Governance in Action: Latest on GDPR, fines, AI regulation, and DUAA

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

Beyond GDPR: Building resilient data governance ecosystems

dilitrust.com • 5 min read

🛡️ A shift beyond GDPR is underway, with data governance evolving into a broader resilience challenge—encompassing data loss prevention, protection of sensitive information, and robust access controls as core responsibilities for compliance and risk leaders… read more

Italy fines Intesa Sanpaolo 18 Million Euros for illicit processing of customer data

globalbankingandfinance.com • 2 min read

💶 Italy’s data protection authority has fined Intesa Sanpaolo €18 million, highlighting the risks that inadequate transparency, flawed profiling practices and poor customer communication can pose to organisations in terms of GDPR enforcement… read more

👉 Related: Another Romanian company fined thousands of euros following a hacking incident (article in Romanian)

The latest on the Digital Omnibus on AI

lewissilkin.com • 4 min read

🏛️ EU policymakers appear to agree on key amendments to the AI Act, indicating stricter requirements for the governance of high-risk AI, data usage standards and accountability. However, some controversial issues remain to be resolved in the upcoming trilogue negotiations… read more

👉 Related from McKinsey & Company: Ushering in a new era of trusted AI — Artificial intelligence will compel organizations to elevate their compliance. Six levers hold the key.

DUUA: Preparing for the new data protection complaints handling rules

burges-salmon.com • 6 min read

💡 The Data (Use and Access) Act 2025 (“DUUA”) introduces mandatory procedures for handling data protection complaints. Organisations must implement formal, auditable processes and train staff, as well as maintain records. This strengthens governance and accountability around individuals’ rights over their personal data… read more (Part 3 of the series)

👉 See also Part 1 on the most important implications of DUAA on international transfers and Part 2 to learn about the new rules around automated decision-making by the same author.

Data Centres: EU consults on Regulation for rating sustainability

arthurcox.com • 3 min read

🔄 The European Commission’s proposed sustainability rating scheme for data centres signals growing regulatory scrutiny over energy efficiency and transparency, with new reporting and labelling requirements set to impact operators’ governance and compliance frameworks… read more

--

Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.