GDPR Q&A

GDPR kérdezz-felelek / GDPR Q&A


Amendment of the Hungarian data protection act due to the GDPR

2018. július 17. - Kovacs Zoltan Balazs

Amendment of the Hungarian data protection act due to the GDPR In the Act no. XIII of 2018, which entered into force on 30 June 2018, the Hungarian lawmaker designated the National Data Protection and Freedom of Information Authority (NAIH) as the authority in charge of the enforcement of the GDPR.…

Tovább

What is it that Hungary can do for SMEs?

What is it that Hungary can do for SMEs? In Hungary, 99.8% of the undertakings qualify as SMEs. This blog post addresses the issue of whether these companies may be fined under the GDPR for first time violations. It also addresses the interesting issue of whether the GDPR allows Member States  to…

Tovább

Will the GDPR be enforced from 25 May?

Will the GDPR be enforced from 25 May? The GDPR became effective on 25 May 2016 and there has been a two-year period for the entities to prepare for the new set of rules and bring their data processing practices in line with the new regime. EU Member States have equivalently had two years to pass…

Tovább

Possible legal bases for data processing under the GDPR

Possible legal bases for data processing under the GDPR The GDPR contains all the possible bases for data processing activities. Article 6 of the GDPR contains six possible legal bases for processing personal data other than those belonging to the special categories of personal data (e.g. health,…

Tovább

Banana peels on the mine field - even small and medium-scale enterprises may be heavily fined!

Banana peels on the mine field - even small and medium-scale enterprises may be heavily fined! You must have heard of the EU's general data protection regulation (GDPR), the fact that the new rules will be applicable from 25 May 2018, that failure to comply with such new rules may result in a fine…

Tovább

Mega fines by data protection authorities

Mega fines by data protection authorities The strict rules of the EU’s general data protection regulation (GDPR) will apply in all Member States of the EU as from 25 May and entities carrying out data processing activities – which fail to comply with the rules of the GDPR – may face serious…

Tovább

The right to data portability

The right to data portability The GDPR introduces the notion of data portability and contains rules on when data subjects are entitled to exercise such a right. The Article 29 Data Protection Working Party (WP29) issued guidelines on the right to data portability on 13 December 2016 (WP242)…

Tovább

Fine and other sanctions

Sanctions under the GDPR, the administrative fine According to the GDPR, supervisory authorities may adopt various sanctions against and impose an administrative fine on non-compliant entities. The Article 29 Data Protection Working Party (WP29) issued guidelines on the application and setting of…

Tovább

The data protection impact assessment (DPIA) II (Consultation with the data subjects and the DPA)

The data protection impact assessment (DPIA) II (Consultation with the data subjects and the DPA) The GDPR contains rules on when controllers are required to prepare a data protection impact assessment (DPIA), when they have to seek the views of data subjects or their representatives on the…

Tovább

Swiss insurance companies and genetic data

Swiss insurance companies show growing interest in genetic data A lawmaker’s current initiative in Switzerland on the required disclosure of genetics tests to insurance companies is raising a number of moral, legal and philosophical issues. If passed, the law would give a green light for insurance…

Tovább