resource - DPO Hub

The DPO role: Article 37(1)(b)

members – 5 min read

10 Oct: Estonia's thresholds for 'large-scale' (5k, 10k, 50k) | Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?

Oct 10, 2025

AI (Act) resources

members – 20 min read

🔥 EC launches AI Act Service Desk | Master's Thesis on legitimate interest for AI training | ICO shares their Internal AI Use Policy | CNIL partners with research institute Inria | Commission draft guidance & serious AI incidents reporting template – feedback wanted ⏰ 7 Nov

Oct 9, 2025

National DPA news

members – 5 min read

ICO shares Internal AI Use Policy | 🇮🇪 DPC fines TikTok €530 million over China transfers [added 1-pager] | 🇮🇪 'Short Guide to Digital Regulation', clarifying common queries in the digital regulation space in Ireland | Appointing a former Meta lobbyist as 🇮🇪 Commissioner stirs controversy

Oct 5, 2025

Privacy, data protection & security legal landscape

members – 6 min read

ePrivacy rumors discussed in Politico article | 12 Sep: Data Act applies | 'Age Verification Blueprint' testing in 🇩🇰🇫🇷🇬🇷🇮🇹🇪🇸 | Digital Fairness Act public consultation till 9 Oct

Sep 25, 2025

Your OSS for the EU-US DPF

public – 7 min read

EDPS opines on EU-US data exchanges for security screenings and identity verifications | The General Court dismissed Latombe's action for annulment – and the EU-US DPF is safe for now.

Sep 23, 2025

The DPO role: Key resources

members – 3 min read

Latest: 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Aug 25, 2025

CNIL shares transfer impact assessment (TIA) practical template

members – 2 min read

NB: On 9 July, CNIL appears to have updated the webpage with that date, though there don’t seem to be any actual changes – and the PDFs are still from January. Either way, here’s a quick reminder! 💬 "CNIL TIA template is one of the best templates available to the public!"

Jul 22, 2025

EDPB Support Pool of Experts (SPE) projects

members – 5 min read

An overview of SPE projects. Latest: AI and Data Protection Training curriculum (Jun) | AI Privacy Risks and Mitigations LLMs (Apr) | AI: Complex Algorithms and effective Data Protection Supervision + OSS Case Digest: Right of access (Jan)

Jun 8, 2025

Data breaches

members – 2 min read

Latest: Started to add DPA resources, including France with new practical guides for the education sector and Denmark with finalised guide. Upcoming topic page for breaches, prompted by EDPB's recent summary document.

May 20, 2025

Lawfulness: Consent

members – 6 min read

Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).

Mar 17, 2025

Lawfulness: Legitimate interests

members – 2 min read

v1 of the legitimate interest topic page is ready, with key resources, CJEU rulings and DPA guidance - though only from ICO, CNIL, Datatilsynet and IMY. Have anything to share from your country? Submit your contribution and earn a gold star!

Mar 6, 2025

Rights: Access (DSAR, Right of access)

members – 3 min read

[Latest: C-203/22 Dun & Bradstreet, updated elements table.] Got a DSAR? Start here for all things right of access: Article 15 elements table, DSAR flowchart and key CJEU rulings.

Feb 28, 2025