GDPR, German and Hungarian data protection; DPO
Our data protection expert law firm is available for consultation and legal advice in data protection and freedom of information compliance issues, especially for the continuous implementation of and compliance with the General Data Protection Regulation (GDPR) in Hungary and in Germany. The practice is led by Ákos Süle who is a certified Data Protection Officer (DPO) and a GDPR EU representative. Since the enforcement date of the GDPR – 25 May 2018 – it is the most important common legislation in the EU, with minor differences in Hungary and in Germany.
We regularly prepare and evaluate data protection and data security company policies and analyze websites from these aspects in order to reach full compliance with the applicable laws. Our data protection lawyers can handle the contact with the Hungarian National Authority for Data Protection and Freedom of Information. We also carry out data privacy compliance audits and prepare the related due diligence reports. Much of our work is referred to us by other law firms. We welcome this, and reciprocate on other areas, by referrals or by assignments.
Creating a data protection concept for your company
Compliance with laws and regulatory requirements
Checking employment / labor contracts in line with data protection laws
Drafting confidentiality agreements and NDAs to ensure non-disclosure of protected data
Assisting you with your data processing agreements
Art 27 GDPR EU data protection representative (appointment)
Covering the entire European Union
Support as data protection expert
Necessary for companies handling EU personal data but being seated outside the EU
Special data protection for particularly sensitive data
Sensitive information concerning political opinions, ethnicity, religious or philosophical beliefs, union membership, health or sex life are especially protected under data protection laws
The connection between the personal data requirements and the rules regarding health data is complex and requires some experience to understand. We can assist with the interpretation and procedure for fulfilling these rules
The processing of employees’ personal data is crucial for all businesses. We advise on the importance of the GDPR and data protection rules in the HR work
Your website, the German Telemedia Act and data protection laws
Companies targeting Germany needs website privacy policy that satisfies the requirements of the German Telemedia Act and the German Federal Data Protection Act
Data security issues
Consultation in the field of data security
Conduction of data security audits
Data security consulting with hourly fees or monthly legal fees
Being appointed as German data protection officer or coordinator
We can also support the tasks of and be a contact person for the data security officer / coordinator locally
Under circumstances, companies with at least ten employees must appoint a data protection officer in Germany
Hungarian data protection officer or coordinator
We can also support the tasks of and be a contact person for the data security officer / coordinator locally
Data security training for employees in Hungary
Certain companies must appoint a data protection officer in Hungary
Drafting Hungarian data protection and Hungarian data privacy programs and policies for your company, including training material
In-house training on data protection law in Hungary
Art 15 GDPR requests
Support in cases coming from the right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation whether or not personal data concerning him / her are being processed, and access to the personal data
Upon request, the controller shall provide a copy of the personal data undergoing processing
Support as Hungarian data protection expert
Support as German data protection expert
Support as EU data protection expert
Privacy impact assessment
Using the Privacy Impact Assessment (PIA) software by the CNIL.
Procedures at the Hungarian and German DPA
Support as European data protection expert
Cross-border data transfer cases
Checking the lawfulness of processing
Drafting a declaration of consent form for dealings with clients, vendors and business partners
Data privacy policies
Support as Hungarian data protection expert
Support as German data protection expert
Support as EU data protection expert
Data protection – GDPR Frequently Asked Questions – FAQ
Data controllers must notify a personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware unless the breach is unlikely to result in a risk to the rights and freedoms of natural person. If a delay beyond 72 hours occurs, the controller must notify the Data Protection Authority of the reason for the delay.
(1) the nature of the breach and the categories and approximate numbers of data subjects and personal data records concerned (2) the name and contact details of the data protection officer or other contact in your firm where more information can be obtained (3) the foreseeable consequences of the breach (4) the measures you have taken or propose to take to address the breach or measures to mitigate its effects
Joint controllers who jointly determine the purpose and means of processing, are required to arrange between themselves their respective responsibilities for compliance with the GDPR – and the exercise of data subjects’ rights and provision of transparency information to individuals. The arrangement must set out their roles and responsibilities and the essence of the arrangement must be made available to data subjects
They are synonyms under the GDPR and both mean that data controllers are required to put in place appropriate technical and organisational measures which are designed to implement data protection principles and to integrate safeguards for the protection of data subjects’ rights; and ensure that, by defaults, only personal data that are needed for the specific purpose of the processing are used
A data protection impact assessment, also known as a privacy impact assessment, is a process for building and demonstrating compliance with the GDPR. It has to be run on any processing activity that has a high risk of infringing a natural person’s rights and freedoms. Examples of high risk processing set out in the GDPR include (1) systematic and extensive processing activities, including profiling and where decisions have legal effects – or similarly significant effects – on individuals; (2) large scale processing of special categories of or criminal convictions or offence details; or (3) large scale, systematic monitoring of public areas (e.g. CCTV)