WHY SHOULD YOU REVIEW YOUR GDPR COMPLIANCE?

31 January 2024

The European General Data Protection Regulation (GDPR) came into force in 2018 and has become part of our lives. The regulatory practice has evolved in recent years, and there are now many precedents to help interpret the rules. Here are five reasons why you should review your business's data protection.

1. INTRODUCTION OF NEW PROCESSES, BUSINESS CHANGES

The starting point for compliance with GDPR is an accurate and complete mapping and documentation of data management processes. If processes change, data management documentation can easily become outdated. If your company has introduced new services or activities in recent years, or changed the way it used to do business, it will certainly need to review its data protection documentation.

2. CHANGES IN SERVICE PROVIDERS

Your privacy documentation will need to be updated if there have been recent changes to the service providers that support your business, for example, if you have changed IT service providers, hosting providers, email service providers, accountants, or if you are using new customer registry/HR software and this has not been reflected in your privacy documentation.

3. CHANGES IN LABOUR LAW

In recent years, there have been many disputes and fines in connection with data management in the workplace, employee monitoring, the validity of data management based on consent, and the reorganisation of work due to the coronavirus. If your company has introduced a home office or online communications, new data processing practices may appear that require you to update your data protection documentation.

4. DATA TRANSFERS OUTSIDE THE EU

Since the entry into force of the GDPR, the transfer of data outside the EU has been at the centre of discussions, which is almost unavoidable when using the most common IT services (Microsoft, Google, etc...). The rules adopted when the GDPR entered into force are no longer applicable, so data protection documents must be updated in most cases for transfers outside the EU.

5. CHANGES IN THE LEGAL ENVIRONMENT

As the practice of the GDPR has crystallised in recent years, the EU Court of Justice and the Hungarian data protection authority have also taken a stand on several other issues, whether it is the application of different legal bases, the proportionality of processing. For these reasons, it is almost certain that a data protection documentation drafted years ago has become somewhat outdated in the light of the case law that has evolved since then and needs to be corrected.

SUMMARY

Since the GDPR entered into force, there have been changes in both data protection regulation and in business and workplace processes that requires to update the data protection documentation that was created years ago.