Last review date: December 2024
Yes.
a) data localization / data residency laws that mandate retention of personal data or a copy thereof in the local jurisdiction (include whether copies or the original data may be also be stored outside of the jurisdiction):
Under Act CL of 2017 on the Rules of Taxation, originals of accounting documents and books and records, including records stored in electronic media, must be kept in a place registered with the Hungarian National Tax and Customs Administration ("NAV") for that period and extent specified in the registration notice. Documents may be taken to another place for the purpose of bookkeeping and processing for the duration required, but the original documents must be presented to the NAV within three working days at its request.
b) other laws that may require the retention and storage of personal data (including, for example, where such data is part of another type of record or dataset) in the local jurisdiction or otherwise prohibit the transfer or disclosure of the personal data outside of the local jurisdiction:
The following laws merit mention because the information and data they regulate may qualify as personal data of natural persons:
- Pursuant to Hungarian Act CLV of 2009 on the Protection of Classified Information, access to classified information may be granted only to individuals with a personnel security clearance having an acknowledgement of secrecy, with the rights of disposal defined in the user license. The user license grants the right for example to hold classified information, transfer it further outside an entity or organization, and authorizes access to classified information to foreign persons or foreign bodies.
- Pursuant to Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises, bank secrets must be kept secret without time limitation and may not be disclosed - except, as to bank secrets in the course of outsourcing as specified in the Act - without the consent of the owner of the secret.
- Pursuant to Act LXXXVIII of 2014 on the Business of Insurance, insurance secrets must be kept secret without time limitation and may not be disclosed - except, as to insurance secrets in the course of outsourcing as specified in the Act - without the consent of the owner of the secret.
- For Law Enforcement, National Security and Defense purposes, Act CVIII of 2001 on the Electronic Commerce and on Information Society Services ("E-Commerce Act") specifies the data retention period that applies to the application service providers of services featuring encrypted communication, where metadata in connection with transmissions and communications executed through such application is retained.
- For Law Enforcement, National Security and Defense purposes, Act C of 2003 on Electronic Communications ("Electronic Communications Act") contains specific mandatory requirements concerning permitted data retention purposes.
Last review date: December 2024
Obligation for public sector organizations to share or make accessible non-personal data
Any person or body performing statutory state or municipal government functions or performing other public duties provided for by the relevant legislation must allow free access to any person to the public information and information of public interest they have on file, under the provisions of the Information Act.