resource - DPO Hub

National DPA news

members – 3 min read

Latest: 🇫🇷 & partners launch AI model audit tool project | 🇬🇷 annual report | 🇸🇪 IMY tasked with health data role | 🇬🇧 Data (Use and Access) Act (DUAA) receives Royal Assent – see ICO's resource page for all details | 🇳🇴 Web tracking audit = sanctions & NOK 250k fine + DPO survey is ready

Jun 30, 2025

AI (Act) resources

members – 15 min read

Latest: 🇫🇷 Legitimate interest recommendation for dev. AI systems | 🇪🇸 AI mustn't interpret your objection | 🇪🇺 EC seeks experts for AI Scientific Panel | 🇪🇺 Joint Research Centre GenAI study | 🇪🇺 EP updated AI Act implementation timeline

Jun 23, 2025

The DPO role: Key resources

members – 3 min read

Latest: 🇳🇴 DPA regularly runs new DPO intro courses and has a dedicated 'DPO strategy' | 🇳🇱 Several DPO-specific initiatives | 🇩🇰 Big revamp of DPO resources with extensive FAQ, video podcast with several DPOs, and more | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Jun 19, 2025

Privacy, data protection & security legal landscape

members – 5 min read

Latest: 🇪🇺 EP & Council agrees on GDPR cross-border enforcement Regulation | Political ads Regulation new feedback round till 25 Jun | Commission DMA-fines Apple and Meta | The Council adopts the European Health Data Space

Jun 18, 2025

EDPB Support Pool of Experts (SPE) projects

members – 5 min read

An overview of SPE projects. Latest: AI and Data Protection Training curriculum (Jun) | AI Privacy Risks and Mitigations LLMs (Apr) | AI: Complex Algorithms and effective Data Protection Supervision + OSS Case Digest: Right of access (Jan)

Jun 8, 2025

Data breaches

members – 2 min read

Latest: Started to add DPA resources, including France with new practical guides for the education sector and Denmark with finalised guide. Upcoming topic page for breaches, prompted by EDPB's recent summary document.

May 20, 2025

The DPO role: Article 37(1)(b)

members – 5 min read

Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?

May 10, 2025

Lawfulness: Consent

members – 6 min read

Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).

Mar 17, 2025

Your OSS for the EU-US DPF

public – 7 min read

Time for an exit strategy? Must-read US transfer guidance from Datatilsynet (x2) and IMY. And we're discussing EEA alternatives in the Community. February update: Microsoft "completes EU Data Boundary".

Mar 8, 2025

Lawfulness: Legitimate interests

members – 2 min read

v1 of the legitimate interest topic page is ready, with key resources, CJEU rulings and DPA guidance - though only from ICO, CNIL, Datatilsynet and IMY. Have anything to share from your country? Submit your contribution and earn a gold star!

Mar 6, 2025

Rights: Access (DSAR, Right of access)

members – 3 min read

[Latest: C-203/22 Dun & Bradstreet, updated elements table.] Got a DSAR? Start here for all things right of access: Article 15 elements table, DSAR flowchart and key CJEU rulings.

Feb 28, 2025

Dealing with access requests in practice

members – 3 min read

Recommendations on how to deal with the Right of access - DSARs - in practice (with grumpy DSARs checklist).

Feb 18, 2025