Privacy, data protection & security legal landscape
members
–
7 min read
"But wait, there's more..." Is the EU really living up to its simplification promises? Added the Commission's work program for 2026, and links to 'Cloud and AI development Act' + 'Quantum Act'.
EDPB Support Pool of Experts (SPE) projects
members
–
6 min read
Latest: Legitimate interest OSS case digest.
AI (Act) resources
members
–
24 min read
Check out the NIST AI Risk Management Framework (linked under 'Various updates/resources') | 🔥 Council agrees Omnibus VII position to streamline certain AI rules. Next up: negotiations with the European Parliament.
Lawfulness: Legitimate interests
members
–
3 min read
17 Mar 2026: 🇳🇴 Datatilsynet with updated legitimate interest guidance. Could this mean the final EDPB Guidelines 1/2024 is just around the corner?
Personal data breaches – in practice
members
–
2 min read
A breach happens. What now? When are you "aware", how do you assess the risk – and who do you need to notify? 📝 Homework: download the revised breach flowchart, tailor it to your organisation and ensure you have a step-by-step process in place.
Data breaches
members
–
3 min read
🇳🇴 DPA with significant breach page change | Upcoming topic page for breaches, prompted by EDPB's summary document. Links so far: Denmark, Finland, France, Greece, Ireland, Italy, Norway, Spain, Sweden, ICO, EDPB, EDPS, EC.
National DPA news
members
–
6 min read
🇳🇴 Datatilsynet initiates comprehensive audit of every municipality's security measures.
Your OSS for the EU-US DPF
public
–
8 min read
EDPB shares updated DFP docs – added nuance on transfer of HR Data.
The DPO role: Key resources
members
–
3 min read
🇧🇷 Interesting DPO survey highlighting familiar challenges | 🇪🇸 Andalusia DPA in June: DPOs in public sector can't also be infosec officer | 🇱🇹 2025 DPO guide | 🇳🇴 New DPO podcast series | Key DPO role resources: CJEU, EDPB, DPAs, EDPS, GDPR commentaries and more
The DPO role: Article 37(1)(b)
members
–
5 min read
10 Oct: Estonia's thresholds for 'large-scale' (5k, 10k, 50k) | Breaking down Article 37(1)(b) key terms: 'core activities', 'regular', 'systematic', 'monitoring' and 'large scale'. And what should you do if you're still unsure whether you need to appoint a DPO? Appoint one voluntarily?
CNIL shares transfer impact assessment (TIA) practical template
members
–
2 min read
NB: On 9 July, CNIL appears to have updated the webpage with that date, though there don’t seem to be any actual changes – and the PDFs are still from January. Either way, here’s a quick reminder! 💬 "CNIL TIA template is one of the best templates available to the public!"