Blog » 5 KEY CHANGES IN DATA PROTECTION IN HUNGARY FROM MAY 2019
5 KEY CHANGES IN DATA PROTECTION IN HUNGARY FROM MAY 2019
17 April 2019
It is not an April’s fool joke that almost one year after the GDPR entering into force, finally the Hungarian Parliament adopted the GDPR implementation act on 1st April. The act harmonizes various areas of the Hungarian legal system with the GDPR as it will amend more than 80 legal sources. In this short article we collected the 5 most important provisions of the implementation act.
1. Retention period of camera records
One of the most disputed provision of the current laws regarding camera surveillance is that, as a main rule, the records may only be stored until 3 working days. I saw in my GDPR Compliance projects that the clients often found this period too short. They felt that the aim of the camera surveillance cannot be fulfilled with such a short retention period.
I have good news for you: the implementation act repealed this 3 working days deadline. From now on it is the data controller who can decide for how long he retains the record.
Of course, this does not mean that you can keep the records as long as you wish. Indeed, you shall comply with the principle of storage limitation meaning that you can only keep the record until it is necessary for the purpose of the camera surveillance.
2. Register of access to camera records
As usual, more freedom means more responsibility. In this case, the downside of the possibility to establish longer retention period in relation with camera records is more administration.
This means that data controllers shall keep records of who viewed the camera records, what was the reason for it and when did it happen. The records may be in electronic form as well.
3. The prohibition of using company laptop for private purposes
The most heralded change of the implementation act is the explicit prohibition of the usage of company IT tools by the employees for private purposes.
Currently, the employers are free to decide whether they let employees use the IT tools for private purposes. If the employer does not specifically prohibit the private usage, employees can basically use their laptops for their own purposes.
This all changes with the implementation act: if the employer does not regulate the usage of company IT tools, based on the law, the employees may not use them for private purposes. If the employer wants to permit the private usage of laptops, this requires the specific agreement with the employee.
4. The possibility to request criminal records of the employee
After the GDPR entering into force, the legal environment was rather uncertain regarding the question whether the employer can request the extract of criminal records from the employees.
Certain experts claimed that in the lack of special provisions (eg. employment at an employer who cares for children) employers could not process criminal data of employees, thus they could not request criminal records. In February, the Data Protection Authority dealt with the question and was more generous.
The implementation act however ends the debate as it clearly set forth in which cases may the employer request the criminal records of employees. Based on that, the employer may establish conditions which exclude the employment (mainly the protection of his significant material interest. Then he can request the employee to show his criminal record so that he can control that no ground for refusal exists.
5. Retention period of employee files
I cheat a bit because it is not the Implementation Act which clarified the retention period of employee data but another act, however I think it is worth to share with you.
You may remember that it was not clear in Hungary for how long you shall store the employee records (eg. contracts) which may be the basis of the old age pension. Some claimed that these files cannot be scrapped at all, whiles others argued that a 50 / 30 years’ etc. retention period shall apply.
Now it has become clear that employers shall keep the employee records which may be the basis of old age pension until 5 years as of reaching of the pensionable age by the said employee.
The Implementation Act enters into force on 27th April 2019.
CAN THE EMPLOYER EXPAND THE EMPLOYEES’ DUTIES WITHOUT CHANGING THE JOB DESCRIPTION IN HUNGARY?
The position and tasks of the employee are one of the key elements of the employment contract and are typically recorded in the job description. It is often a matter of dispute between the parties whether the employer can unilaterally modify the job description at all, and if so, to what extent. In a recent court decision, a Hungarian appellate court addressed the above question in a situation where the employer supplemented the employee's tasks with new tasks similar to his existing tasks. In this article, we analyse the recent decision on this matter.Read more »
CAN A HARSH FACEBOOK COMMENT BE A LAWFUL GROUND FOR DISMISSAL IN HUNGARY?
Social media platforms significantly changed the ways how people express their opinions: sharing views became easier than ever. On the one hand, this is positive, but on the other hand, it is also dangerous in the employment context, as the employee's opinion may be prejudicial to the employer's interests. A recent decision of the Hungarian Supreme Court gives answer to the question whether the employer can dismiss the employee for expressing his opinion on Facebook.Read more »
NEW EU – US DATA PRIVACY FRAMEWORK - SIMPLIFIED DATA TRANSFER TO THE US
With the Schrems II judgment, which invalidated the Privacy Shield, the CJEU (Court of Justice of the European Union) make it more difficult to comply with the GDPR for companies transferring personal data from the EU to the US. However, the new EU-US Data Privacy Framework (or “Framework”) adopted on 10 July aims to put an end to this situation. But how does the Framework make data transfers between the EU and US easier? In this short article, we explain the basics of the new Framework and answer the above question.Read more »