Resolutions of the Hungarian data protection authority imposing fines under the GDPR (21 June 2019) Below you will find a brief summary of the resolutions of the data protection authority uploaded on their website up until today imposing a fine under the GDPR. 1. Failure to facilitate the exercise…

New Hungarian data protection fines The Hungarian Data Protection and Freedom of Information Authority (NAIH) has published new resolutions imposing fines. A summary of the resolutions follows below. 1. Text messages sent to wrong phone number A bank (the data controller) sent payment notice…

The first Hungarian GDPR fine A few days ago, the Hungarian data protection authority published its first resolution which imposes a GDPR fine (in the amount of HUF 1 million) on a data controller. According to the facts as contained in the resolution, the data subject wished to exercise his right…

Processing of biometric data by employer 1. Is it possible to process biometric data based on the employee's consent? Depending on the circumstances, yes. In relationships of strong dependency, the data subject's consent may typically not serve as a valid legal basis for data processing.…

Record data protection fine imposed by the French Data Protection Authority The French Data Protection Authority (the CNIL) has imposed the highest data protection fine in history, an amount of EUR 50 million against Google for GDPR violations concerning individuals using Android-operated smart…

Data processing activities subject to data protection impact assessment The Hungarian data protection authority (NAIH) has published on its website a list of data processing activities where data controllers must prepare a data protection impact assessment (DPIA). The list is not exhaustive but may…

First GDPR fines Austria Based on the GDPR, the Austrian data protection authority imposed a fine on an undertaking which had installed a surveillance camera in a way that it also made records of a public sidewalk and failed to give proper prior information to the data subjects about the camera's…

Fine imposed on pharma company The National Data Protection and Freedom of Information Authority (DPA) has recently published on its website a decision imposing a fine on a pharma company. The date of the decision is 23 May 2018 and a summary of the decision follows below. The DPA imposed a fine…

Published data protection fines The National Data Protection and Freedom of Information Authority (DPA) has recently published on its website certain resolutions imposing a fine. A summary of such resolutions follows below. The DPA issued the fines under the rules effective prior to 25 May 2018 and…

Second-round amendment of the Information Act The Act no. XIII of 2018, which entered into force on 30 June 2018, the Hungarian lawmaker designated the National Data Protection and Freedom of Information Authority (NAIH) as the authority in charge of the enforcement of the GDPR. In addition to the…