Blog » 5 KEY CHANGES IN DATA PROTECTION IN HUNGARY FROM MAY 2019
5 KEY CHANGES IN DATA PROTECTION IN HUNGARY FROM MAY 2019
17 April 2019
It is not an April’s fool joke that almost one year after the GDPR entering into force, finally the Hungarian Parliament adopted the GDPR implementation act on 1st April. The act harmonizes various areas of the Hungarian legal system with the GDPR as it will amend more than 80 legal sources. In this short article we collected the 5 most important provisions of the implementation act.
1. Retention period of camera records
One of the most disputed provision of the current laws regarding camera surveillance is that, as a main rule, the records may only be stored until 3 working days. I saw in my GDPR Compliance projects that the clients often found this period too short. They felt that the aim of the camera surveillance cannot be fulfilled with such a short retention period.
I have good news for you: the implementation act repealed this 3 working days deadline. From now on it is the data controller who can decide for how long he retains the record.
Of course, this does not mean that you can keep the records as long as you wish. Indeed, you shall comply with the principle of storage limitation meaning that you can only keep the record until it is necessary for the purpose of the camera surveillance.
2. Register of access to camera records
As usual, more freedom means more responsibility. In this case, the downside of the possibility to establish longer retention period in relation with camera records is more administration.
This means that data controllers shall keep records of who viewed the camera records, what was the reason for it and when did it happen. The records may be in electronic form as well.
3. The prohibition of using company laptop for private purposes
The most heralded change of the implementation act is the explicit prohibition of the usage of company IT tools by the employees for private purposes.
Currently, the employers are free to decide whether they let employees use the IT tools for private purposes. If the employer does not specifically prohibit the private usage, employees can basically use their laptops for their own purposes.
This all changes with the implementation act: if the employer does not regulate the usage of company IT tools, based on the law, the employees may not use them for private purposes. If the employer wants to permit the private usage of laptops, this requires the specific agreement with the employee.
4. The possibility to request criminal records of the employee
After the GDPR entering into force, the legal environment was rather uncertain regarding the question whether the employer can request the extract of criminal records from the employees.
Certain experts claimed that in the lack of special provisions (eg. employment at an employer who cares for children) employers could not process criminal data of employees, thus they could not request criminal records. In February, the Data Protection Authority dealt with the question and was more generous.
The implementation act however ends the debate as it clearly set forth in which cases may the employer request the criminal records of employees. Based on that, the employer may establish conditions which exclude the employment (mainly the protection of his significant material interest. Then he can request the employee to show his criminal record so that he can control that no ground for refusal exists.
5. Retention period of employee files
I cheat a bit because it is not the Implementation Act which clarified the retention period of employee data but another act, however I think it is worth to share with you.
You may remember that it was not clear in Hungary for how long you shall store the employee records (eg. contracts) which may be the basis of the old age pension. Some claimed that these files cannot be scrapped at all, whiles others argued that a 50 / 30 years’ etc. retention period shall apply.
Now it has become clear that employers shall keep the employee records which may be the basis of old age pension until 5 years as of reaching of the pensionable age by the said employee.
The Implementation Act enters into force on 27th April 2019.
CAN YOUR DEBTOR BE PUT IN PRISON FOR HIS DEBT IN HUNGARY?
You can hear a lot of stories where the debtor “escaped with the money”, the construction contractor “disappeared” or the debtor company’s assets have been hidden. Essentially, failure to pay is a breach of contract, which is subject to civil action, eg. litigation. However, if a transaction is suspected to be a scam, criminal proceedings may be brought against the defaulting debtor, for example, for fraud, which we examine in this article.Read more »
EU COURT RULED - STRENGHTENED CONSUMER PROTECTION IN CROSS BORDER DEBT RECOVERY
Can the unfairness of cross-border claim be reviewed ex officio in case of consumer contracts in such a simplified procedure, like the European order for payment procedure? In our article, we analyse the recent judgement of the Court of Justice of the European Union in the Bondora case and its possible effects on cross-border debt recovery, covering also the Hungarian legal regulations.Read more »
LAWFUL DISMISSAL IN HUNGARY - PART IV: TERMIANTION BASED ON EMPLOYER’S OPERATIONS
In the previous articles on the lawful dismissal, we explained dismissal for employee-related reasons. However, that is only half of the whole picture, because in many cases the employer dismisses employees for reasons of reorganization or redundancy. Justification must meet strict rules to be lawful in this case as well, the details of which we explore in this article based on case law of Hungarian labour courts.Read more »