🇭🇺General Data Protection Regulation in Hungary
A comprehensive guide to General Data Protection Regulation compliance for organisations operating in Hungary. Understand local enforcement, the national data protection authority, key focus areas, and notable enforcement actions.
About General Data Protection Regulation
The EU's landmark data protection law that governs how organisations collect, store, process, and transfer personal data of individuals in the European Economic Area.
General Data Protection Regulation Enforcement in Hungary
Hungary's NAIH oversees both data protection and freedom of information, reflecting the dual mandate common in central European DPAs. Hungary implemented the GDPR through Act CXII of 2011 on Informational Self-Determination and Freedom of Information (as amended). The NAIH has been active in enforcing data breach notification obligations, direct marketing compliance, and workplace data protection. Hungary has been scrutinised by the EU regarding the independence of its DPA, with the CJEU ruling in 2014 that Hungary violated EU law by prematurely terminating the previous data protection commissioner's mandate. The NAIH has since worked to assert its independence and increase enforcement activity. Hungary sets the age of digital consent at 16.
Data Protection Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Key Enforcement Focus Areas in Hungary
- Workplace data protection and employee monitoring
- Data breach notification enforcement
- Direct marketing compliance
- Freedom of information and transparency
- Telecommunications sector data processing
Notable Enforcement Actions in Hungary
Yettel Hungary (formerly Telenor)
Processing customer data for profiling and targeted marketing without adequate consent
Digi Távközlési és Szolgáltató Kft.
Data breach exposing personal data of hundreds of thousands of customers from an unprotected database
Magyar Telekom Nyrt.
Excessive data retention and failure to delete customer data after contract termination
Budapest Bank Zrt.
Failure to properly implement data subject access request procedures within GDPR timelines
Check Your Compliance Status
Take our free assessment to evaluate your organisation's compliance posture. Get a personalised report with actionable recommendations in minutes — no sign-up required.
Start Free AssessmentDisclaimer: The information on this page is for educational purposes and does not constitute legal advice. For specific compliance guidance, consult a qualified legal professional in your jurisdiction.
Other Regulations Affecting Hungary
Network and Information Security Directive (NIS2)
The updated EU cybersecurity directive that expands security requirements to a broader range of sectors and imposes stricter obligations on essential and important entities.
Digital Operational Resilience Act (DORA)
The EU regulation establishing a comprehensive framework for digital operational resilience in the financial sector, covering ICT risk management, incident reporting, testing, and third-party risk.
EU Artificial Intelligence Act (AI Act)
The world's first comprehensive AI regulation, establishing a risk-based framework for the development, deployment, and use of artificial intelligence systems within the EU.
ePrivacy Directive (2002/58/EC)
The EU directive governing privacy in electronic communications, covering cookies, direct marketing, traffic data, and the confidentiality of communications — often called the "Cookie Law".