Fri, Jul
60 New Articles

What Did the GDPR Bring Us?

What Did the GDPR Bring Us?

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

What did the GDPR bring us? “A lot of compliance work,” most clients would say, after months of tough and challenging work implementing the European Union’s new comprehensive data protection regulation. And in many cases that work is still unfinished. The prevalent view on the market is that the regulation is an artificial creation of another compliance requirement upon data controllers. But is it fair to say that the GDPR brought nothing but a very expensive compliance exercise?

We don’t think so. And these are the five most important reasons that we believe the application and implementation of the GDPR has added value to companies.

Business Process Review

A GDPR project, if it is done right, means a complete mapping of the company’s business processes. This is essential to identify all purposes for which personal data is processed, which is the precondition to being able to identify any gaps and compliance to-dos. The mapping exercise often identifies inactive and/or inefficient business processes, which can then be revised. Such reviews often reveal unused databases, which are ticking compliance bombs. Recently, the Danish company IDDesign was fined EUR 200,000 – among the largest fines imposed since the GDPR became applicable back in May 2018 – for retaining an unused customer database.

Cooperation Between Teams

The new “privacy by design” principle means that data protection aspects must be considered and built in the operations and products of companies. This principle requires different departments to cooperate from the start. For examples, the legal teams responsible for privacy must be involved even at the project planning phase to ensure compliance with data protection requirements. We have seen many good practices at clients, with the IT and marketing teams establishing/reinforcing cooperation channels with the legal department. Building in a requirement for different departments in the early stages of ensuring GDPR compliance is much more cost-effective in the long-term than doing the same in the final phase, when this might even be impossible. The GDPR has introduced and demands this good practice, which is likely to benefit not only the privacy governance channels.

Smart Law

The GDPR has incorporated many modern legal concepts developed by the privacy practice in the last few decades, such as effective transparency and freely-given consent. The preparation of GDPR documents requires more from lawyers than legal knowledge and some marketing, corporate communication, and technology skills. In modern data privacy, “paper-wall-like” notices are considered misleading to data subjects, and only straight to the point and clear documents are considered acceptable. These practices are expected to have impact other areas of the law as well, like consumer protection and contracts. Controllers are also encouraged by the GDPR to make the law visual (with privacy icons and infographics, for example) to enhance transparency, which can be a useful tool for communicating complex compliance setups to consumers.


The May 25, 2018 deadline for the application of the GDPR in all EU member states received an unprecedented amount of attention by the general public and, as a result, awareness of data privacy rights has significantly increased. Consumers are looking for GDPR-compliant services and products, especially if the core of the service is built on processing their personal data. Companies that can communicate GDPR compliance and readiness can build stronger relationships of trust with their customers and will continue to have a competitive edge on the EU market and in third countries.

Common Framework

While country-specific legislation maintained its importance after the 25th of May, 2018, the GDPR has more or less unified privacy legislation in the EU. Internal and external compliance teams are working with this common and “unified” legislation in dealing with the same (or very similar) challenges, which enables companies to use EU-level governance systems, solutions, and documents. Although compliance with local sector laws still need to be ensured, especially in connection with special categories of personal data, companies are usually able to use their GDPR solutions with minor modifications. Therefore, the cost of a GDPR audit and implementation (which can indeed sometimes be significant) can be reduced and/or split between jurisdictions where the same framework is applied. In addition, many significant non-EU jurisdictions like India, Thailand, Ukraine, and Serbia are adopting GDPR-inspired privacy laws, which could enable companies to use their compliance frameworks and know-how in other markets as well (and, of course, vice versa).

By Zsombor Orban, Head of Hungarian TMT, and Daniel Nagy, Junior Associate, Kinstellar Hungary

This Article was originally published in Issue 6.8 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Hungary Knowledge Partner

Nagy és Trócsányi was founded in 1991, turned into limited professional partnership (in Hungarian: ügyvédi iroda) in 1992, with the aim of offering sophisticated legal services. The firm continues to seek excellence in a comprehensive and modern practice, which spans international commercial and business law. 

The firm’s lawyers provide clients with advice and representation in an active, thoughtful and ethical manner, with a real understanding of clients‘ business needs and the markets in which they operate.

The firm is one of the largest home-grown independent law firms in Hungary. Currently Nagy és Trócsányi has 26 lawyers out of which there are 8 active partners. All partners are equity partners.

Nagy és Trócsányi is a legal entity and registered with the Budapest Bar Association. All lawyers of the Budapest office are either members of, or registered as clerks with, the Budapest Bar Association. Several of the firm’s lawyers are admitted attorneys or registered as legal consultants in New York.

The firm advises a broad range of clients, including numerous multinational corporations. 

Our activity focuses on the following practice areas: M&A, company law, litigation and dispute resolution, real estate law, banking and finance, project financing, insolvency and restructuring, venture capital investment, taxation, competition, utilities, energy, media and telecommunication.

Nagy és Trócsányi is the exclusive member firm in Hungary for Lex Mundi – the world’s leading network of independent law firms with in-depth experience in 100+countries worldwide.

The firm advises a broad range of clients, including numerous multinational corporations. Among our key clients are: OTP Bank, Sberbank, Erste Bank, Scania, KS ORKA, Mannvit, DAF Trucks, Booking.com, Museum of Fine Arts of Budapest, Hungarian Post Pte Ltd, Hiventures, Strabag, CPI Hungary, Givaudan, Marks & Spencer, CBA.

Firm's website.

Our Latest Issue