Blog » 5 KEY CHANGES IN DATA PROTECTION IN HUNGARY FROM MAY 2019
5 KEY CHANGES IN DATA PROTECTION IN HUNGARY FROM MAY 2019
17 April 2019
It is not an April’s fool joke that almost one year after the GDPR entering into force, finally the Hungarian Parliament adopted the GDPR implementation act on 1st April. The act harmonizes various areas of the Hungarian legal system with the GDPR as it will amend more than 80 legal sources. In this short article we collected the 5 most important provisions of the implementation act.
1. Retention period of camera records
One of the most disputed provision of the current laws regarding camera surveillance is that, as a main rule, the records may only be stored until 3 working days. I saw in my GDPR Compliance projects that the clients often found this period too short. They felt that the aim of the camera surveillance cannot be fulfilled with such a short retention period.
I have good news for you: the implementation act repealed this 3 working days deadline. From now on it is the data controller who can decide for how long he retains the record.
Of course, this does not mean that you can keep the records as long as you wish. Indeed, you shall comply with the principle of storage limitation meaning that you can only keep the record until it is necessary for the purpose of the camera surveillance.
2. Register of access to camera records
As usual, more freedom means more responsibility. In this case, the downside of the possibility to establish longer retention period in relation with camera records is more administration.
This means that data controllers shall keep records of who viewed the camera records, what was the reason for it and when did it happen. The records may be in electronic form as well.
3. The prohibition of using company laptop for private purposes
The most heralded change of the implementation act is the explicit prohibition of the usage of company IT tools by the employees for private purposes.
Currently, the employers are free to decide whether they let employees use the IT tools for private purposes. If the employer does not specifically prohibit the private usage, employees can basically use their laptops for their own purposes.
This all changes with the implementation act: if the employer does not regulate the usage of company IT tools, based on the law, the employees may not use them for private purposes. If the employer wants to permit the private usage of laptops, this requires the specific agreement with the employee.
4. The possibility to request criminal records of the employee
After the GDPR entering into force, the legal environment was rather uncertain regarding the question whether the employer can request the extract of criminal records from the employees.
Certain experts claimed that in the lack of special provisions (eg. employment at an employer who cares for children) employers could not process criminal data of employees, thus they could not request criminal records. In February, the Data Protection Authority dealt with the question and was more generous.
The implementation act however ends the debate as it clearly set forth in which cases may the employer request the criminal records of employees. Based on that, the employer may establish conditions which exclude the employment (mainly the protection of his significant material interest. Then he can request the employee to show his criminal record so that he can control that no ground for refusal exists.
5. Retention period of employee files
I cheat a bit because it is not the Implementation Act which clarified the retention period of employee data but another act, however I think it is worth to share with you.
You may remember that it was not clear in Hungary for how long you shall store the employee records (eg. contracts) which may be the basis of the old age pension. Some claimed that these files cannot be scrapped at all, whiles others argued that a 50 / 30 years’ etc. retention period shall apply.
Now it has become clear that employers shall keep the employee records which may be the basis of old age pension until 5 years as of reaching of the pensionable age by the said employee.
The Implementation Act enters into force on 27th April 2019.
CAN YOUR DEBTOR ESCAPE LIQUIDATION BY SETTING OFF CLAIMS IN HUNGARY?
The initiation of a liquidation procedure is an effective debt collection method, since the debtor may only avoid being liquidated by paying the claim if the conditions specified in the Act on Bankruptcy Proceedings and Liquidation (Bankruptcy Act) are met. For this reason, in the case of liquidation, one of the most common defences of the debtor is the reference to offsetting. But can the debtor refer to offsetting without limitation during liquidation? In our short article we answer this question.Read more »
SZIGET FESTIVAL FINED RECORD HUF 30 MILLION FOR GDPR BREACHES – WHAT WENT WRONG?
A few days prior to the first anniversary of the entry into force of the GDPR the Hungarian Data Protection Authority imposed the biggest data protection fine in Hungary so far. The target was the biggest Hungarian festival organizer company thanks to whom the public may enjoy the SZIGET, the VOLT or the Balaton Sound Festival. The Data Protection Authority reviewed the check-in system of the festival and the data processing in relation with the check-in. In our short article we summarize the mistakes the Authority identified.Read more »
CONSTRUCTION TRUSTEESHIP IN HUNGARY - GETTING PAID IN CONSTRUCTION PROJECTS AS SUBCONTRACTOR
Construction trusteeship, as mandatory collateral management of major private construction projects in Hungary, strives for protecting subcontractors against non-paying general contractor, by allowing direct payments from employer under certain conditions. How does it work in practice and what are the limits of subcontractor protection? We address these issues in this article.Read more »