – and the PDFs are still from January. Either way, here’s a quick reminder! 💬 "CNIL TIA template is one of the best templates available to the public!"

Jul 22, 2025

Lawfulness: Consent

members – 6 min read

Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).

Mar 17, 2025

Lawfulness: Legitimate interests

members – 2 min read

v1 of the legitimate interest topic page is ready, with key resources, CJEU rulings and DPA guidance - though only from ICO, CNIL, Datatilsynet and IMY. Have anything to share from your country? Submit your contribution and earn a gold star!

Mar 6, 2025