Frequently Asked Questions

A GDPR vagy az általános adatvédelmi rendelet olyan harmonizált szabályrendszert hoz létre, amely az Európai Gazdasági Térségben (EGT) letelepedett szervezetek (állami vagy magánjogi szervezetek, méretüktől függetlenül) vagy az EU-ban magánszemélyeket célzó valamennyi személyesadat-kezelésre alkalmazandó. A GDPR elsődleges célja annak biztosítása, hogy a személyes adatok az EGT-ben mindenütt ugyanolyan magas szintű védelmet élvezzenek, növelve a jogbiztonságot mind az egyének, mind az adatokat kezelő szervezetek számára, és magas szintű védelmet nyújtva az egyének számára.

A rendelet 2016. május 24-én lépett hatályba, és 2018. május 25-től alkalmazandó.

Controllers should formally submit their EU-wide certification criteria to:

1. the competent data protection authority (DPA) in the EEA country where the scheme owners have their headquarters;
2. the competent data protection authority (DPA) in the EEA country where a certification body operating the certification mechanism have their headquarters, considering the member state in which the most certificates are likely to be issued.

Under the GDPR, certification is conducted by national certification bodies or by the competent national data protection authorities (Art. 42(5) GDPR).

For further information, we recommend contacting the relevant national DPA for your organisation. You can find a overview of all EEA DPAs here.

You can find further information regarding certification in the EDPB guidelines on the topic: Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation - version adopted after public consultation

Az Európai Adatvédelmi Testület rendszeresen közzétesz sajtóközleményeket, híreket, blogokat és egyéb tartalmakat a honlapján és közösségi média csatornáin (X: @EU_EDPB; LinkedIn: Európai Adatvédelmi Testület) hogy az adatvédelemmel foglalkozók és a lakosság naprakész tájékoztatást kapjon a munkájáról..

Az Európai Adatvédelmi Testület honlapján két RSS hírcsatorna is található, amelyekre feliratkozhat, hogy automatikusan értesüljön az EDPB híreiről és legújabb kiadványairól.

Unfortunately, the EDPB cannot consider late contributions as part of the public consultation.

Certification bodies are accredited by the national data protection authorities (DPA) or by the national accreditation body (named in accordance with Regulation 17065/2012). For further information regarding certification bodies, we recommend contacting the national DPA in your country. You can find an overview of all EEA DPAs here.

You can find further information regarding accreditation of certification bodies here: Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

We are constantly working on the translation of our documents into the official EU languages.
All static content, as well as press releases and documents officially adopted by the Board, such as Guidelines, will be made available in these languages.

This process takes time and various steps need to be completed in order to provide translations of the best quality.

Please note that documents undergoing public consultation are usually not translated. It is only after the public consultation has been concluded and a final version of the document has been adopted by the Board that these documents will be translated.

The GDPR puts in place clear procedures in case of a data breach. If a data breach poses a risk, companies and organisations holding your data have to inform the relevant data protection authority within 72 hours or without undue further delay. If the leak poses a high risk to you, then you must also be informed personally.

For more information on data breaches, please consult the EDPB Data Protection Guide for small business.

If you believe your data protection rights have been violated you can contact the organisation holding your data, contact your national data protection authority (DPA), or go to a national court.

DPAs can conduct investigations and impose sanctions where necessary. You can find the contact details for all EEA DPAs here.

All individuals residing in the European Economic Area (EEA) have the right to the protection of their personal data.

More specifically, under the GDPR, you have several rights

• Right to be informed
• Right of access
• Right to rectification
• Right to restriction of processing
• Right to data portability
• Right to object
• Right not be subject to a decision based solely on automated processing.

For more information on your rights, please consult our leaflet The GDPR and your rights or the EDPB Data Protection Guide for small business.