Blog
Blog » THE 5 BIGGEST GDPR FAILS OF THE YEAR
THE 5 BIGGEST GDPR FAILS OF THE YEAR
17 December 2018
Have you ever experienced that if you deal with a topic excessively you start to see it everywhere? For me, it was clearly the GDPR that filtered into my private life. This gave me the idea to collect the GDPR “fails” of the year that me or my colleagues experienced. Of course, “our GDPR infringers” have not played as big as Facebook and his “little” buddies, but maybe our stories will show you how easy it is to slip on a banana peel when it comes to GDPR compliance.
Privacy policy – not so privately
My favourite story started with an e-mail from an e-shop informing me that they have updated their privacy policy because of the new European data protection legislation.
This was all well and good, I received so many of those that I could not even count. I opened the e-mail and the text said how much this company cares about my personal data and privacy and where I can read their new privacy policy.
With great calmness I almost closed the e-mail when I noticed that I was not the only one who received this e-mail. There were many more recipients and I could see their e-mail address and names just as they probably could see mine.
I really wanted to answer: Dear Sender, if you care so much about my privacy, next time please use the ‘bcc’ function.
Show me your teeth
I was on my regular visit by my dentist who always opens the x-ray about my denture to see if there is any change or extraordinary. This time, she requested her assistant to find my x-ray and project it.
One minute later the x-ray was projected, and my dentist started to examine me. I see some grimaces on her face, so I was rather worried what could have happened.
It turned out that the assistant opened the x-ray of a completely different person whose name is a bit similar to mine and happens to be not the favourite client of the tooth fairy.
As my dentist had a lot of instruments suitable to cause me real pain, I rather did not start to tell her about data breaches and the sanctity of health data.
Negative consent
I wanted to order some stuff from an e-shop and almost completed the ordering process when I found a GDPR-fail gem. There was a checkbox with the following text: I do not want to receive newsletters with latest offers and discounts.
Probably the e-shop has heard of it somewhere that it is a good practice to collect consent by using tick-boxes. Unfortunately, they did not know that inactivity (not ticking the box) will not be enough for an unambiguous consent.
I really wanted the stuff, so I ticked the box and ordered the product. Would you be surprised if I told you that I still receive newsletters form that e-shop?
I know what you eat
We often order food form a grocery store that offers home delivery service. I was actually in the middle of one of our GDPR projects, working from home when the deliverer showed up. He was bringing our ordered items and asked me whether he could put his papers on our kitchen table.
His papers, which contained the details of all his deliveries for that particular day, including the customers’ names, addresses, phone numbers.
As I wanted to be nice with him, I offered him the table and I was just wondering: my life is complicated, I work 24/7 with GDPR and I was just helping a poor guy to commit a data breach.
GDPR comes home
My colleague visited her friend living in a home association and noticed some funny stuff. On a bulletin board there was a short notice with the following text: With the GDPR entered into force in May 2018 nothing changes, the home association processed your personal data already in accordance with the relevant data protection laws and we keep doing so in the future.
Next to the notice, there was another one informing the public that some home owners have due debts towards the home association. The list contained the names and addresses of the debtors and the actual amount of their debts.
I bet you also sense some contradiction here.
-
HUNGARY – PERSONAL SCOPE EXTENSION OF JURISDICTION CLAUSE TO NON-SIGNATORY UNDER BRUSSELS IBIS
Does the principle of independence of the choice-of-court agreement require that parties shall expressly transfer the dispute resolution clause in case of transfer of the main contract? When can the personal scope of a jurisdiction agreement be extended to a non-signatory? A Hungarian appellate court decided upon these questions under the Brussels Ibis Regulation in a recent judgment
Read more » -
SETTING ASIDE ARBITRAL AWARDS IN HUNGARY
Given that there is no right of appeal in arbitration proceedings, it is important to be aware of what other legal remedies are available to you against an arbitral award. According to the Hungarian Arbitration Act, the parties may request the competent state court to set aside the award, which is a “mandatory” remedy, which cannot be waived by the parties in advance.
Read more » -
HOW TO PROTECT YOUR BRAND WITH TRADEMARK IN HUNGARY AND IN THE EU
Trademark protection is a very simple but effective method to protect your company’s brand, including the business name, logo, slogan, and much more. If you are doing business in the EU, you have multiple options to acquire trademark protection. In case you want to know more about trademarks than the ™ and ® symbols, this short article will surely pique your interest.
Read more »