Privacy, data protection & security legal landscape
members
–
7 min read
Council reaches CSAM position and adopts new GDPR procedural (enforcement) rules
AI (Act) resources
members
–
22 min read
Digital Omnibus on AI Regulation Proposal published! | 🇬🇬 ODPA with practical 10-step AI guidance | EDPS EUDPR guide: AI Systems Risk Management
National DPA news (2025)
members
–
5 min read
🇬🇬 ODPA: practical 10-step AI guidance | 🇩🇪 Hessen DPA greenlights M365! | 🇭🇷 DPA fines telecoms operator €4.5m | 🇪🇸 Encryption guide for freelancers + YouTube series | 🇳🇴 Credit agencies audit | 🇫🇷 survey Monetizing personal data | 🇳🇱 DPAg tips after five major service provider cyber attacks
Data breaches
members
–
2 min read
🇳🇴 DPA with significant breach page change | Upcoming topic page for breaches, prompted by EDPB's summary document. Links so far: Denmark, Finland, France, Greece, Ireland, Italy, Norway, Spain, Sweden, ICO, EDPB, EDPS, EC.
The DPO role: Key resources
members
–
3 min read
🇧🇷 Interesting DPO survey highlighting familiar challenges | 🇪🇸 Andalusia DPA in June: DPOs in public sector can't also be infosec officer | 🇱🇹 2025 DPO guide | 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more
EDPB Support Pool of Experts (SPE) projects
members
–
6 min read
Latest: The Digital Euro and its token-based offline modality (Oct) | AI and Data Protection Training curriculum (Jun) | An overview of SPE projects.
DPIAs: Key resources
members
–
5 min read
Data Protection Impact Assessments (DPIAs) key resources v1 – starting with every DPA's website!
The DPO role: Article 37(1)(b)
members
–
5 min read
10 Oct: Estonia's thresholds for 'large-scale' (5k, 10k, 50k) | Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?
Your OSS for the EU-US DPF
public
–
7 min read
EDPS opines on EU-US data exchanges for security screenings and identity verifications | The General Court dismissed Latombe's action for annulment – and the EU-US DPF is safe for now.
CNIL shares transfer impact assessment (TIA) practical template
members
–
2 min read
NB: On 9 July, CNIL appears to have updated the webpage with that date, though there don’t seem to be any actual changes – and the PDFs are still from January. Either way, here’s a quick reminder! 💬 "CNIL TIA template is one of the best templates available to the public!"
Lawfulness: Consent
members
–
6 min read
Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).
Lawfulness: Legitimate interests
members
–
2 min read
v1 of the legitimate interest topic page is ready, with key resources, CJEU rulings and DPA guidance - though only from ICO, CNIL, Datatilsynet and IMY. Have anything to share from your country? Submit your contribution and earn a gold star!