Over the past year, we have seen the Data Protection Commission ("DPC") impose a number of significant fines on companies for infringing their GDPR obligations, including breach of the security, transparency and lawful basis requirements. We have also seen scrutiny at both national and EU level, in relation to when organisations can validly invoke legitimate interests as a legal basis, including its applicability when processing personal data for AI purposes. In this regard, we have seen the recent publication of the EDPB's Article 64(2) GDPR Opinion on AI models, which provides some further clarity on this matter.
At our recent hybrid event, we discussed these developments, as well as the other key data protection headlines from 2024. We also considered some of the priority compliance challenges for companies in 2025, particularly in light of the interplay of the GDPR with new EU digital and cybersecurity legislation, such as the Artificial Intelligence Act, NIS 2, DORA, the Digital Markets Act, and Digital Services Act.
We were delighted to be joined by Deputy Data Protection Commissioner, David Murphy who shared some of his insights as well as priorities for 2025 for the DPC.
