GDPR: High Season for Preparation
- December 05, 2017
The following article will also be published in the December issue of the BBJ and Journal.
A recent survey by AmCham found that 78.7% of its members believe that the core business of their companies
Dr. Gábor Orosz, chairman of AmCham’s Regulatory Committee highlighted in his opening remarks that B2B challenges are often ignored because the focus tends to be on consumers in terms of data issues. “However, a large number of the members of our organization act in the B2B sphere, so this aspect must be borne in mind as well,” he said.
Additionally, data flow between U.S. and Hungarian companies is key, so it is a matter of competitiveness whether data can be transmitted freely across borders. “The adjustment of relevant laws is therefore absolutely imperative so that local companies won’t lag behind in the global competition,” concluded Orosz. Data protection reform reaches well beyond the scope of the GDPR, though, warned Dr. Attila Péterfalvi, President of the National Authority for Data Protection and Freedom of Information (NAIH) in his keynote speech. As a matter of fact, even if GDPR is the main pillar of the newly established regime, there are also changes in the sphere of criminal law to consider. “The ultimate goal here is to respond to digital development and set up a uniform regime of legal protection across the European Union,” said Péterfalvi.
Mark the Date
He further emphasized that the period
Another novelty is the possibility to issue a code of conduct, which will serve as a substantial tool based on self-regulation to ensure enforcement of compliance. However, it remains to be seen to what extent it will be bent to the needs of different industries, the expert added.
Simultaneously, the main guiding principles of the legislation are the protection of natural persons, free flow of personal data and cooperation between authorities. Whilst the powers of those authorities will change partially and be expanded, the European Data Protection Board and the European Court of Justice will assume a crucial role in dispute settlement, and their opinions will also contribute to establishing a uniform case law.
Péterfalvi also stressed the importance of having standardized penalties across the EU. “The idea is not to impose maximum penalties of billions of forints, though,” he noted. “NAIH will continue to function as a service providing authority.”
An extended data breach incident reporting obligation will be introduced under the new regime, where the foreseen self-reporting obligation might cause some concern. “In this respect, a climate of mutual confidence will be important,” noted Péterfalvi. It was also pointed out that all parts of an entity processing data should be made aware of the importance of incidents; such matters cannot be treated as issues that concern only the legal department.
The direct applicability of the GDPR is only one of many legal obligations the Hungarian legal system must fulfill, Deputy State Secretary of the Ministry of Justice Dr. László Péter Salgó highlighted. Apart from that, the relevant EU Directive 2016/680 on the criminal law implications of the regime must be transposed as well.
In this regard, Act CXII of 2011 on the right to information self-determination and freedom of information, colloquially referred to as the “Info Act”, bears significance; apart from the directly applicable GDPR, it is the Info Act that will need to be invoked, in particular with regard to criminal law-related data processing issues.Unfortunately, the long-awaited guidelines from
“NAIH will provide information on its website as soon as possible.”
Drafting a legal commentary can also get started only after the relevant bill has been tabled for
GDPR Speed dating
The event also provided a unique opportunity to meet GDPR solution-providers during speed dating sessions. Participants could meet the following experts:
- Dangers of visual theft - 3M Hungary: Róbert Engi and Skrla Olessia
- What a good GDPR project? - CMS Attorneys at Law: Dr. Dóra Petrányi and Dr. Márton Domokos
- Practical data protection audit and education - Szecskay Attorneys at Law: Dr. Zoltán Kovács
- Technological solutions for GDPR - VirtDB: András Czermák