GDPR provides various legal basis for data processing activities, including consent, legitimate interest, mandatory processing. One option is the legal basis that can be applicable to contractual relationships. According to the Preamble to the Regulation:  Processing should be lawful where it is…

Surveys show that very few people choose passwords that are strong enough, and many prefer to use the same password on multiple, or even all, online platforms. Similarly to PIN codes, where 1-2-3-4 and other easily solvable combinations are the most popular ones, we are not careful enough about…

GDPR requires supervisory authories to establish and make public their lists of the kind of processing operations which are subject to the requirement for a data protection impact assessment (DPIA). 22 supervisory authorities submitted their draft lists to the European Data Protection Board (EDPB)…

One of the important novelties of GDPR was that it applies not only to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, but also to the processing of personal data of data subjects who are in the Union by a controller…

A bill regarding the amendment of the Hungarian Data Protection Act was submitted to the Hungarian Parliament on June 19. The bill aims at the implementation of Directive 2016/680 and the amendment of the Hungarian Data Protection Act regarding the application of the General Data Protection…

Below, you can find a collection of national laws that are necessary for the enforcement of the GDPR. (Last updated on 28.09.2018.) If you need information regarding the status of the implementation in the EU Member States or look for some background information in connection with the implemenation…

The data controller is a central player in data protection regulation. The data controller is the one who determines the purposes and means of data processing and makes substantive decisions about the data processing activities. However, the data controller can not only act independently of a given…

The preparations for the application of the GDPR have come to its final phase, since the Regulation is directly applicable in all EU Member States from May 25. Despite the fact that the Regulation will soon become part of the daily practice, there are still many misunderstandings and myths…

The General Data Protection Regulation (GDPR) is applicable from May 25, 2018 and, for this purpose, many data controllers must perform a data protection impact assessment (DPIA).  The obligation to perform a data protection impact assessment connects closely to the principles of data protection…

Article 29 Working Party (WP29) has published several guidelines under the GDPR and such guidelines contain recommendations regarding best practices that are regarded by the authorities as compliant with the requirements of the GDPR. In this post, I have collected such recommendations.