National Authority for Data Protection and Freedom of Information, Hungary
- The legal ground for the protection of personal data in Hungary
- The legal position of the Data Protection Commissioner
- The legal rights of the Commissioner
1. The legal grounds for the data protection in Hungary
The National Authority for Data Protection and Freedom of Information is regulated by Act CXII of 2011, on Informational Self-determination and Freedom of Information, which was endorsed by the National Assembly on 11 July 2011. The Act is comprehensive in scope, and concerns all data control and data processing activities undertaken in Hungary.
2. The legal position of the Data Protection Commissioner
The National Authority for Data Protection and Freedom of Information may not according to the law be influenced by any kind of intervention. The decisions of the Authority may therefore not be bound by orders of any administrative body and shall take measures exclusively on the basis of the Fundamental Law and the national legal order. Although the appointment and removal of the head of the institution is determined by the decision of the President of the Republic, the mandate of the President of the Authority has a specific term of nine years. Thus, his/her term exceeds both the parliamentary and the governmental cycles. Moreover, he/she is prohibited from participation in any political party activity.
3. The legal rights of the Commissioner
National Authority is entitled to:
- order the correction of inauthentic personal data;
- order the blocking, deletion or destruction of illegally controlled personal data;
- prohibit the illegal control or processing of the personal data;
- prohibit the transfer of the personal data to other countries;
- order notification of the data subject, should the controller have unlawfully refused to do so;
- impose a fine ranging from 100,000 HUF to 10,000,000 HUF;
- order the disclosure of their decision in the interest of data protection or to protect the rights of a greater number of data subjects.
The Authority is entitled to launch an official data protection procedure if it is presumed that the illegal processing of personal data concerns a wide scope of persons; concerns special data, or significantly harms interests or results in the risk of damages. What is more, it registers data processing undertaken in respect to personal data in a data protection file or registry in order to facilitate access to information for the data subject. It is also authorised to launch a confidentiality review procedure, should, pursuant to information received, it may be presumed that national classified information has been illegally classified. Additionally, the Authority provides a data protection audit as a service to those entities that request it. This audit is designed to provide a high standard of data protection and security relating to data processing operations
H-1125 Budapest, Szilgyi Erzsbet fasor 22/C.
Telefon: +36 -1-391-1400