Edps

The EU Court of Justice Clarifies the Limits of Pseudonymization: Data Remains Personal for Those Who Hold the Key The EDPS/SRB Case: When Pseudonymized Opinions Remain Personal Data The recent Judgment of the Court of Justice of the European Union (First Chamber) of 4 September 2025 in the Case C-413/23 P of 4 September 2025 provides essential clarifications on the nature of pseudonymized data and transparency obligations for data controllers, with significant implications for anyone managing data sharing processes with third parties. ...

🚨 NEW EDPB-EDPS Joint Opinion on SME Record-Keeping Simplification On 9 July 2025, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) released their Joint Opinion 01/2025 on the proposed regulation to simplify record-keeping obligations for small and medium-sized enterprises (SMEs) and small mid-cap companies (SMCs). 🎯 Key Highlights: Extended threshold: The proposal would raise the employee threshold from 250 to 750 employees for record-keeping exemptions under Art. 30(5) GDPR Broader scope: SMCs (small mid-cap companies) would also benefit from simplified obligations Risk-based approach maintained: High-risk processing activities would still require full compliance regardless of company size Administrative burden reduction: Aims to provide greater flexibility for smaller organizations while maintaining data protection standards 💡 EDPB-EDPS Position: The authorities express preliminary support for this targeted simplification initiative, welcoming the risk-based approach that ensures fundamental rights protection remains intact. However, they’ve requested further clarification on the new 750-employee threshold and recommend better alignment with the newly introduced SME/SMC definitions. ...

EDPS Model