"Time flies so fast", is what we often say when we arrive at an anniversary and look back. As 5 years have already passed since the GDPR became applicable on May 25, 2018, it´s worth asking some questions regarding the experiences of GDPR application, also with regard to the fact that data…

The Hungarian DPA (NAIH) published two decisions (NAIH/2020/1154 and NAIH/2020/838) in connection with the list of the 50 wealthiest Hungarians and the list of the biggest family-owned businesses published by Forbes Hungary. The amounts of the fines were EUR 5,780 (HUF 2,000,000) and EUR 7,225 (HUF…

At the beginning of June, the Hungarian DPA published a decision imposing an administrative fine of HUF 100 million (approx. EUR 290,000) under the GDPR. The fine was much higher than the data protection fines imposed in Hungary so far (the highest amount of fines previously imposed was HUF 30…

While the amount of administrative fine in the GDPR is only a theoretical maximum, fines imposed in specific cases could serve as important practical compass in several respects: on the one hand, the level of fines is indicative itself, and on the other hand, it is also important for data…

The Conference of the independent Data Protection Authorities of Germany (Konferenz der unabhängigen Datenschutzaufsichtsbehörden des Bundes und der Länder; DSK) published its generally applicable principles on imposing GDPR fines on companies. By publishing its concept, the DSK follows the Dutsch…

The possibility of imposing significant amount of fine for the violation of data protection rules drew immediate attention to the issue of data protection compliance. While the amount of administrative fine in the GDPR was only a theoretical maximum, fines imposed in specific cases could serve as…

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) was the first data protection authority in the EU that has published a fining policy detailing the principles for setting administrative fines in specific cases. The impact of the fining policy issued by the Dutch Data Protection…

Surveys show that very few people choose passwords that are strong enough, and many prefer to use the same password on multiple, or even all, online platforms. Similarly to PIN codes, where 1-2-3-4 and other easily solvable combinations are the most popular ones, we are not careful enough about…

Five months have passed since May 25 when the General Data Protection Regulaton (GDPR) became applicable in the European Union. Data controllers and processors struggled a lot to be ready for the application of the rules of the GDPR. However, there are several rules in the GDPR that leave space for…

Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679 (GDPR) were published at the end of October by the Article 29 Working Party (WP 29). In my previous post, I have outlined the principles set out in the Guidelines. In this post, I give a…