Blog » 5 KEY CHANGES IN DATA PROTECTION IN HUNGARY FROM MAY 2019
5 KEY CHANGES IN DATA PROTECTION IN HUNGARY FROM MAY 2019
17 April 2019
It is not an April’s fool joke that almost one year after the GDPR entering into force, finally the Hungarian Parliament adopted the GDPR implementation act on 1st April. The act harmonizes various areas of the Hungarian legal system with the GDPR as it will amend more than 80 legal sources. In this short article we collected the 5 most important provisions of the implementation act.
1. Retention period of camera records
One of the most disputed provision of the current laws regarding camera surveillance is that, as a main rule, the records may only be stored until 3 working days. I saw in my GDPR Compliance projects that the clients often found this period too short. They felt that the aim of the camera surveillance cannot be fulfilled with such a short retention period.
I have good news for you: the implementation act repealed this 3 working days deadline. From now on it is the data controller who can decide for how long he retains the record.
Of course, this does not mean that you can keep the records as long as you wish. Indeed, you shall comply with the principle of storage limitation meaning that you can only keep the record until it is necessary for the purpose of the camera surveillance.
2. Register of access to camera records
As usual, more freedom means more responsibility. In this case, the downside of the possibility to establish longer retention period in relation with camera records is more administration.
This means that data controllers shall keep records of who viewed the camera records, what was the reason for it and when did it happen. The records may be in electronic form as well.
3. The prohibition of using company laptop for private purposes
The most heralded change of the implementation act is the explicit prohibition of the usage of company IT tools by the employees for private purposes.
Currently, the employers are free to decide whether they let employees use the IT tools for private purposes. If the employer does not specifically prohibit the private usage, employees can basically use their laptops for their own purposes.
This all changes with the implementation act: if the employer does not regulate the usage of company IT tools, based on the law, the employees may not use them for private purposes. If the employer wants to permit the private usage of laptops, this requires the specific agreement with the employee.
4. The possibility to request criminal records of the employee
After the GDPR entering into force, the legal environment was rather uncertain regarding the question whether the employer can request the extract of criminal records from the employees.
Certain experts claimed that in the lack of special provisions (eg. employment at an employer who cares for children) employers could not process criminal data of employees, thus they could not request criminal records. In February, the Data Protection Authority dealt with the question and was more generous.
The implementation act however ends the debate as it clearly set forth in which cases may the employer request the criminal records of employees. Based on that, the employer may establish conditions which exclude the employment (mainly the protection of his significant material interest. Then he can request the employee to show his criminal record so that he can control that no ground for refusal exists.
5. Retention period of employee files
I cheat a bit because it is not the Implementation Act which clarified the retention period of employee data but another act, however I think it is worth to share with you.
You may remember that it was not clear in Hungary for how long you shall store the employee records (eg. contracts) which may be the basis of the old age pension. Some claimed that these files cannot be scrapped at all, whiles others argued that a 50 / 30 years’ etc. retention period shall apply.
Now it has become clear that employers shall keep the employee records which may be the basis of old age pension until 5 years as of reaching of the pensionable age by the said employee.
The Implementation Act enters into force on 27th April 2019.
Hungary: Steps Towards Differentiating Between Domestic and International Procedural Public Policy
Drawing a well-defined line of demarcation between domestic and international public policy when enforcing foreign arbitral awards sends a clear pro-arbitration message from national courts in any jurisdiction. Does Hungarian case law come close to this level of sophistication? This post analyses this question in the context of procedural public policy, and it does so based on two recent appellate court decisions rendered in the context of enforcement of arbitral awards in accordance with the New York Convention.Read more »
EU ISSUED NEW GDPR STANDARD CONTRACTUAL CLAUSES – WHEN AND HOW TO USE THEM?
During summer 2021, the European Commission published two new "standard contractual clauses" on data protection regulation, which can be applied on the one hand, to the legal relationship between data controllers and data processors covered by the GDPR , and to the transfers of personal data to third countries, on the other. In this article, we answer the questions: what these SCCs regulate, how do they differ from the previous SCCs and how can your company use the new SCCs?Read more »
CAN THE NON-COMPETITION AGREEMENT BE VALID WITHOUT A PRECISE COMPENSATION IN HUNGARY?
The non-compete agreement may provide protection of the legitimate economic interests of the employer even after the termination of employment relationship. However, the Hungarian Labour Code lays down strict requirements for the agreement. In our article we analyse a recent decision of the Supreme Court about the importance of the precise determination of the compensation, so you as an employer can conclude a valid non-compete agreement.Read more »