Support Centre

Hungary

Summary

Law: Act CXII of 2011 on the Right to Informational Self-determination and on the Freedom of Information, as amended by Act XXXVIII of 2018 (to implement the GDPR) (the Act) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

Regulator: National Authority for Data Protection and Freedom of Information (NAIH)

Summary: Hungary implemented the GDPR by amending the Act CXII of 2011 on the Right to Informational Self-determination and on the Freedom of Information, as amended by Act XXXVIII of 2018 (to implement the GDPR) (the Act) on July 26, 2018. The Act does not contain major derogations from the GDPR. Additionally, the Act is enforced by National Authority for Data Protection and Freedom of Information (NAIH) which is an active regulator that regularly publishes decisions, orders, and notices on data protection. NAIH has also issued several fines for violations of data subjects rights, and delayed breach notifications. Notably, the Hungarian Parliament has begun to harmonize sectoral laws with the GDPR, in particular focusing on employment, and direct marketing. Other specific jurisdictional issues are expected to be discussed in the upcoming amendment of sectoral laws.

Insights

Article 37 of the General Data Protection Regulation (GDPR) obliges data controllers and processors to designate a data protection officer (DPO). As part of this obligation, data controllers and processors are also required to publish the contact details of the DPO and to communicate the DPO's contact details to relevant supervisory authorities. In part one of this Insight series, OneTrust DataGuidance focuses on the requirement to communicate DPO contact details to the relevant supervisory authorities, providing an overview of the rules and guidelines for DPO contact registration across Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.