Law: Act CXII of 2011 on the Right to Informational Self-determination and on the Freedom of Information, as amended by Act XXXVIII of 2018 (to implement the GDPR) (the Act) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

Regulator: National Authority for Data Protection and Freedom of Information (NAIH)

Summary: Hungary implemented the GDPR by amending the Act CXII of 2011 on the Right to Informational Self-determination and on the Freedom of Information, as amended by Act XXXVIII of 2018 (to implement the GDPR) (the Act) on July 26, 2018. The Act does not contain major derogations from the GDPR. Additionally, the Act is enforced by National Authority for Data Protection and Freedom of Information (NAIH) which is an active regulator that regularly publishes decisions, orders, and notices on data protection. NAIH has also issued several fines for violations of data subjects rights, and delayed breach notifications. Notably, the Hungarian Parliament has begun to harmonize sectoral laws with the GDPR, in particular focusing on employment, and direct marketing. Other specific jurisdictional issues are expected to be discussed in the upcoming amendment of sectoral laws.