Besides having a website, vast majority of businesses have company pages on the social networks like Facebook, Linkedin, etc. Do you become a data controller, being primarily responsible for data processing, if you get “only” statistical information of your visitors? The Court of Justice of the European Union addressed this question in its recent ruling.
In the last months preceding the entering into force of GDPR, the market was inundated with various service providers promising data protection compliance: data protection experts, counsels, IT experts, etc. Besides these providers, lawyers and law firms, experienced in the field of data protection also provide GDPR compliance services. We summarize the reason why you should involve them in your GDPR compliance project.
Do you need re-confirmation of client consent already given in each case because of the GDPR? Before sending thousands of e-mails to clients in your database to obtain their consent again, read our article to avoid throwing the baby out with the bath water!
In the recent past the Hungarian Data Protection Authority imposed a fine of 2 Million Hungarian Forints against Telekom, a major Hungarian telecommunication company, because of his unlawful direct marketing activity. Although the decision has been made before the entering into force of the GDPR, it is worth to examine the mistakes of Telekom. Indeed, the fine would have been much higher if it was imposed after the GDPR.
Some GDPR myths make you see a problem where you should not, or what is even worse, they prevent you from detecting a problem when you should. To have a successful GDPR compliance project, you should avoid both above faults. To help you, we debunk the 5 GDPR myths that we faced the most often during our compliance projects.
How often did the Hungarian Data Protection Authority impose penalties in the last five years? What was the average amount of penalties? Will be there any change after 25th May 2018, when the GDPR comes into force? We addressed these questions in our presentation made at BELGABIZ.
If data leakage, data theft or other breach happens at your company and it is likely to result in a risk to the data subjects’ rights, you have to report it to the supervisory authority. If this risk is likely to be high you shall as well inform the affected persons. In this article we mention 5 things that you need to consider when you decide about whether you should notify the authority or the data subjects.
You may think that a data breach incident can only be a consequence of a cybercriminal attack like malware or ransomware. However, among particular circumstances a simple human error, like losing a company laptop can be considered as a data breach. In this short article we explain you what exactly a data breach is and how to handle such an unwanted situation to be GDPR proof.
Last week during a GDPR related meeting with one of our clients, he told us: honestly, I have the feeling that this GDPR project is all about paperwork. Although it is not entirely true, we totally agree with our client that a huge part of the compliance project is drafting and adopting several documents. In this article we summarized the 5 basic types of documents that you must have in order to achieve GDPR-compliance.
Do you operate a small e-shop and think that GDPR and data protection concerns only giants like Amazon? Let’s just face it: you could not be more wrong. Think of the mere fact that your customers are private persons and you process at least their name, e-mail address and address. Before totally panicking from the realisation that GDPR applies to your e-shop, too, take a deep breath and read our 5 tips how your e-shop can be GDPR-compliant.
Many companies have recognized the advantages of using CCTV, however, there may be many questions arising related to their usage: Do you have to apply the same rules to your employees and to your customers? Whom do you have to ask permission? How should you provide information? Where should you put your warning? We will give you answers to these questions in this article.
Data protection authorities can impose administrative fines up to 20 Million Euro based on the EU GDPR. But what affects the actual amount that you have to pay in case of infringement? And how can you minimize the risk of an astronomic penalty? We gathered some hints in our latest article.
When it comes to the sanctions under the EU General Data Protection Regulation, everybody speaks about the astronomic penalties up to 10-20 Million Euros, however, it is only one of the 10 corrective measures of the data protection authority. And in some case complying with non-financial corrective measures can be much more painful than simply paying penalty. So, we present the 9 non-financial corrective measures in this article.
The European Court of Human Rights (ECHR) established in his fresh decision that the camera surveillance of lecture halls violated the professors’ right to privacy. Let’s see the details of the case and the findings of the Court.
As we mentioned in our earlier article the General Data Protection Regulation (GDPR) will apply from May 2018 in the EU. That means that you have about 1 year to make your business compliant with the new rules. Otherwise your company faces fines up to 20 Million Euro, not to mention the reputational loss a data breach can cause. A compliance project is always difficult to start. Thus, we would like to make it easier for you by collecting the 5 most important topics that you need to understand and clarify at the beginning of your compliance project.