Attila Péterfalvi, the president of the Hungarian Data Protection Authority, on 19 April 2018 made some relevant comments regarding the GDPR during an interview with a Hungarian online newspaper “Jogifórum”. He highlighted that one of the main novelties of the GDPR is the principle of accountability. The data controllers must be able to demonstrate their GDPR compliance in a documented way. This does not mean, however, that the burden of proof is on them in case of a NAIH procedure.
The president noted that following the formation of the newly elected Hungarian Government in May 2018, the Hungarian Parliament has less than a month to implement the necessary national legislation until 25 May 2018, i.e. the start of the GDPR. Mr. Péterfalvi sees the biggest risk factor in the SME sector. According to his experience, multinational companies are in a much more advanced level with their GDPR preparation procedure and they have the necessary resources for the compliance. He also mentioned that the personal data breach notification management system goes live on 25 May 2018 and the data protection officers (DPOs) must have relevant knowledge on IT security matters besides legal knowledge.