SypherPrivacyTalks - May 2025 - Week 22
by Sypher | Published in News - May 26, 2025
The General Data Protection Regulation (GDPR) is seven years old on 25 May 2025, and it's still evolving.This article is dedicated to this special milestone.
Notes from the IAPP Europe: It's a GDPR week
☝️On GDPR’s 7 year anniversary week, this article analyses two important aspects and developments in GDPR:
The European Commission’s proposal for GDPR simplifications as part of a broader plan to ease compliance for SMEs. This move signals a more pragmatic approach to enforcement. More clarity is expected later this year, as the digital omnibus package is due to cover additional topics like AI, cybersecurity reporting, and data sharing.
Meanwhile, negotiations on the GDPR procedural regulation, aimed at streamlining cross-border enforcement, are still stalled… read more
EU digital advertising: IAB Europe and the allocation of liabilities for the TCF
hoganlovells.com • 10 min read
💡This article provides a comprehensive analysis of the Belgian Market Court's ruling on IAB Europe's role in the Transparency and Consent Framework (TCF) and its implications for the digital advertising ecosystem. It covers the background to the ruling, explains what the TCF is and how it functions, and outlines the six-year legal saga that led to the judgment. It also details the court’s key findings on joint controllership, GDPR infringements and the scope of IAB Europe’s responsibilities. Finally, it assesses the impact of the ruling on compliance, the future of the TCF and any remaining potential legal challenges… read more
GDPR 2025: Romanian companies fined over €230,000 in just four months
💶 Between January and April 2025, Romania’s data protection authority (ANSPDCP) issued GDPR fines totaling €230,500 following 153 investigations sparked by over 3,000 complaints and breach notifications. Most of these were related to data disclosure, video surveillance, and unsolicited messages. This total amount is significantly higher than the equivalent of the past years… read more (article in Romanian).
CEO as Data Protection Officer? Expect a hefty fine
🕵️♂️This article examines the increasing scrutiny of the independence of Data Protection Officers (DPOs) within the EU, focusing on why appointing executives such as CEOs, CMOs or IT leads often violates the GDPR. Drawing on recent decisions from Austria, Belgium, Germany and France, as well as findings from the European Data Protection Board (EDPB), it highlights how overlapping responsibilities can create serious conflicts of interest. It also outlines the key independence requirements under the GDPR.… read more
A company was fined €12,000 for GDPR breaches reported by other EU countries
💶 A Romanian market research company, Data Diggers Market Research SRL, was fined €12,000 by Romania's Data Protection Authority (ANSPDCP) for GDPR violations committed in other EU countries.
The investigation was triggered by complaints filed with data protection authorities in two other EU member states. As the company is headquartered in Romania, the ANSPDCP led the cross-border investigation under GDPR rules. The fines were imposed for failing to provide data subjects with full information when they exercised their right of access, for not supplying mandatory details during initial contact, and for not demonstrating a legal basis for processing personal data.…read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Image source: iStock
