One of the biggest challenges in meeting data protection requirements is to translate the general principles and rules into concrete actions and daily routines. How much and what data is needed to achieve a particular purpose? How can we obtain the necessary consent? How can we provide proper…
Lists of mandatory DPIAs
GDPR requires supervisory authories to establish and make public their lists of the kind of processing operations which are subject to the requirement for a data protection impact assessment (DPIA).
22 supervisory authorities submitted their draft lists to the European Data Protection Board (EDPB)…
List of mandatory data protection impact assessments in Hungary
The Hungarian Data Protection Authority (NAIH) published its "black list" on processing activities that shall be subject to data protection impact assessment, in line with Section 35 (4) of the GDPR. The European Data Protection Board provided its opinion on the draft list at the end of September…
Bill regarding the amendment of the Hungarian Data Protection Act
A bill regarding the amendment of the Hungarian Data Protection Act was submitted to the Hungarian Parliament on June 19. The bill aims at the implementation of Directive 2016/680 and the amendment of the Hungarian Data Protection Act regarding the application of the General Data Protection…
How to handle personal data breaches under the GDPR?
The concept of personal data breaches was not introduced by the GDPR, but the GDPR contains a number of provisions relating to personal data breaches that data controllers (and processors) must also be aware of.
What is a personal data breach?
The concept of personal data breaches is closely…
Draft bill regarding the GDPR-related amendment to the Hungarian Data Protection Act has been published
The first draft of the amendment of the Hungarian regulation related to the EU's general data protection regulation has finally been released. The proposal for the amendment of Act CXII of 2011 on the right to information self-determination and freedom of information (the “Hungarian Data Protection…
The Swiss Army Knife of Data Protection – The consent
Many data controllers consider consent as the primary or preferred legal basis for data processing. Although in many cases it would be justified to use another legal basis instead of the consent, data controllers often obtain consents from the data subjects.
Not only data controllers have this…
Guidelines on the application of the Data Protection Regulation
The official guidelines for the application of the EU Uniform Data Protection Regulation (Regulation 2016/679, "Regulation" or "GDPR") have been launched to help interpret the rules of the Regulation. In addition to the numerous published publications, blog posts and opinions, the official positions…