Blog » HEADS UP! DATA PROTECTION OFFICER ON BOARD!
HEADS UP! DATA PROTECTION OFFICER ON BOARD!
15 January 2018
My Colleague Anita is dealing with data protection issues for a longer period of time and in December 2017 she has became a data protection officer. Now I am asking Anita about her experiences she has acquired during the course.
Viki: Why have you decided to take the DPO course?
Anita: Soon after the adoption of the General Data Protection Regulation (GDPR) we have started to deal with this topic in the office. We have figured out the GDPR will have an impact on basically all on our corporate clients as if one has employees, it is 100 % that personal data will be processed.
Although we have already gained significant knowledge, our managing partner, Richard encouraged me to deepen it and acquire practical experiences. That is why I have decided to make the GDPR manager – Data Protection Officer course.
Viki: What is the difference between a data protection officer and a lawyer who is specialized on data protection law?
Anita: A data protection officer does not only need legal knowledge but also has to be able to understand all business processes at the company which require the processing of personal data, including information security matters.
As an example, as an attorney who deals with data protection issues I know about what the company needs to inform its employees or clients if he processes their personal data. As a DPO I have to understand and identify the “route” of the collected personal data throughout the company (whether data is transmitted, how long and where is it stored) and what are the security risks on that “route”.
Viki: Have you acquired rather theoretical or practical knowledge on the course?
Anita: Obviously, we had to know the theoretical basics, so we have thoroughly reviewed the GDPR. In fact, as a good advice we were told that if we would like to be DPOs, we should read the GDPR at least 20 times.
However, in the significant part of the course we have learned how to apply the GDPR based on practical examples. For instance, we identified who is who in a data processing activity with multiple actors (eg. if the customer orders a product from our company and it will be delivered by a haulier), how the current data processing activities need to be reviewed and how to make them GDPR-compatible or how the records of data processing activities shall be maintained.
Viki: Which client needs to have a DPO?
Anita: Organizations whose main activity is the regular and systematic monitoring of data subjects (like a security company who operates camera surveillance system) will definitely need to appoint a DPO. Similarly, those companies who are processing sensitive data (eg. health data) on a large scale, like health service providers shall have one.
Of course, based on his own consideration, a company can decide to appoint a DPO to ensure the highest possible level of data protection even if he is not obliged to do so.
During the GDPR-compliance project we are happy to help clients to think over whether is it necessary or worth to appoint a data protection officer.
Anita, thank you for answering my questions.
CAN YOUR DEBTOR ESCAPE LIQUIDATION BY SETTING OFF CLAIMS IN HUNGARY?
The initiation of a liquidation procedure is an effective debt collection method, since the debtor may only avoid being liquidated by paying the claim if the conditions specified in the Act on Bankruptcy Proceedings and Liquidation (Bankruptcy Act) are met. For this reason, in the case of liquidation, one of the most common defences of the debtor is the reference to offsetting. But can the debtor refer to offsetting without limitation during liquidation? In our short article we answer this question.Read more »
SZIGET FESTIVAL FINED RECORD HUF 30 MILLION FOR GDPR BREACHES – WHAT WENT WRONG?
A few days prior to the first anniversary of the entry into force of the GDPR the Hungarian Data Protection Authority imposed the biggest data protection fine in Hungary so far. The target was the biggest Hungarian festival organizer company thanks to whom the public may enjoy the SZIGET, the VOLT or the Balaton Sound Festival. The Data Protection Authority reviewed the check-in system of the festival and the data processing in relation with the check-in. In our short article we summarize the mistakes the Authority identified.Read more »
CONSTRUCTION TRUSTEESHIP IN HUNGARY - GETTING PAID IN CONSTRUCTION PROJECTS AS SUBCONTRACTOR
Construction trusteeship, as mandatory collateral management of major private construction projects in Hungary, strives for protecting subcontractors against non-paying general contractor, by allowing direct payments from employer under certain conditions. How does it work in practice and what are the limits of subcontractor protection? We address these issues in this article.Read more »