The motto of 2018: GDPR

In our latest Newsletter we shall summarize what tasks will GDPR mean and how to prepare for its coming into effect.

What is GDPR?

GDPR (General Data Protection Regulation) is the new European data protection regulation, which will be valid in all EU from 25 May 2018. It will replace the currently applicable privacy policy, which has been in force since 1995 (Directive 95/46/EC), unifying the Member States' data protection regulations.

However, in addition to complying with the text of the new regulation, the relevant national legislation shall also be followed with attention. The amendment to the relevant legislation has been submitted to the Hungarian Parliament.

Who does GPDR apply to?

Virtually it applies to all companies processing the personal data in a filing system (even if the company providing services is not established in the EU but its service is also available to persons staying in the EU).
So even if the company has only one employee - as a controller - GDPR shall be applicable to it. The scale will be widened if, for example, the company accepts job applications, concludes contracts, operates websites (or even a web shop), draws on payroll or accounting services, etc.

What are the 3 important features of GDPR?

• recording management: of data management activities, data management contributions and fulfilment of the requirements of GDPR.
• reporting data incidents: in case of unlawful management or processing of personal data (e.g. destruction, loss, disclosure) the controller shall be obliged to notify the supervisory authority without delay (not later than 72 hours from the time it became known).
• penalty: under GDPR organizations in breach of GDPR can be fined up to 4 % of the previous annual global turnover or €20 Million (whichever is greater).

How to prepare for the GDPR's entry into force and thereafter?

This process can be divided into three main sections:

1) Exploration: This section starts with preparation and planning (definition of the scope, preparation of the project plan and scheduling).

2) Management: When we surveyed the current condition and see the differences required to comply with GDPR, it follows, inter alia:

- revision of the current processes;

- transformation of data protection, empowerment of data privacy and IT systems;

- making data management records and various internal regulations;

- creation of an action plan related to data protection incidents

3) Protection Development of security processes and monitoring related to the detection, prevention and management of the risks of data management and data protection incidents.

What can be obtained from the preparation?

If at first glance perhaps only the serious challenge and magnitude of the required resources are striking, we should not forget that surely we can count on the following advantages in the preparation for the application of GDPR.

• transparency: we will be aware of what personal data are managed; where to store and how to protect them (and in addition we will also be given an overview of the business processes);
• trust factor: good information and proactive attitude can further increase the confidence of our customers and employees.
• creating value: a review of the business processes, creation of a prudent data protection and data management strategy will contribute to the protection and development of business reputation;
• competitive advantage: which the foregoing as a whole results in.

Of the three types of expertise necessary to manage GDPR you have the knowledge relevant to the organization/processes for which we are happy to provide information security, legal expertise and experience.

If you have any questions relating to the above-mentioned issues, our staff is happy to help.

Ferenc Smohay
Partner, Risk & Compliance Services
[email protected]

dr. Péter Czifra
Czifra & Neményi Law Office
[email protected]

József Láng
tax expert, manager
[email protected]