The Hungarian Parliament amended the Hungarian Data Protection Act in June 2018 in order to ensure the consistency of the Hungarian legislation with the provisions of the GDPR.
The amendment introduces new definitions, obligations and specification of the actual Hungarian data protection laws, such as the mandatory triennial revision of the data processing if the data processing is necessary for compliance with a legal obligation and the applicable law does not prescribe any mandatory revision. The amendment clarifies in addition the position and the role of the data protection officer, and specifies the right to an effective judicial remedy.
The majority of the amendments entered into force on 26 July 2018, however the provisions relating to the data protection authorisation process of the Hungarian Data Protection Authority (“NAIH”) enters into force on 25 August 2018.
EU regulations, such as GDPR, are directly applicable in the EU Member States and have direct effect, therefore, there is no need for a separate act to incorporate the provisions of the regulation to the national legal system. The principal aim of amendment is to ensure the conditions for implementing the provisions of GDPR, thus to elaborate the procedural rules necessary for applying the legal institutions defined in the GDPR and to define the material and procedural provisions applicable to data processing not subject to GDPR.
The amendment of the Hungarian Data Protection Act is the first step of the harmonisation of the Hungarian legislation to the provisions of the GDPR, however, the sectoral acts (such as the Hungarian Labour Code) still need to be amended in order to ensure their consistency with the GDPR.
By Rita Parkanyi, Partner, KCG Partners Law Firm