Data Protection / GDPR Law / Data Privacy / Data Protection Officer

GDPR, German and Hungarian data protection; DPO

Our data protection expert law firm is available for consultation and legal advice in data protection and freedom of information compliance issues, especially for the continuous implementation of and compliance with the General Data Protection Regulation (GDPR) in Hungary and in Germany. The practice is led by Ákos Süle who is a certified Data Protection Officer (DPO) and a GDPR EU representative. Since the enforcement date of the GDPR – 25 May 2018 – it is the most important common legislation in the EU, with minor differences in Hungary and in Germany.

We regularly prepare and evaluate data protection and data security company policies and analyze websites from these aspects in order to reach full compliance with the applicable laws. Our data protection lawyers can handle the contact with the Hungarian National Authority for Data Protection and Freedom of Information. We also carry out data privacy compliance audits and prepare the related due diligence reports. Much of our work is referred to us by other law firms. We welcome this, and reciprocate on other areas, by referrals or by assignments.

Some of our related data protection legal services

data protection law EU GDPR CCTV surveillance
Photo by: Tobias Tullius

Creating a data protection concept for your company

Compliance with laws and regulatory requirements

Checking employment / labor contracts in line with data protection laws

Drafting confidentiality agreements and NDAs to ensure non-disclosure of protected data

Assisting you with your data processing agreements

Art 27 GDPR EU data protection representative (appointment)

Covering the entire European Union

Support as data protection expert

Necessary for companies handling EU personal data but being seated outside the EU

Special data protection for particularly sensitive data

Sensitive information concerning political opinions, ethnicity, religious or philosophical beliefs, union membership, health or sex life are especially protected under data protection laws

The connection between the personal data requirements and the rules regarding health data is complex and requires some experience to understand. We can assist with the interpretation and procedure for fulfilling these rules

The processing of employees’ personal data is crucial for all businesses. We advise on the importance of the GDPR and data protection rules in the HR work

Your website, the German Telemedia Act and data protection laws

Companies targeting Germany needs website privacy policy that satisfies the requirements of the German Telemedia Act and the German Federal Data Protection Act

Data security issues

Consultation in the field of data security

Conduction of data security audits

Data security consulting with hourly fees or monthly legal fees

Being appointed as German data protection officer or coordinator

We can also support the tasks of and be a contact person for the data security officer / coordinator locally

Under circumstances, companies with at least ten employees must appoint a data protection officer in Germany

Hungarian data protection officer or coordinator

We can also support the tasks of and be a contact person for the data security officer / coordinator locally

Data security training for employees in Hungary

Certain companies must appoint a data protection officer in Hungary

Drafting Hungarian data protection and Hungarian data privacy programs and policies for your company, including training material

In-house training on data protection law in Hungary

Art 15 GDPR requests

Support in cases coming from the right of access by the data subject

The data subject shall have the right to obtain from the controller confirmation whether or not personal data concerning him / her are being processed, and access to the personal data

Upon request, the controller shall provide a copy of the personal data undergoing processing

Support as Hungarian data protection expert

Support as German data protection expert

Support as EU data protection expert

Privacy impact assessment

Using the Privacy Impact Assessment (PIA) software by the CNIL.

Procedures at the Hungarian and German DPA

Support as European data protection expert

Cross-border data transfer cases

Checking the lawfulness of processing

Drafting a declaration of consent form for dealings with clients, vendors and business partners

Data privacy policies

Support as Hungarian data protection expert

Support as German data protection expert

Support as EU data protection expert

Data protection – GDPR Frequently Asked Questions – FAQ

A business partner’s personal data has been accidentally disclosed. Can I delay reporting until I have the full facts?

Data controllers must notify a personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware unless the breach is unlikely to result in a risk to the rights and freedoms of natural person. If a delay beyond 72 hours occurs, the controller must notify the Data Protection Authority of the reason for the delay.

What does have to be reported in a data breach report?

(1) the nature of the breach and the categories and approximate numbers of data subjects and personal data records concerned (2) the name and contact details of the data protection officer or other contact in your firm where more information can be obtained (3) the foreseeable consequences of the breach (4) the measures you have taken or propose to take to address the breach or measures to mitigate its effects

What is a joint controller arrangement?

Joint controllers who jointly determine the purpose and means of processing, are required to arrange between themselves their respective responsibilities for compliance with the GDPR – and the exercise of data subjects’ rights and provision of transparency information to individuals. The arrangement must set out their roles and responsibilities and the essence of the arrangement must be made available to data subjects

What is data protection by design & default and privacy by design?

They are synonyms under the GDPR and both mean that data controllers are required to put in place appropriate technical and organisational measures which are designed to implement data protection principles and to integrate safeguards for the protection of data subjects’ rights; and ensure that, by defaults, only personal data that are needed for the specific purpose of the processing are used

What is a data protection impact assessment?

A data protection impact assessment, also known as a privacy impact assessment, is a process for building and demonstrating compliance with the GDPR. It has to be run on any processing activity that has a high risk of infringing a natural person’s rights and freedoms. Examples of high risk processing set out in the GDPR include (1) systematic and extensive processing activities, including profiling and where decisions have legal effects – or similarly significant effects – on individuals; (2) large scale processing of special categories of or criminal convictions or offence details; or (3) large scale, systematic monitoring of public areas (e.g. CCTV)