CNIL Annual Report: 2025 Fines and Sanctions

The CNIL reported imposing €486.8 million in fines and 83 sanctions in 2025, primarily for violations related to cookies, employee monitoring, and data security. The report details 143 compliance orders and 31 reminders of legal obligations issued during the year.

EDPB Guidelines on Article 48 GDPR

The European Data Protection Board (EDPB) has published final guidelines on Article 48 of the GDPR, concerning the recognition of judgments and decisions of public authorities of third countries. These guidelines clarify the conditions under which such judgments can be relied upon for international data transfers.

EDPB Consultation on DSA and GDPR Interplay Guidelines

The European Data Protection Board (EDPB) has opened a public consultation on its draft Guidelines 3/2025 concerning the interplay between the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). The consultation period is open until October 31, 2025.

EDPB Joint Guidelines on DMA and GDPR Public Consultation

The European Data Protection Board (EDPB) and the European Commission have opened a public consultation on their Joint Guidelines concerning the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR). Interested parties are invited to submit comments by December 4, 2025.

EDPB GDPR Compliance Templates Consultation

The European Data Protection Board (EDPB) has launched a public consultation to gather ideas for developing ready-to-use GDPR compliance templates for organizations. The consultation seeks input on the most useful template types and closes on December 3, 2025.

EDPB Consultation on User Accounts for E-commerce Websites

The European Data Protection Board (EDPB) has launched a public consultation on its Recommendations 2/2025 concerning the legal basis for requiring user accounts on e-commerce websites. The consultation is open for comments until February 12, 2026.

EDPB Public Consultation on Processor Binding Corporate Rules

The European Data Protection Board (EDPB) has launched a public consultation on its Recommendations 1/2026 concerning Processor Binding Corporate Rules. The consultation is open until March 2, 2026, and aims to gather feedback on the application, elements, and principles for these rules under GDPR.

Guidance on Reporting Scams Pretending to be Companies House

Companies House has published guidance on how to report scams that impersonate the agency. The guidance details how to identify and report suspicious phone calls and emails, providing examples of known scam tactics.

Companies House Transition Plan for Economic Crime Act

Companies House has published an outline transition plan for the Economic Crime and Corporate Transparency Act 2023. The plan details the indicative timeline for commencing key provisions, with updates indicating potential postponements for certain measures to prioritize identity verification and stakeholder feedback.

Companies House Identity Verification Legal Requirement

Companies House has issued guidance stating that identity verification for directors and persons with significant control will become a legal requirement from November 18, 2025. This marks the start of a 12-month transition period for companies to comply.