GDPR

Adatvédelem mindenkinek / Data protection for everyone


Joint controllers in the GDPR

2018. május 08. 13:00 - poklaszlo

The data controller is a central player in data protection regulation. The data controller is the one who determines the purposes and means of data processing and makes substantive decisions about the data processing activities. However, the data controller can not only act independently of a given…

Tovább

Best practice recommendations from WP29 to comply with the GDPR

2018. március 19. 11:00 - poklaszlo

Article 29 Working Party (WP29) has published several guidelines under the GDPR and such guidelines contain recommendations regarding best practices that are regarded by the authorities as compliant with the requirements of the GDPR. In this post, I have collected such recommendations. 

Tovább

Pseudonymisation and anonymisation in the GDPR

2018. február 26. 13:00 - poklaszlo

Data protection rules such as the EU's new General Data Protection Regulation (GDPR) apply to personal data. But what does personal data mean? According to the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable…

Tovább

What are the binding corporate rules (BCRs)?

2018. február 12. 13:30 - poklaszlo

In connection with the operation of a group of companies, there is a very frequent need to transfer personal data within the company group, even when some of the group companies operate outside the EU. In cases where certain members of a group of companies operate in third countries for which there…

Tovább

Setting of administrative fines based on the General Data Protection Regulation II

2017. december 15. 14:30 - poklaszlo

Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679 (GDPR) were published at the end of October by the Article 29 Working Party (WP 29). In my previous post, I have outlined the principles set out in the Guidelines. In this post, I give a…

Tovább

Setting of administrative fines based on the General Data Protection Regulation I.

2017. november 17. 14:00 - poklaszlo

Overview of the WP29 Guidelines on Administrative Fines

The high amount of the administrative fine, which can reach a maximum amount of EUR 20 million or, in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, makes it extremely important for data controllers and data processors to be prepared for…

Tovább

How to handle personal data breaches under the GDPR?

2017. szeptember 12. 11:30 - poklaszlo

The concept of personal data breaches was not introduced by the GDPR, but the GDPR contains a number of provisions relating to personal data breaches that data controllers (and processors) must also be aware of. What is a personal data breach? The concept of personal data breaches is closely…

Tovább

The Swiss Army Knife of Data Protection – The consent

2017. július 19. 13:30 - poklaszlo

Many data controllers consider consent as the primary or preferred legal basis for data processing. Although in many cases it would be justified to use another legal basis instead of the consent, data controllers often obtain consents from the data subjects. Not only data controllers have this…

Tovább