National DPA news
members
–
4 min read
Latest: Not-so-new 🇬🇧 encryption guidance (#IAPPfail) | New 🇨🇿 Cybersecurity Act | Annual reports: 🇮🇸
AI (Act) resources
members
–
17 min read
Latest: 🇳🇱 AI Act Guide (in 🇬🇧) | 🇩🇪 DPAs protest proposal to move AI oversight | Commission seeks feedback on AI dynamics, fairness and contestability in DMA review | Commission & AI Board confirms GPAI Code of Practice can demonstrate compliance (and see combined PDFs)
The DPO role: Key resources
members
–
3 min read
Latest: 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more
Privacy, data protection & security legal landscape
members
–
6 min read
Latest: 'Age Verification Blueprint' testing in 🇩🇰🇫🇷🇬🇷🇮🇹🇪🇸 | Digital Fairness Act public consultation till 9 Oct | EP & Council agrees on GDPR cross-border enforcement Regulation
CNIL shares transfer impact assessment (TIA) practical template
members
–
2 min read
NB: On 9 July, CNIL appears to have updated the webpage with that date, though there don’t seem to be any actual changes – and the PDFs are still from January. Either way, here’s a quick reminder! 💬 "CNIL TIA template is one of the best templates available to the public!"
EDPB Support Pool of Experts (SPE) projects
members
–
5 min read
An overview of SPE projects. Latest: AI and Data Protection Training curriculum (Jun) | AI Privacy Risks and Mitigations LLMs (Apr) | AI: Complex Algorithms and effective Data Protection Supervision + OSS Case Digest: Right of access (Jan)
Data breaches
members
–
2 min read
Latest: Started to add DPA resources, including France with new practical guides for the education sector and Denmark with finalised guide. Upcoming topic page for breaches, prompted by EDPB's recent summary document.
The DPO role: Article 37(1)(b)
members
–
5 min read
Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?
Lawfulness: Consent
members
–
6 min read
Latest update: Luxembourg DPA with updated guidance. Start here for all things consent: when to rely on and not, practical tips and key resources (GDPR, DPD, CFR, OECD, CJEU rulings and EDPB guidance).
Your OSS for the EU-US DPF
public
–
7 min read
On 3 Sep 2025, the General Court dismissed Latombe's action for annulment – and the EU-US DPF is safe for now. Expect an appeal, though!
Lawfulness: Legitimate interests
members
–
2 min read
v1 of the legitimate interest topic page is ready, with key resources, CJEU rulings and DPA guidance - though only from ICO, CNIL, Datatilsynet and IMY. Have anything to share from your country? Submit your contribution and earn a gold star!
Rights: Access (DSAR, Right of access)
members
–
3 min read
[Latest: C-203/22 Dun & Bradstreet, updated elements table.] Got a DSAR? Start here for all things right of access: Article 15 elements table, DSAR flowchart and key CJEU rulings.