Data protection and freedom of information

Our data protection audits assess the adequacy of our clients’ personal data processing practices, identifying any deficiencies and deviations from established data protection law. On the basis of this, we make recommendations for the drafting of the necessary data protection policies and privacy notices and for the clarification of existing documents. We also offer detailed and practical advice on how to adapt certain operations that involve personal data processing to meet the needs of our clients as well as remain compliant with data protection requirements.

Concerning data protection compliance, to remedy the deficiencies identified during data protection audits or for client request, we participate in the preparation of data protection policies, privacy notices and balancing tests adapted to the existing practices of data controllers as well as in the clarification of existing documents, in the preparation of or commenting on data processing agreements and in impact assessments.

We help our clients deal with personal data matters that arise in the course of their day-to-day operations, with particular regard to personal data breaches, their notification to the NAIH and, where appropriate, the provision of information to data subjects. In addition, we assist in the proper fulfilment of record-keeping obligations required by the GDPR, as well as contribute to data protection training and awareness-raising of persons involved in data processing operations.

We carry out the tasks of our data protection officer service on the basis of an annual work plan, identifying the areas involving personal data processing that need monitoring and we report regularly on the implementation of the work plan. We constantly monitor statutory requirements and the legal practice of NAIH applicable to personal data processing, and we provide practical advice to our clients to help them fulfil such requirements. We review our clients’ internal data protection and data security policies, as well as their privacy notices, and monitor their practical implementation. We assist in dealing with enquiries relating to the exercising of the rights of data subjects, therefore, we help to investigate complaints and, where a complaint is justified, we advise on how to remedy it. We cooperate with the competent authorities and persons in the conduct of procedures relating to the lawfulness of data processing, including through prior consultation with the NAIH. We provide professional advice on specific data protection impact assessments and monitor the conducting of impact assessments as well.

In many cases, in addition to the general provisions of the GDPR and the Information Act, sectoral regulations also contain provisions on data protection, the complex interpretation and practical application of which require a thorough knowledge of the relevant field. In this respect, our expertise in data protection is also useful for institutions that operate in our specific areas of our expertise, such as healthcare, higher education, culture or media.

We also carry out legal tasks related to data protection in specific legal relationships such as workplace data processing arising from different forms of employment, processing of health data, as well as camera surveillance, website operation and web shop operation. In these areas, the requirement of lawful processing is enhanced by the large number of personal data and the special categories of personal data, which, if processed lawfully, can help avoid the sanctions applied by the NAIH, in particular the imposition of fines.

Furthermore we are constantly preparing to address the increased number of data protection matters and create appropriate data protection solutions resulting from the rapid development and mass use of artificial intelligence.

We provide continuous legal consultancy on legal issues related to the practical application of the freedom of information to entities and persons processing data of public interest or public data in the public interest, in particular to those performing public tasks, providing public services, managing or holding public funds, and to those contracting with the subsystems of the public finances. This involves assessing our clients’ freedom of information practices, identifying any shortcomings and making recommendations to establish practices into line with legal requirements. We support them in preparing and commenting on the necessary policies and informational notices, and in interpreting the publication and reporting obligations imposed by the legislation. We provide legal advice on professionally handling requests for access to data of public interest, and provide representation in litigation in connection with requests for data in the public interest.