We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Hungary adopts binding corporate rules

17 August 2015

In October 2015, when changes are implemented to the Hungarian Data Protection Act, amongst other things, Binding Corporate Rules (BCRs) will be enforceable as a mechanism for global data transfers provided that the BCRs are approved by the DPA upon payment of a fee and upon detailed disclosure of the data controller, purposes for processing data and all other usual aspects of a BCR application.

In addition to the BCR changes to the Hungarian Data Protection Act, there will also be a requirement for data breaches to be held in a breach register by the data controller that has suffered the incident.

The breach register should detail the scope of personal data affected by the breach, the type of individuals and number of individuals involved, the date and time of the incident, the circumstances of the incident, the likely impact of the breach on individuals and the measures applied to prevent a similar incident in the future.

The breach register will be investigable by the Data Protection Authority who now has stronger powers to enforce compliance under changes to the Data Protection Act with an ability to impose a maximum fine of up to the equivalent of 70,000 US dollars.

This article was written by Robert Bond. For more information please contact Robert on +44 (0)20 7427 6660 or at robert.bond@crsblaw.com.