Search Filters

Advanced Search

Country: Exclude international

Area of Law

Sector:

Language:

Date from: Date to:

Hungarian DPA's position on proper breach management and the DPO's role

Hungary

27/07/2018

Download PDF

In a case involving the investigation of a personal data breach, Hungary’s Data Protection Authority (NAIH) further clarified its position on personal data breach management.

In the given case, an employee of a repairing service provider accidentally downloaded personal data from a client’s device. The repairing service provider argued that even if its employee failed to act in line with the internal procedures, he neither made the data public nor transferred to any third party; therefore no personal data breach took place. NAIH ruled that the service provider’s unlawful access to personal data was indeed a personal data breach and the company failed to record it in its mandatory internal records on personal data breaches. In addition, the company failed to comply with the applicable data security provisions because its employee had the right to copy the customer’s personal data, store them for months, and accidentally copy them to a third party device.

NAIH also highlighted that, as part of accountability, companies shall develop internal personal data breach detection procedures, they shall prepare for the actual breach management and shall regularly review and test such procedures.

NAIH warned the internal data protection officer (DPO) of the company as well because the DPO's internal communication was not specific enough (e.g. it did not suggest specific security measures to prevent similar cases in the future). In its resolution, NAIH also ordered the company to establish its internal communication in a way that employees advise the DPO of personal data breaches in due time, and NAIH also asked the company to send its updated internal procedures, instructions, training materials and employee notices to the authority for review.

Companies should revise their data breach management procedures and their DPO’s role in accordance with NAIH’s position.

For more information, please contact us.

Search Filters

Advanced Search

Country: Exclude international

Area of Law

Sector:

Language:

Date from: Date to:

Key contacts

Dóra Petrányi

Partner CEE Managing Director, Co-Head of the Technology, Media and Communications Group Budapest

tel://+3614834820

Márton Domokos

Co-ordinator of the CEE Data Protection Practice, CMNO Budapest

tel://+3614834824

How to bookmark a page on iPhone

How to bookmark a page on Android

How to bookmark a page on Windows

How to bookmark a page on Blackberry

Search Filters

Jurisdiction / Region

Sectors

Our Expertise

Hungarian DPA's position on proper breach management and the DPO's role

Search Filters

Key contacts

Dóra Petrányi

Márton Domokos

How to bookmark a page on iPhone

How to bookmark a page on Android

How to bookmark a page on Windows

How to bookmark a page on Blackberry

Search Filters

Jurisdiction / Region

Sectors

Our Expertise

Hungarian DPA's position on proper breach management and the DPO's role

Search Filters

Key contacts

Dóra Petrányi

Márton Domokos

Related content

Hungary’s amended ESG Act to enter into force on 25 April 2024

Parliamentary proceedings begin to create the Independent Administrative Authority for the Defence of Financial Customers

CMS Banking Disputes Report 2024