Adatvédelem mindenkinek / Data protection for everyone

Data processing in the context of a contract

2019. január 21. 11:00 - poklaszlo

GDPR provides various legal basis for data processing activities, including consent, legitimate interest, mandatory processing. One option is the legal basis that can be applicable to contractual relationships. According to the Preamble to the Regulation:  Processing should be lawful where it is…


Best practice recommendations from WP29 to comply with the GDPR

2018. március 19. 11:00 - poklaszlo

Article 29 Working Party (WP29) has published several guidelines under the GDPR and such guidelines contain recommendations regarding best practices that are regarded by the authorities as compliant with the requirements of the GDPR. In this post, I have collected such recommendations. 


Pseudonymisation and anonymisation in the GDPR

2018. február 26. 13:00 - poklaszlo

Data protection rules such as the EU's new General Data Protection Regulation (GDPR) apply to personal data. But what does personal data mean? According to the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable…


What are the binding corporate rules (BCRs)?

2018. február 12. 13:30 - poklaszlo

In connection with the operation of a group of companies, there is a very frequent need to transfer personal data within the company group, even when some of the group companies operate outside the EU. In cases where certain members of a group of companies operate in third countries for which there…


Setting of administrative fines based on the General Data Protection Regulation II

2017. december 15. 14:30 - poklaszlo

Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679 (GDPR) were published at the end of October by the Article 29 Working Party (WP 29). In my previous post, I have outlined the principles set out in the Guidelines. In this post, I give a…


Setting of administrative fines based on the General Data Protection Regulation I.

2017. november 17. 14:00 - poklaszlo

Overview of the WP29 Guidelines on Administrative Fines

The high amount of the administrative fine, which can reach a maximum amount of EUR 20 million or, in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, makes it extremely important for data controllers and data processors to be prepared for…


How to handle personal data breaches under the GDPR?

2017. szeptember 12. 11:30 - poklaszlo

The concept of personal data breaches was not introduced by the GDPR, but the GDPR contains a number of provisions relating to personal data breaches that data controllers (and processors) must also be aware of. What is a personal data breach? The concept of personal data breaches is closely…


The Swiss Army Knife of Data Protection – The consent

2017. július 19. 13:30 - poklaszlo

Many data controllers consider consent as the primary or preferred legal basis for data processing. Although in many cases it would be justified to use another legal basis instead of the consent, data controllers often obtain consents from the data subjects. Not only data controllers have this…