Under Article 35 (4) of regulation (EU) 2016/679 of the European Parliament and of the Council („GDPR”), the National Authority for Data Protection and Freedom of Information
(„NAIH”) established a list of the kind of processing operations which
are subject to the requirement for a data protection impact assessment („black list”).
Read more: Blacklist on Data Protection Impact Assessment (DPIA)
Six months have passed since May 25 when the General Data Protection Regulation (GDPR) became applicable. There are several rules in the GDPR that leave space for interpretation and implementation. Besides the general guidelines and opinions issued by the European Data Protection Board and the national data protection authorities – as Hungarian National Authority for Data Protection and Freedom of Information (NAIH) in Hungary –, decisions in individual cases can serve as compass in finding the right direction how the provisions of the GDPR are interpreted.
Read more: Developing case law under the GDPR