As we mentioned in our previous newsletter, the Regulation (EU) 2016/679 of the European Parliament and of the Council, a.k.a. the General Data Protection Regulation (generally known as GDPR) will compulsorily be applicable in Hungary as well as of 25 May 2018.
The GDPR presents numerous challenges to Hungarian companies – such as yours – in the field of personal data protection. Failure to abide by the rules of the GDPR may have severe consequences, as the maximum amount of potential sanctions may even reach EUR 20,000,000 for those companies that do not comply with the relevant requirements.
We would like to help You below to prepare your company to be in compliance with the respective GDPR rules.
I. First of all, please review the following list to discover potential data protection risks.
Typical data processing activities that fall under the scope of GDPR:
- processing the personal data of employees: data set out in employment agreements, processed data in order to discharge certain tax and social security duties, data relating to workplace accidents, data of people who apply for jobs – resumes, cover letters, etc.;
- work-related data processing, specifically monitoring and recording the GPS data of company cars, monitoring the use of company assets (notebook, cell phone, internet) etc.;
- processing data of clients: typically data in connection with natural persons, e.g. firstname.lastname@example.org type of e-mail addresses, telephone numbers, data relating to private contractors, managing contact data;
- monitoring by video surveillance;
- building and using a CRM database;
- sending newsletters and commercial offers via e-mail or post;
- maintaining websites;
- operating webshops;
- organising raffles;
- other data processing activities.
II. Secondly, it is important to review if the data processing activities are in compliance with the GDPR requirements.
III. Last but not least, steps should be taken to minimise the identified risks and to avoid potential sanctions.
One of the most fundamental requirement for companies is to have a data processing guideline in compliance with the respective laws and the authority’s practice.
We are at your service to explore: which areas of your company should be reviewed regarding compliance with GDPR (Section II.) and we are of assistance in drafting the data processing guidelines (Section III.) as well.
Should you have any questions in connection with the above or need further assistance, please do not hesitate to contact us.