This past year brought significant privacy-related regulatory challenges to business operations. The pandemic situation and lockdown, the ever-rising number of data breaches, the invalidation of the EU-US Privacy Shield, and the challenges arising from the uncertainties of BREXIT have all tested compliance departments to the full.
Debt collection is among the enforcement priorities of the Hungarian Data Protection and Freedom of Information Authority (“Hungarian DPA”) since several years a significant proportion of the Hungarian DPA decisions and court cases involving the judicial supervision of the Hungarian DPA’s decisions relate to debt collection and the handling of debtors’ complaints. In the past years, the Hungarian DPA blacklisted several practices by debt collection agencies, and the Hungarian DPA confirmed that relative to the debt collection it is illegal if debt collectors contact any third parties (i.e. the debtors’ neighbours), process the debtors’ close relatives’ personal data, process the debtors’ health related personal data (i.e. sickness or other medical condition) and any other sensitive information relative to the debtors’ whereabouts (i.e. whether the debtor is imprisoned or in pre-trial detention) or collect personal data beyond the purposes that are strictly necessary for debt collection.