What is GDPR?

GDPR stands for the new EU General Data Protection Regulation. This entered into force in all Member States of the European Union on 25 May 2018, harmonising the data protection provisions across the EU. (However, the legislation of individual Member States also needs to be monitored as certain issues continue to fall within the competence of the Member States).

What are the main purposes of GDPR?

Ensuring an appropriate level of security and protection of personal data;
granting additional rights to natural persons (a higher degree of disposition over their personal data);
ensuring the transparency of the processing and use of personal data;
prescribing additional obligations for businesses (security and compliance measures to ensure data protection).

The existing Hungarian legislation may also provide for data processing and data protection requirements, and therefore, in some cases, GDPR does not bring any substantive changes.

Do SMEs fall under GDPR?

Yes, similarly to the current rules that apply to all controllers and processors, GDPR applies to any company that, for example, processes the personal data of natural persons in a registration system (even if the provider is not established in the EU but its services are also available to individuals established in the EU). Therefore, a company will be subject to GDPR, as a controller, even if it has only a single employee. This is even truer if you, for example, receive job applications, enter into contracts, operate a website (or perhaps a webshop), use payroll or accounting services and so on.