resource - DPO Hub

Privacy, data protection & security legal landscape

members – 7 min read

"But wait, there's more..." Is the EU really living up to its simplification promises? Added the Commission's work program for 2026, and links to 'Cloud and AI development Act' + 'Quantum Act'.

Mar 30, 2026

EDPB Support Pool of Experts (SPE) projects

members – 6 min read

Latest: Legitimate interest OSS case digest.

Mar 30, 2026

AI (Act) resources

members – 24 min read

Check out the NIST AI Risk Management Framework (linked under 'Various updates/resources') | 🔥 Council agrees Omnibus VII position to streamline certain AI rules. Next up: negotiations with the European Parliament.

Mar 28, 2026

Lawfulness: Legitimate interests

members – 3 min read

17 Mar 2026: 🇳🇴 Datatilsynet with updated legitimate interest guidance. Could this mean the final EDPB Guidelines 1/2024 is just around the corner?

Mar 18, 2026

Personal data breaches – in practice

members – 2 min read

A breach happens. What now? When are you "aware", how do you assess the risk – and who do you need to notify? 📝 Homework: download the revised breach flowchart, tailor it to your organisation and ensure you have a step-by-step process in place.

Mar 8, 2026

Data breaches

members – 3 min read

🇳🇴 DPA with significant breach page change | Upcoming topic page for breaches, prompted by EDPB's summary document. Links so far: Denmark, Finland, France, Greece, Ireland, Italy, Norway, Spain, Sweden, ICO, EDPB, EDPS, EC.

Mar 1, 2026

National DPA news

members – 6 min read

🇳🇴 Datatilsynet initiates comprehensive audit of every municipality's security measures.

Jan 28, 2026

Your OSS for the EU-US DPF

public – 8 min read

EDPB shares updated DFP docs – added nuance on transfer of HR Data.

Jan 26, 2026

The DPO role: Key resources

members – 3 min read

🇧🇷 Interesting DPO survey highlighting familiar challenges | 🇪🇸 Andalusia DPA in June: DPOs in public sector can't also be infosec officer | 🇱🇹 2025 DPO guide | 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more

Oct 23, 2025

DPIAs: Key resources

members – 5 min read

Data Protection Impact Assessments (DPIAs) key resources v1 – starting with every DPA's website!

Oct 12, 2025

The DPO role: Article 37(1)(b)

members – 5 min read

10 Oct: Estonia's thresholds for 'large-scale' (5k, 10k, 50k) | Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?

Oct 10, 2025

CNIL shares transfer impact assessment (TIA) practical template

members – 2 min read

NB: On 9 July, CNIL appears to have updated the webpage with that date, though there don’t seem to be any actual changes – and the PDFs are still from January. Either way, here’s a quick reminder! 💬 "CNIL TIA template is one of the best templates available to the public!"

Jul 22, 2025