Blog » WHY SHOULD YOU INVOLVE A LAWYER IN YOUR GDPR PROJECT?
WHY SHOULD YOU INVOLVE A LAWYER IN YOUR GDPR PROJECT?
18 June 2018
In the last months preceding the entering into force of GDPR, the market was inundated with various service providers promising data protection compliance: data protection experts, counsels, IT experts, etc. Besides these providers, lawyers and law firms, experienced in the field of data protection also provide GDPR compliance services. We summarize the reason why you should involve them in your GDPR compliance project.
Law or informatics?
The General Data Protection Regulation of the EU is often called as common child of lawyers and IT professionals, because its rules are governing issues falling to the territory of the two above professions. So data protection experts are basically lawyers or IT professionals, who at a certain point of their carrier decided to specialize in the field of data protection, and IT security.
In order to decide, whether it is enough to hire an IT professional for GDPR compliance it is worth to consider, what kind of procedure starts if you breach the data protection rules, and in this procedure what role is played by lawyer and IT professionals.
To simplify the question: in case of a data breach, whether an IT procedure starts in which lawyers are taken into as experts, or a legal procedure starts in which IT professionals are taken into as experts.
The procedure of Data Protection Authority
The compliance with the GDPR is controlled by the data protection authority, who in case of infringement, starts a so-called administrative procedure, which is basically a legal procedure, carried out by lawyers.
In an administrative procedure basically two relevant questions can emerge
- question of law (for example the proper determination of the legal basis of data processing, or the person of data controller or data processor) which is decided by the lawyers of the data protection authority;
- IT related question (e.g. the appropriateness of IT security measures, etc.) which is decided by an IT Expert, appointed by the lawyer of the data protection authority.
In practice the most common mistake is the wrong determination of the role of the parties (who is data controller, who is data processor) and the wrong choice among the 6 (six) legal basis of the data processing (consent, or legitimate interest, etc.).
If these issues are wrongly addressed, your whole GDPR compliance project can be basically wrong, with serious consequences.
These above questions are clearly legal questions.
In addition to the above a lot of IT problem may arise, which are considered in the administrative procedure as IT questions belonging to expert’s competence. If such a question emerges, the IT expert appointed by the lawyer of the data protection authority prepares an expert report, and it will be incorporated into the final decision of the authority, made by the lawyer.
Remedy in front of court
In case you would like to challenge the decision of the data protection authority, you can do it in front of the Labour and Administrative court, by filing an administrative litigation against the data protection authority.
In administrative litigation, you must be represented by a lawyer, so you can start the court case only with a lawyer against the data protection authority, which must also be represented by a lawyer,
The judge making the decision in the litigation is also a lawyer, who, in case a relevant IT question arises, is entitled to take an IT professional into the litigation as expert.
Lawyers and IT Professionals
As can be seen, in case of a procedure started because of a breach of data protection laws, the main directions and general questions of the legal procedures are decided by lawyers, while IT professionals are needed in a well-defined specific field.
So in case of data breach, not lawyers are taken into an IT procedure, but IT professionals are taken as experts into a legal procedure.
Who should you entrust with your GDPR compliance project?
If you entrust a knowledgeable and experienced lawyer with the GDPR Compliance of your company, you can be sure that he will examine your company with the “same eyes” as the investigator of the data protection authority, or the judge, who supervises the decision of the data protection authority.
It is obvious, that a lawyer should decide, whether your company should be considered as data controller or data processor, because this will determine your basic obligations and responsibility.
The same goes for the choice between the legal basis of the processing of personal data, because this will determine the content of the notification of your client and employees.
After the two above questions have been properly addressed, there are certain issues, where the help of an IT professional is needed, and a n well-prepared data protection lawyer can smoothly cooperate with the IT expert.
DEBT COLLECTION IN HUNGARY -3 REASONS TO HIRE A LAW FIRM INSTEAD OF COLLECTION AGENCIES
One of the annoying things in business is when your invoices are not paid by your business partners. After getting bored of their excuses, there comes a time when you have to put pressure on your debtor. At that point, you either entrust a law firm or turn to one of the many debt collection agencies offering “simple and cheap, yet efficient” solutions. Are the latter solutions really that effective? Is it worth entrusting a debt collection agency in Hungary? In our article, we bring up three reasons why hire rather a law firm in Hungary instead collection agencies.Read more »
HOW TO INFORM DATA SUBJECTS ABOUT CCTV SURVEILLANCE IN A GDPR-COMPLIANT WAY?
Operating video surveillance in a GDPR-compliant way can be a real challenge for data controllers in Hungary. A key aspect of the compliance with the GDPR is how the controller informs the data subjects (e.g. employees or customers) about the CCTV surveillance. Luckily, the European Data Protection Board which is the data protection authority of the EU has recently published a guideline on this issue. Read our short summary so that you know what to include in your camera privacy notice.Read more »
CAN YOUR DEBTOR ESCAPE LIQUIDATION BY SETTING OFF CLAIMS IN HUNGARY?
The initiation of a liquidation procedure is an effective debt collection method, since the debtor may only avoid being liquidated by paying the claim if the conditions specified in the Act on Bankruptcy Proceedings and Liquidation (Bankruptcy Act) are met. For this reason, in the case of liquidation, one of the most common defences of the debtor is the reference to offsetting. But can the debtor refer to offsetting without limitation during liquidation? In our short article we answer this question.Read more »