We have again, taken home the prestigious Wolters Kluwer legal award!

“Following our win in 2018, in the end of 2019 our privacy team stood again proudly on the podium to receive the award “Data protection team of the year”.

“With the creation of our health industry specific products Multidoki and Doki, our goal was to put a fast, affordable and professional GDPR compliance tool in the hands of physicians,” Andrea Belényi said at the awards ceremony.

Apart from Andrea, Endre Várady and Eszter Kata Tamás participated in the award ceremony. The award has adorned the meeting room of our office ever since, reminding the team at VJT & Partners that hard work always pays off.

Jogászdíjak 2018-2019

The reliability of our privacy team is second to none!

The Legal 500 publication, which introduces and ranks law firms, has now rated firms in the field of Data Protection for the first time in 2020, and we were immediately ranked among the bests. We managed to gain this prestigious position as the only independent Hungarian law firm in the line of international firms.

The publication highlights that VJT & Partners’ expertise is coupled with excellent teamwork. Our colleagues from junior to senior work together extremely effectively. The team is led jointly by Endre Várady, who was called committed, very informed and punctual by our clients, and János Tamás Varga, who is a strategic thinker with a business approach, with extensive experience in the technology industry. Our data protection guru, Endre Várady, was recommended immediately among the ‘Leading Individuals’ by the publication, which is the highest recognition in the category of Data Protection. Our customers have stated that we provide a super-efficient service and the reliability of our privacy team is second to none!

The reliability of our privacy team is second to none!

Data is the new power

The world has entered a new era of technology, where machines are capable of doing everything. Companies collect data about us on an unprecedented scale: who buys what and where, what food they eat, where they go to have fun? The amount of collected information is practically endless.

The most burning issue today is to rationalize data collection and find an adequate balance between privacy rights and business needs.

On one hand, as individuals, we must be very wary about where and to whom we provide our information and what we allow them to do with it. Often we even do not realize that our data is processed.

On the other hand, as businesses, we face extraordinary challenges. Data protection regulation (GDPR) requires a new way of thinking. Could you imagine the life of companies without accounting? Surely not. Accountants must record each tiny financial detail to demonstrate compliance with accounting/tax rules. Data protection represents a similar administrative burden. It is a form of a new digital accounting.

How to coordinate privacy concerns with business needs? For sure, this presents a challenging task which requires expertise in data protection law.

Data protection is a young and dynamic law, and we have dove into the midst of this challenging area since its infancy. For many years now, we have been building our experience and helping our clients to meet these challenges.


From review of actual processes to GDPR compliance

“During our GDPR audits the most important thing is to create a good working relationship with the client,”

Said by Endre Várady, our lead data protection expert, who has assisted many clients in their GDPR compliance path. He knows the pitfalls. He knows what is needed to put a project on the right track to insure the process is simple and fast with the best results. But according to Endre the bottom line is always to build and maintain a good client relationship.

“GDPR compliance starts with review of actual data processes – this is facilitated most by a good client relationship. The more questions we ask the more complete the audit is – many times issues that seem irrelevant to the client may be significant to an expert, so the more natural the communication is, the better the results are.”


What happens until a company reaches the required state of GDPR compliance?

Review of actual processes

In this phase we identify the internal processes of the company via questionnaires and interviews to understand how the company processes their data. We help the client to systematize its unstructured data portfolios.

Preparation of the report

In the second phase we identify the gaps and together with the client we modify the processes or create new ones.


In the last phase, we create all the necessary internal GDPR compliant documentation and we discuss what we can do in the future to maintain the achieved compliance.



A few important concepts:

Data localization

GDPR applies not just to structured data (such as CRM data), but also unstructured data (such as data in e-mails, PDFs, Excel tables, printed documents, etc). According to the statistics on average 70% of the total data at companies is unstructured. As the unstructured data usually has no purpose, they breach purpose limitation and present a significant privacy risk.

Bottom line - Find the hidden data


A new administrational burden appears in the form of ‘digital accounting’. Companies must record each single data flow to demonstrate that their processes are lawful. Obviously, the first step is to have the right processes for this purpose. If a company records processes that go against the law, it will only reveal its own lack of compliance.

Bottom line - It is not enough to be lawful, but companies must prove it.

Privacy by design

Data is known as the new oil. Prior to the start of oil extraction, an environmental impact assessment and preliminary analyses must be carried out under strict rules. Data management must meet similar processes. If a company wants to implement a new database software, the company must carry out an assessment of the potential data protection issues and fix them prior to implementation.

Bottomline - Always plan the data flows well in advance.

Privacy by default

Companies must integrate in their processes that only data strictly necessary for each specific purpose are processed by default. For example, for sending online newsletters, companies should not require phone numbers. Moreover, the data minimization must also be extended to access levels. Example: the payroll department should not have access to data which should be processed solely by the recruitment team.

Bottomline - Only data that is needed, and only for those who need it.

We are privacy and GDPR experts

We are experienced data protection lawyers

We are dealing intensively with privacy and have helped many of our clients to meet privacy challenges over the past 20 years.

We are up to date

We are constantly following European data protection practices and incorporating them into our advice to our clients.

We are excellent cooperative partners

Contact us with privacy questions!

János Tamás Varga

managing partner

“Today most companies see GDPR as a threat. VJT’s GDPR compliance project addresses the threat and provides our customers with a full scope solution."


Endre Várady


„GDPR maze needs a clear roadmap with an inspiring leader."


Andrea Belényi


„From May 2018, EU data protection faces huge challenges, but our office remains a fixed point in the storm.”


Do you have any questions about GDPR?

Publications - Data Protection

New GDPR challenges in Hungarian employment

Endre Várady

June 2019

The Hungarian GDPR implementation package – amending 86 sectoral laws – has brought important changes in the workplace environment. Many of the new rules may present hardships for employers, as changes will be forced upon deeply rooted traditions. The stakes are high as the employee has got a powerful tool in his hand, both in front of the data protection authority and the labour court. Companies therefore are highly advised to check their data processing practices in the employment context.