And sometimes you urgently need help with a case (because that appeal period is running out...).
🤝 Curated GDPR content for law firms
Even with in-house departments and staff assigned to monitor changes, GDPR practitioners find it impossible to keep up, be it in a law firm, consulting house or even a data protection authority (who are notoriously understaffed).
Sometimes you need specific insights for a certain case, either for inspiration or to back up your arguments when you're helping a client who's in a DPA audit process.
❌ Unfortunately, some DPAs take their assessments and decisions too far, interpreting the law (too) rigorously. Do you know when this happens? Can you find the right cases to argue your case?
Too often I've seen law firms referencing completely irrelevant cases in their responses (on behalf of their clients) to the DPAs. That doesn't only come off as inept - it can directly damage your client's case.
It's not only a time-saver to involve someone with vast experience with the above, but a new - and perhaps different (challenging) - perspective can be highly valuable (directly so if you get help finding that particular case that can help you argue your case convincingly).
Anyone providing GDPR advice should have extensive practical, hands-on experience with implementing the actual legal requirements.
- digging through business operations and involving people from all departments to fill out ROPAs, conduct risk assessments and DPIAs, Article 5 checks, assess territorial scope, joint vs sole controllership, if a DPO is really required, write privacy notices...
But that's just the starting point.
🧯 With the fire-hose of constant regulatory changes, GDPR practitioners are overwhelmed and it often feels impossible to keep up.
Not only are there numerous DPA decisions and court rulings from across the EEA (~2,500 in the GDPRhub so far!), the EDPB and EDPS regularly publish new guidance, opinions, recommendations and studies and the CJEU is busy like never before.
Not to mention all the new relevant EU regulations, acts and directives (ePrivacy, DSA, DMA, AI, clinical trials, marketing etc.). And that's only from inside of Europe - if you run global operations you also have CCPA, PIPL, PDPA, LGPD etc. to account for...
After sharing actively on LinkedIn for the past years, my peers tell me that they appreciate my curated content of both big news and interesting tid-bits from across the EEA.
I deep-dive into CJEU rulings, EDPB and EDPS documents, DPA decisions and court rulings, including having translated nearly 70 cases for the GDPRhub on a volunteer basis since 2020 (and regularly do grumpy podcasts about these).
Combined with my practical, hands-on experience having worked directly with close to 100 organizations with all aspects of the GDPR including managing large implementation projects for higher education institutions - I'm confident I have valuable experiences to share with you:
🤝 DPO Mentor or Sparring Partner (for the seasoned practitioner)
Some reach out to me to help their newly appointed DPO get up to speed quickly. Having someone trustworthy to discuss confidential matters with, can accelerate a DPO's journey significantly.
Even seasoned practitioners get GDPR stuck. Despite having all the facts and relevant information at hand, you can find yourself going over the same issue again and again (and again!), unsure about your conclusion.
Any GDPR assessment can be tricky: of territorial or material scope, of applicable roles (joint or sole controller? processor?), risks and DPIA, legitimate interest... Even just a fresh perspective here can help you land your conclusion.
Regardless of your experience, having that confidant can be crucial - not only for that assessment, but your self-confidence and personal growth.
If you're GDPR stuck, need more information or a new perspective, or someone to help you accelerate your DPO journey - get in touch today.