Under Hungarian data protection laws, Binding Corporate Rules (BCR) were earlier completely omitted from the list of instruments guaranteeing adequate level of protection in the context of international data transfers.…
In our global and digital age, international transfers of personal data became an integral part of everyday life and same also gained significant importance in the Hungarian jurisdiction.
”Transfer” has been defined in the Hungarian Data Protection Act, the domestic implementation of the EU Privacy Directive 95/46/EC as “making data accessible to particular third parties other than the data subject, the data controller or the technical data processor”.
In compliance with the Directive, data transfer within the Member States of the European Economic Area is treated as a domestic data transfer in Hungary. Section 8 of the Hungarian Data Protection Act applies to such transfer which provision lays down that the consent of the data subject shall be obtained or a legislative act shall permit same.
The Data Protection Commissioner, the Hungarian Data Protection Authority has released several guidances (Guidance Nr 271/K/2007, Guidance Nr 295/K/2007 as well as Guidance Nr 652/K/2007) concerning the operation of whistleblowing systems, employee ethics hotlines in Hungary in the past.