GDPR Q&A

GDPR kérdezz-felelek / GDPR Q&A


Processing of biometric data by employer

2019. február 04. - Kovacs Zoltan Balazs

Processing of biometric data by employer 1. Is it possible to process biometric data based on the employee's consent? Depending on the circumstances, yes. In relationships of strong dependency, the data subject's consent may typically not serve as a valid legal basis for data processing.…

Tovább

Record data protection fine imposed by the French Data Protection Authority

Record data protection fine imposed by the French Data Protection Authority The French Data Protection Authority (the CNIL) has imposed the highest data protection fine in history, an amount of EUR 50 million against Google for GDPR violations concerning individuals using Android-operated smart…

Tovább

Black list of data processing activities (Hungary)

Data processing activities subject to data protection impact assessment The Hungarian data protection authority (NAIH) has published on its website a list of data processing activities where data controllers must prepare a data protection impact assessment (DPIA). The list is not exhaustive but may…

Tovább

First GDPR fines

First GDPR fines Austria Based on the GDPR, the Austrian data protection authority imposed a fine on an undertaking which had installed a surveillance camera in a way that it also made records of a public sidewalk and failed to give proper prior information to the data subjects about the camera's…

Tovább

Fine imposed on pharma company

Fine imposed on pharma company The National Data Protection and Freedom of Information Authority (DPA) has recently published on its website a decision imposing a fine on a pharma company. The date of the decision is 23 May 2018 and a summary of the decision follows below. The DPA imposed a fine…

Tovább

Published data protection fines

Published data protection fines The National Data Protection and Freedom of Information Authority (DPA) has recently published on its website certain resolutions imposing a fine. A summary of such resolutions follows below. The DPA issued the fines under the rules effective prior to 25 May 2018 and…

Tovább

Second-round amendment of the Information Act

Second-round amendment of the Information Act The Act no. XIII of 2018, which entered into force on 30 June 2018, the Hungarian lawmaker designated the National Data Protection and Freedom of Information Authority (NAIH) as the authority in charge of the enforcement of the GDPR. In addition to the…

Tovább

Amendment of the Hungarian data protection act due to the GDPR

Amendment of the Hungarian data protection act due to the GDPR In the Act no. XIII of 2018, which entered into force on 30 June 2018, the Hungarian lawmaker designated the National Data Protection and Freedom of Information Authority (NAIH) as the authority in charge of the enforcement of the GDPR.…

Tovább

What is it that Hungary can do for SMEs?

What is it that Hungary can do for SMEs? In Hungary, 99.8% of the undertakings qualify as SMEs. This blog post addresses the issue of whether these companies may be fined under the GDPR for first time violations. It also addresses the interesting issue of whether the GDPR allows Member States  to…

Tovább

Will the GDPR be enforced from 25 May?

Will the GDPR be enforced from 25 May? The GDPR became effective on 25 May 2016 and there has been a two-year period for the entities to prepare for the new set of rules and bring their data processing practices in line with the new regime. EU Member States have equivalently had two years to pass…

Tovább