Legal blog

Harmonisation of Hungarian information protection law with GDPR

2018-09-14 | Data Protection

Harmonisation of Hungarian information protection law with GDPR

In the past months, one of the most relevant news and legal topic has been that of data processing. And alas the regulation of data processing in Hungary has arrived to a new milestone on July 17th 2018, when the Hungarian Parliament adopted an amendment of Act 113 of 2011 on the Right of Informational Self-Determination and on the Freedom of Information („Info Act”). The amendment of the Info Act is supposed to implement the rules of the General Data Protection Regulation 2016/679 (April 27th 2016.) of the European Union.

The main purpose of GDPR and the amended Infoact is to provide relevant protection to the data of european citizens, by adopting new acts, rules and regulations regarding data protection. By harmonising the national and European laws, Hungary is fulfilling it’s duties arising from the country’s EU membership.

Before the GDPR came into force, there have not been any laws in Hungary that could thoroughly prepare the legal system for the implementation of the new regulation, but Info Act has been considered one of the strictest as per data processing in Europe. By adopting the new amendment, the Hungarian Parliament aims to solve the uneasiness and uncertainty resulting from the GDPR in force and the lack of proper local legislation to pair with.

Despite all the effort and the legal steps towards an effective data protection regulation, the legal basis of data protection in Hungary is still incomplete and difficult to oversee. Because of these reasons, a more thorough revision of the data protection laws is expected to follow the amendment, with the purpose of a better implementation of European standards. The lack of certainty concerning the legal basis of data protection creates a need for professional legal help regarding data controllers.

We have collected the most important changes in the amended Info Act:

  1. The supervisory authority regarding the compliance with GDPR is the Hungarian Data Protection and Freedom of Information Agency (locally: NAIH), with the exception of courts, over which the NAIH has no authority.

§ If the data controllers or data processors fail to comply with the law, the NAIH may fine the data controller or data processor for an amount of up to 20 million HUF.

  1. The data subject is entitled to bring private actions against the data controllers and data processors for violations. The data subject is entitled to make claims for any damages and also exemplary damages. The data controller or data processor may prove that they comply with the law.
  1. The scope and application of the Infoact has been substantially extended to better comply with GDPR. If the controller’s main establishment or place of business is located in Hungary, or if the processing operations relate to the offering of goods or services to data subjects located in Hungary, the infoact is applicable. The scope of the act is also extended to manual data processing.
  1. According to the new law, mandatory data processing must be settled by an act and no lesser legal source may suffice . The data controller must revise after 3 years and maintain any and all data for atleast 10 years.
  1. The amended Info Act aims to protect the data of deceased as well. The relatives of the deceased have the right to erasure and restriction on processing within five years of death. The age of consent applicable to a child’s consent regarding information society services is 16 years.
  1. Criminal records may only be processed with the data subject’s explicit consent or if the data processing is necessary for the exercise or defense of a legal claim. Health data may only be processed with the data subject’s explicit written consent.

In case of any doubt or questions in regards of the Hungarian data processing regulation, do not hesitate to contact our professional colleagues.

The future of the European data market – the Data Act

2022-04-05
The future of the European data market – the Data Act

In our increasingly data-driven world, there is an increasing urgency to create more consistent regulations. Emphasis is placed on the decentralization of the already centralized data market, and the exact purpose for which the data is used is not a side issue.

Read more

A long awaited change: 15% tax in Hungary on crypto gains

2021-05-15
A long awaited change: 15% tax in Hungary on crypto gains

The Hungarian government is planning to lower most of the tax burdens as a means of restarting the economy after the devastating effects of the corona virus. Part of the planned changes in taxation includes lowering the tax on incomes after cryptocurrency related activities. The new laws have not yet been accepted by Parliament, based on the current goals of the government however we can expect a welcome change in the taxation of crypto assets. We have summarized the most important expected changes below.

Read more

Harmonisation of Hungarian information protection law with GDPR

2018-09-14
Harmonisation of Hungarian information protection law with GDPR
In the past months, one of the most relevant news and legal topic has been that of data processing. And alas the regulation of data processing in Hungary has arrived to a new milestone on July 17th 2018, when the Hungarian Parliament adopted an amendment of Act 113 of...
Read more