Last updated: 19.06.2018! On May 25, 2018, the GDPR becomes applicable. Many data controllers and data processors are already in the process of preparing for the GDPR. Although there is no need to transpose the GDPR into Member States' respective legislation, since it is directly applicable in all…

The concept of personal data breaches was not introduced by the GDPR, but the GDPR contains a number of provisions relating to personal data breaches that data controllers (and processors) must also be aware of. What is a personal data breach? The concept of personal data breaches is closely…

The first draft of the amendment of the Hungarian regulation related to the EU's general data protection regulation has finally been released. The proposal for the amendment of Act CXII of 2011 on the right to information self-determination and freedom of information (the “Hungarian Data Protection…

Many data controllers consider consent as the primary or preferred legal basis for data processing. Although in many cases it would be justified to use another legal basis instead of the consent, data controllers often obtain consents from the data subjects. Not only data controllers have this…

The principle of accountability almost always plays a key role when the EU’s new Data Protection Regulation (GDPR) is discussed. This principle is often referred to as a "super principle". Although the accountability principle has not been mentioned so often before, it is not a novelty introduced…

An interesting survey was published by the Irish Data Protection Commissioner on the Irish SMEs' readiness for the application of the EU’S new general data protection regulation (GDPR). If we want to summarize the findings of the survey briefly: the situation is quite depressing! One year before the…

The General Data Protection Regulation (GDPR or Regulation) is applicable from May 25, 2018 and, for this purpose, many data controllers must perform a data protection impact assessment (DPIA). Last week, I summarised the basic rules of DPIAs and collected those cases when DPIAs need to be…

We have reached half-time in the preparation period for the application of the GDPR (EU’s new General Data Protection Regulation). From May 25, 2018, GDPR will be directly applicable in all EU Member States. Below I have collected some of the issues that may arise in connection with the…

The General Data Protection Regulation (GDPR or Regulation) is applicable from May 25, 2018 and, for this purpose, many data controllers must perform a data protection impact assessment. The data protection impact assessment has been applied in some Member States of the European Union (e.g. UK,…

The draft act regarding the implementation of the GDPR in Austria is now available at the website of the Austrian Parliament. The draft act was published on May 12, 2017. An interesting change in Austria that in the current Austrian regime, not only natural persons, but also legal entities are…