{"id":26537,"date":"2019-10-18T05:19:04","date_gmt":"2019-10-18T05:19:04","guid":{"rendered":"https:\/\/visegradlegal.hu\/?p=26537"},"modified":"2019-10-18T05:19:52","modified_gmt":"2019-10-18T05:19:52","slug":"gdpr-lookback-practice-of-the-authority","status":"publish","type":"post","link":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/","title":{"rendered":"GDPR: a lookback on the first year and the practice of the authority"},"content":{"rendered":"<p><strong>What are the authority\u2019s criteria for imposing fine since the GDPR being in effect? &#8211; The president of the National Authority for Data Protection and Freedom of Information (the \u201cNAIH\u201d) gave insights in September at a conference.<\/strong><\/p>\n<p>The NAIH has started to do the honours of GDPR last year and has since released quite a few resolutions in various matters related to the new law. In such resolutions, the authority has imposed fines on the controlled organizations due to non-compliance with the provisions of the GDPR. \u00a0Such fines weren\u2019t extremely high, not even in the context of the numbers of the Hungarian economy. There was one case though where a fine of HUF 11 million (i.e. approx. EUR 32,000) was imposed in connection with the concealment of a privacy incident.<\/p>\n<p>From the NAIH resolutions so far it is becoming clear that the compliance of the data protection measurements and compliance of the handling of privacy incidents is a primary factor during the controlling of compliance by NAIH. The resolutions are available on NAIH\u2019s website and are worth a bit of time to look at them as many conclusions can be drawn from them as whether the company is compliant or not. One conclusion which we have drawn was that<strong> the NAIH will primarily check upon controlling whether general principals of the data protection are followed by the company or not<\/strong>. Further to that, <strong>each data controller shall handle with due respect and efforts if a data protection request is submitted<\/strong> with them by the data owner regarding the controlling of the data. Also, it is advisable to be cautious with each act of recording or transferring data \u2013 thorough planning in advance is advised to avoid breach of data protection provisions.<\/p>\n<p>Attila P\u00e9terfalvi, the president of NAIH has released a statement with regard the most important experiences made since the GDPR being in effect. In his statement he has emphasized that <em>\u201eduring the first year of the applicability of the GDPR, the NAIH has recieved more than 385 reporting of data privacy incidents, the majority of which was caused by human errors, for instance, that an email was sent to a wider circle of recipients than as intended, or in another case data carriers were lost, which contained personal data, but complaints have been submitted regarding the handling of email accounts, and the handling of medical documents.\u201d<\/em> Thus it just cannot be emphasized enough that \u201e<em>if an incident should occur, the data controller shall report it to NAIH within 72 hours and the reporting shall include what measurements they have undertaken to repair the consequences of the incidents.<\/em> <em>If the risk factor of the incident is high, for instance sensitive data was lost, in that case the data owners are to be notified, or if there were too many data owners affected, the public is to be notified, and at the same time, the incident is to be repaired.<\/em>&#8221; \u2013 warned Attila P\u00e9terfalvi.<\/p>\n<p>Based on all of the above, we are of the view that each organization, may it be a company or a private entrepreneur or other, shall<strong> conduct a self-controlling procedure to determine whether the above depicted problems could be detected within their procedures<\/strong> as well in the case of a controlling by the NAIH and thus what changes to its practices, information sheets and rules of procedures are to be implemented so as to comply.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What are the authority\u2019s criteria for imposing fine since the GDPR being in effect? &#8211; The president of the National Authority for Data Protection and Freedom of Information (the \u201cNAIH\u201d) gave insights in September at a conference. The NAIH has started to do the honours of GDPR last year and has since released quite a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":26523,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[83],"tags":[163,120,96,362],"class_list":["post-26537","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection-gdpr","tag-data-controller","tag-data-protection","tag-naih","tag-privacy-incident"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GDPR: a lookback on the first year and the practice of the authority - Ill\u00e9s&amp;N\u00e9meth Association of Lawyers<\/title>\n<meta name=\"description\" content=\"What are the authority\u2019s criteria for imposing fine since the GDPR being in effect? - The president of the NAIH gave insights in September at a conference.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR: a lookback on the first year and the practice of the authority - Ill\u00e9s&amp;N\u00e9meth Association of Lawyers\" \/>\n<meta property=\"og:description\" content=\"What are the authority\u2019s criteria for imposing fine since the GDPR being in effect? - The president of the NAIH gave insights in September at a conference.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/\" \/>\n<meta property=\"og:site_name\" content=\"Ill\u00e9s&amp;N\u00e9meth Association of Lawyers\" \/>\n<meta property=\"article:published_time\" content=\"2019-10-18T05:19:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-10-18T05:19:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1272\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"dr. Ill\u00e9s \u00c1d\u00e1m\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"dr. Ill\u00e9s \u00c1d\u00e1m\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/\"},\"author\":{\"name\":\"dr. Ill\u00e9s \u00c1d\u00e1m\",\"@id\":\"https:\/\/visegradlegal.hu\/#\/schema\/person\/f0fef0ef3ec20308913ee1d909780958\"},\"headline\":\"GDPR: a lookback on the first year and the practice of the authority\",\"datePublished\":\"2019-10-18T05:19:04+00:00\",\"dateModified\":\"2019-10-18T05:19:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/\"},\"wordCount\":581,\"image\":{\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg\",\"keywords\":[\"data controller\",\"data protection\",\"NAIH\",\"privacy incident\"],\"articleSection\":[\"Data protection (GDPR)\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/\",\"url\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/\",\"name\":\"GDPR: a lookback on the first year and the practice of the authority - Ill\u00e9s&N\u00e9meth Association of Lawyers\",\"isPartOf\":{\"@id\":\"https:\/\/visegradlegal.hu\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg\",\"datePublished\":\"2019-10-18T05:19:04+00:00\",\"dateModified\":\"2019-10-18T05:19:52+00:00\",\"author\":{\"@id\":\"https:\/\/visegradlegal.hu\/#\/schema\/person\/f0fef0ef3ec20308913ee1d909780958\"},\"description\":\"What are the authority\u2019s criteria for imposing fine since the GDPR being in effect? - The president of the NAIH gave insights in September at a conference.\",\"breadcrumb\":{\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#primaryimage\",\"url\":\"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg\",\"contentUrl\":\"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg\",\"width\":1920,\"height\":1272,\"caption\":\"practice of GDPR in Hungary\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/visegradlegal.hu\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GDPR: a lookback on the first year and the practice of the authority\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/visegradlegal.hu\/#website\",\"url\":\"https:\/\/visegradlegal.hu\/\",\"name\":\"Ill\u00e9s&N\u00e9meth Association of Lawyers\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/visegradlegal.hu\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/visegradlegal.hu\/#\/schema\/person\/f0fef0ef3ec20308913ee1d909780958\",\"name\":\"dr. Ill\u00e9s \u00c1d\u00e1m\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/347a905c0860aaf34650db19625beeb4cfc4347b5df0d66ef80381817b31b53c?s=96&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/347a905c0860aaf34650db19625beeb4cfc4347b5df0d66ef80381817b31b53c?s=96&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/347a905c0860aaf34650db19625beeb4cfc4347b5df0d66ef80381817b31b53c?s=96&r=g\",\"caption\":\"dr. Ill\u00e9s \u00c1d\u00e1m\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GDPR: a lookback on the first year and the practice of the authority - Ill\u00e9s&N\u00e9meth Association of Lawyers","description":"What are the authority\u2019s criteria for imposing fine since the GDPR being in effect? - The president of the NAIH gave insights in September at a conference.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/","og_locale":"en_US","og_type":"article","og_title":"GDPR: a lookback on the first year and the practice of the authority - Ill\u00e9s&N\u00e9meth Association of Lawyers","og_description":"What are the authority\u2019s criteria for imposing fine since the GDPR being in effect? - The president of the NAIH gave insights in September at a conference.","og_url":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/","og_site_name":"Ill\u00e9s&N\u00e9meth Association of Lawyers","article_published_time":"2019-10-18T05:19:04+00:00","article_modified_time":"2019-10-18T05:19:52+00:00","og_image":[{"width":1920,"height":1272,"url":"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg","type":"image\/jpeg"}],"author":"dr. Ill\u00e9s \u00c1d\u00e1m","twitter_card":"summary_large_image","twitter_misc":{"Written by":"dr. Ill\u00e9s \u00c1d\u00e1m","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#article","isPartOf":{"@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/"},"author":{"name":"dr. Ill\u00e9s \u00c1d\u00e1m","@id":"https:\/\/visegradlegal.hu\/#\/schema\/person\/f0fef0ef3ec20308913ee1d909780958"},"headline":"GDPR: a lookback on the first year and the practice of the authority","datePublished":"2019-10-18T05:19:04+00:00","dateModified":"2019-10-18T05:19:52+00:00","mainEntityOfPage":{"@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/"},"wordCount":581,"image":{"@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#primaryimage"},"thumbnailUrl":"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg","keywords":["data controller","data protection","NAIH","privacy incident"],"articleSection":["Data protection (GDPR)"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/","url":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/","name":"GDPR: a lookback on the first year and the practice of the authority - Ill\u00e9s&N\u00e9meth Association of Lawyers","isPartOf":{"@id":"https:\/\/visegradlegal.hu\/#website"},"primaryImageOfPage":{"@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#primaryimage"},"image":{"@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#primaryimage"},"thumbnailUrl":"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg","datePublished":"2019-10-18T05:19:04+00:00","dateModified":"2019-10-18T05:19:52+00:00","author":{"@id":"https:\/\/visegradlegal.hu\/#\/schema\/person\/f0fef0ef3ec20308913ee1d909780958"},"description":"What are the authority\u2019s criteria for imposing fine since the GDPR being in effect? - The president of the NAIH gave insights in September at a conference.","breadcrumb":{"@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#primaryimage","url":"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg","contentUrl":"https:\/\/visegradlegal.hu\/wp-content\/uploads\/2019\/10\/europe-3220293_1920.jpg","width":1920,"height":1272,"caption":"practice of GDPR in Hungary"},{"@type":"BreadcrumbList","@id":"https:\/\/visegradlegal.hu\/en\/data-protection-gdpr\/gdpr-lookback-practice-of-the-authority\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/visegradlegal.hu\/"},{"@type":"ListItem","position":2,"name":"GDPR: a lookback on the first year and the practice of the authority"}]},{"@type":"WebSite","@id":"https:\/\/visegradlegal.hu\/#website","url":"https:\/\/visegradlegal.hu\/","name":"Ill\u00e9s&N\u00e9meth Association of Lawyers","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/visegradlegal.hu\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/visegradlegal.hu\/#\/schema\/person\/f0fef0ef3ec20308913ee1d909780958","name":"dr. Ill\u00e9s \u00c1d\u00e1m","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/347a905c0860aaf34650db19625beeb4cfc4347b5df0d66ef80381817b31b53c?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/347a905c0860aaf34650db19625beeb4cfc4347b5df0d66ef80381817b31b53c?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/347a905c0860aaf34650db19625beeb4cfc4347b5df0d66ef80381817b31b53c?s=96&r=g","caption":"dr. Ill\u00e9s \u00c1d\u00e1m"}}]}},"_links":{"self":[{"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/posts\/26537","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/comments?post=26537"}],"version-history":[{"count":0,"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/posts\/26537\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/media\/26523"}],"wp:attachment":[{"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/media?parent=26537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/categories?post=26537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/visegradlegal.hu\/en\/wp-json\/wp\/v2\/tags?post=26537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}