Gdpr

🚨 NEW EDPB-EDPS Joint Opinion on SME Record-Keeping Simplification On 9 July 2025, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) released their Joint Opinion 01/2025 on the proposed regulation to simplify record-keeping obligations for small and medium-sized enterprises (SMEs) and small mid-cap companies (SMCs). 🎯 Key Highlights: Extended threshold: The proposal would raise the employee threshold from 250 to 750 employees for record-keeping exemptions under Art. 30(5) GDPR Broader scope: SMCs (small mid-cap companies) would also benefit from simplified obligations Risk-based approach maintained: High-risk processing activities would still require full compliance regardless of company size Administrative burden reduction: Aims to provide greater flexibility for smaller organizations while maintaining data protection standards 💡 EDPB-EDPS Position: The authorities express preliminary support for this targeted simplification initiative, welcoming the risk-based approach that ensures fundamental rights protection remains intact. However, they’ve requested further clarification on the new 750-employee threshold and recommend better alignment with the newly introduced SME/SMC definitions. ...

An online social network such as Facebook cannot use all of the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data.

The online sale of pharmacy-only medicinal products requires the explicit consent of the customer to the processing of his or her data, even where those medicinal products do not require a prescription.

Personal data protection: the supervisory authority is not obliged to exercise a corrective power in all cases of breach and, in particular, to impose a fine

EDPS Model

The second report on the application of the General Data Protection Regulation (GDPR)

List of the key adopted and published documents by the European Data Protection Board - EDPB

Some considerations to bear in mind and on which to ponder.

Foto di Pavan Trikutam Previous Next     / [pdf] View the PDF file here. The subject is pretty challenging indeed, considering that the EU proposal on the e-Privacy regulation is under the Institutions’ attention and not defined yet. I created a map consisting of eight sections, where I included all (I hope) the issues related to the proposal on the ePrivacy Regulation, and I will comment on it in each Section. ...

The content of this post is available in PDF for download here: 1. Chronology of events During the last month, i.e. since the focus has increased on the incidence of the COVID-19 pandemic with respect to personal data protection, we have witnessed the publication of the following main measures issued by some institutional bodies: ...