In light of the recent CJEU ruling in SRB v. EDPS (Case C-413/23 P, 4 September 2025), organisations can no longer rely on a blanket “absolute” view of pseudonymised data. The Court has confirmed that whether data qualifies as personal or not depends on the recipient’s context and the realistic means available for re-identification.
To help Data Protection Officers, compliance teams, and legal professionals apply this decision in practice, we’ve prepared a clear and actionable operational checklist.
👉 Download the checklist now to ensure your assessments are defensible and fully aligned with the CJEU’s guidance.