Hungarian businesses have the “sword of Damocles” hanging over their head as the new European data protection regulation (“GDPR”) is applicable as of 25 May 2018. Due to the fact that the majority of the Hungarian companies are micro-enterprises, the administrative burdens cause an impossible obstacle to them.
The amount of the administrative fines may be up to EUR 10 million or, in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher. In case of a more series infringement of the provisions of the GDPR, the fines may be up to EUR 20 million, or for an undertaking, 4% of the total worldwide annual turnover of the preceding financial year.
According to an economic analyst, 54% of the Hungarian companies have fewer profit before taxes than the 2% of their annual turnover. In case of the application of the highest administrative fines, 61% of the Hungarian companies have fewer profit before taxes than the 4% of their annual turnover.
According to the Hungarian newspapers, the competent authorities do not intend to impede the operation of the Hungarian companies, rather to assure their GDPR compliance, and the gravity of the infringement will determine the amount of the administrative fines. In relation to small-and medium sized enterprises, the Prime Minister’s Office stated that the National Authority for Data Protection and Freedom of Information will not impose administrative fines for the Hungarian SME-s at the first place, but rather notices them. This is possible under the GDPR, since the Member States have the power to adopt a more customer-friendly approach to implement the regulation.
By Rita Parkanyi, Partner, KCG Partners Law Firm