A bill regarding the amendment of the Hungarian Data Protection Act was submitted to the Hungarian Parliament on June 19. The bill aims at the implementation of Directive 2016/680 and the amendment of the Hungarian Data Protection Act regarding the application of the General Data Protection…

Below, you can find a collection of national laws that are necessary for the enforcement of the GDPR. (Last updated on 28.09.2018.) If you need information regarding the status of the implementation in the EU Member States or look for some background information in connection with the implemenation…

The data controller is a central player in data protection regulation. The data controller is the one who determines the purposes and means of data processing and makes substantive decisions about the data processing activities. However, the data controller can not only act independently of a given…

The preparations for the application of the GDPR have come to its final phase, since the Regulation is directly applicable in all EU Member States from May 25. Despite the fact that the Regulation will soon become part of the daily practice, there are still many misunderstandings and myths…

The General Data Protection Regulation (GDPR) is applicable from May 25, 2018 and, for this purpose, many data controllers must perform a data protection impact assessment (DPIA).  The obligation to perform a data protection impact assessment connects closely to the principles of data protection…

Article 29 Working Party (WP29) has published several guidelines under the GDPR and such guidelines contain recommendations regarding best practices that are regarded by the authorities as compliant with the requirements of the GDPR. In this post, I have collected such recommendations. 

Data protection rules such as the EU's new General Data Protection Regulation (GDPR) apply to personal data. But what does personal data mean? According to the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable…

In connection with the operation of a group of companies, there is a very frequent need to transfer personal data within the company group, even when some of the group companies operate outside the EU. In cases where certain members of a group of companies operate in third countries for which there…

Each year, on January 28, the Data Protection Day is celebrated. Why on January 28? The reason is that the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was opened for ratification on that day in 1981. In 2018, data protection…

When designing data processing activities, there is often a need to transfer the personal data to a third country (e.g. in order to carry out processing activities there). What should we do to transfer personal data to third countries lawfully? The GDPR contains relatively detailed rules on the…