After four years of preparation, the General Data Protection Regulation (“GDPR”) was finally approved by the EU Parliament and will be applicable in all Member States two years after entering in force on 25 May 2018. The GDPR was designed to harmonize data protection laws across Europe and as a regulation, its provisions will be directly applicable, meaning that the Member States are not required to adopt implementing provisions.
In order to ensure the conformity with the GDPR, the Hungarian Ministry of Justice published a proposal on the amendment to the Hungarian Information Act on 29 August 2017. Since the substantive provisions of the GDPR will be automatically applicable due to its direct effect, the proposal mainly includes deregulatory, procedural and supplementary provisions to facilitate the application of GDPR.
The GDPR will introduce several changes in the field of data protection. As a significant modification, it will enhance the rights of the data subjects. The ‘right to be forgotten’ will entitle the data subject to have the data controller erase his/her personal data and cease further determination of the data. The conditions for deletion is that the data shall no longer be relevant to the original purpose for processing. Another new right of the data subject is the ‘right to data portability’. This means that the data subject shall have the right to receive the personal data concerning him or her which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Another change of the GDPR is the introduction of the data protection officers which will replace the current provisions of the Information Act on internal data protection officers. DPOs’ appointment will be mandatory in particular for those data controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subject on a large scale of data or of special data categories relating to criminal convictions and offences.
The changes in the proposal are expected to be approved by the end of 2017 in order to ensure enough time for the preparation.