DPO

ITALY: Personal data anonymization and the risk of the DPO being an executor

By Giulio Coraggio on July 31, 2025

Posted in Data Protection Officers, EU privacy, General Data Protection Regulation, Privacy Law

The Italian Data Protection Authority’s recent decision provided guidance on the true meaning of personal data anonymization and the crucial distinction between the DPO as a monitor – not an executor. In a world driven by AI and public surveillance, both concepts are more relevant than ever.

On April 10, 2025, the Garante issued a…

CHINA: DPOs must be registered before 29 August 2025

By Carolyn Bigg & Amanda Ge on July 21, 2025

Posted in Data Protection Officers, Privacy Law

While appointing and registering a DPO has been mandatory in China for many years, a portal has now finally been established for organisations to register those DPOs with the China data protection authority. This resolves long-standing uncertainty over how DPOs must be registered, and over relevant qualifications and location of the DPO. The deadline for…

Malaysia: Guidelines Issued on Data Breach Notification and Data Protection Officer Appointment

By Carolyn Bigg & Qiuyang Zhao on March 4, 2025

Posted in Data Protection Officers, Data security and breaches, New laws, Privacy Law

Following Malaysia’s introduction of data breach notification and data protection officer (“DPO”) appointment requirements in last year’s significant amendments to the Personal Data Protection Act (“PDPA”) (click here for our summary), the Personal Data Protection Commissioner of Malaysia (“Commissioner”) recently released guidelines that flesh out such requirements, titled the…

Europe: EDPB coordinated enforcement action identifies areas of improvement to promote the role and recognition of DPOs

By Anna Rivera & Rachel de Souza on January 30, 2024

Posted in Uncategorized

Background

March 2023 saw the launch of the European Data Protection Board’s (EDPB’s) second coordinated enforcement action (CEF 2023), which focused on the designation and position of Data Protection Officers (DPOs). Data Protection Authorities (DPAs) across the EEA have launched coordinated investigations into this topic. In particular…

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

By divyashanmugathas on March 20, 2023

Posted in General Data Protection Regulation

Authors: Denise Lebeau-Marianna, Divya Shanmugathas and Lucie Dubecq-Princeteau

On 15 March 2023, the French Supervisory Authority (the “CNIL”) unveiled in a post its four key priorities regarding its upcoming investigations for 2023 targeting specific sectors (I), to which it added another topic related to DPO in line with the coordinated enforcement framework of…

Continue Reading France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!