What is the GDPR about?

GDPR = the abbreviation for "General Data Protection Regulation"

The full title of the Regulation:
"Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)".

As of 25 May 2018, the GDPR has been directly applicable in every EU Member State, which unifies the data processing rules in all EU Member States overriding national legislations. In addition, the effective Hungarian data protection legislation: Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Act on Privacy) will continue to apply as modified.

The application of the GDPR is irrespective of the number of individuals employed by an enterprise, therefore the GDPR does not only affect large companies and public institutions, but every private individual or enterprise that processes personal data, whether it is an individual entrepreneur or a small- or medium-sized enterprise (SME).

Every organization must implement the provisions of the GDPR in addition to domestic legislation (Act on Privacy, Labour Code etc.). Therefore, current processes and procedures should be reviewed in every area (sales, marketing, finance, logistics, IT, procurement, HR, law etc.) and restructured as necessary.

The Data Protection Officer (DPO) assists the data controller or data processor in monitoring internal compliance with the GDPR. Appointing a DPO is not always justified, however, in many cases it is unavoidable (it is mandatory, for example, in the case of health institutions, public administration bodies, telecommunications companies, financial organizations etc.).

Sanction system of the GDPR: by default, a fine of maximum EUR 10 million can be imposed, or in case of enterprises, up to 2% of the total worldwide turnover of the enterprise in the preceding year. In more severe cases the fine can amount to EUR 20 million or 4% of the turnover.