Data Protection News Roundup: May 12, 2025

EDPB and EDPS Collaboration on GDPR Record-Keeping Simplification

As a data protection officer, staying current with the latest developments is crucial. Here’s a timely blog idea based on today’s data protection landscape:

The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) have recently adopted a joint letter addressed to the European Commission regarding the simplification of record-keeping obligations under the GDPR. This development, announced just a few days ago on May 8th, 2025, represents a significant potential shift in compliance requirements that could affect organizations across Europe.

The letter responds to the Commission’s May 6th communication outlining intended modifications to Article 30(5) of the GDPR. While the EDPB and EDPS have expressed preliminary support for this targeted simplification initiative, they’ve requested further evaluation of the impact on affected organizations.

Specifically, they’ve asked the Commission to assess whether the draft proposal ensures a proportionate and fair balance between data protection and the interests of organizations with fewer than 500 employees. This suggests the changes may primarily benefit small to medium-sized enterprises, potentially reducing their administrative burden while maintaining core GDPR protections.

EDPB Approves Blockchain Data Rules

In addition to the record-keeping simplification, the EDPB has approved draft rules governing personal data storage and sharing on blockchains. This approval marks a significant step forward in integrating blockchain technology with data protection regulations.

The new rules aim to address the unique challenges posed by blockchain’s decentralized nature, ensuring that personal data stored on blockchains complies with GDPR requirements. Key considerations include the immutability of blockchain records and the need for data minimization and purpose limitation.

Organizations utilizing blockchain technology must now ensure that their systems are designed to allow for the erasure or anonymization of personal data when necessary, despite the inherent permanence of blockchain entries. This may involve implementing off-chain solutions or other technical measures to comply with GDPR’s “right to be forgotten.”

These developments could have significant implications for industries relying on blockchain, such as finance, supply chain, and healthcare, where data integrity and security are paramount.

Additional Recent Developments Worth Noting

In your blog, you might also mention that DeepSeek is currently under scrutiny by the Italian Data Protection Authority, and Amazon’s substantial €746 million fine has been confirmed in Luxembourg. Additionally, the EDPB has approved draft rules governing personal data storage and sharing on blockchains, which could have significant implications for organizations utilizing blockchain technology.

This blog could provide valuable insights for data protection professionals navigating the evolving regulatory landscape, particularly those working with smaller organizations that might benefit from the proposed record-keeping simplifications.

Other links on the web

• Data Protection Update May 2025
• Simplification of Record-Keeping Obligation: EDPB and EDPS Adopt Letter to EU Commission
• Data Privacy News for May 2025
• Data Protection Notice: CMS Change Management Interviews May 2025
• 2025 State Privacy Laws: What Businesses Need to Know for Compliance