Online services became part of our everyday life. The provision of online services, in almost all cases, goes hand in hand with data processing. On the one hand, we provide our data intentionally to the service providers when we decide to use services online but in other cases, data are collected…

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) was the first data protection authority in the EU that has published a fining policy detailing the principles for setting administrative fines in specific cases. The impact of the fining policy issued by the Dutch Data Protection…

One of the biggest challenges in meeting data protection requirements is to translate the general principles and rules into concrete actions and daily routines. How much and what data is needed to achieve a particular purpose? How can we obtain the necessary consent? How can we provide proper…

GDPR provides various legal basis for data processing activities, including consent, legitimate interest, mandatory processing. One option is the legal basis that can be applicable to contractual relationships. According to the Preamble to the Regulation:  Processing should be lawful where it is…

Surveys show that very few people choose passwords that are strong enough, and many prefer to use the same password on multiple, or even all, online platforms. Similarly to PIN codes, where 1-2-3-4 and other easily solvable combinations are the most popular ones, we are not careful enough about…

GDPR requires supervisory authories to establish and make public their lists of the kind of processing operations which are subject to the requirement for a data protection impact assessment (DPIA). 22 supervisory authorities submitted their draft lists to the European Data Protection Board (EDPB)…

One of the important novelties of GDPR was that it applies not only to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, but also to the processing of personal data of data subjects who are in the Union by a controller…

A bill regarding the amendment of the Hungarian Data Protection Act was submitted to the Hungarian Parliament on June 19. The bill aims at the implementation of Directive 2016/680 and the amendment of the Hungarian Data Protection Act regarding the application of the General Data Protection…

Below, you can find a collection of national laws that are necessary for the enforcement of the GDPR. (Last updated on 28.09.2018.) If you need information regarding the status of the implementation in the EU Member States or look for some background information in connection with the implemenation…

The data controller is a central player in data protection regulation. The data controller is the one who determines the purposes and means of data processing and makes substantive decisions about the data processing activities. However, the data controller can not only act independently of a given…