|Nemzeti Adatvédelmi és Információszabadság Hatóság|
|Name:||Nemzeti Adatvédelmi és Információszabadság Hatóság|
|Head:||Dr Attila Péterfalvi|
|Adress:||Szilágyi Erzsébet fasor 22/C
|Email:||email@example.com email: firstname.lastname@example.org|
|Phone:||+36 1 3911 400|
|Procedural Law:||Act CXII of 2011 on the right to informational self-determination and on the freedom of information
|Decision Database:||NAIH (HU)|
|Translated Decisions:||Category:NAIH (Hungary)|
|Budget:||1,131 billion HUF in 2019 (3,429 million EUR)|
The Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság) is the national Data Protection Authority for Hungary. It resides in Budapest and is in charge of enforcing GDPR in Hungary.
The National Authority for Data Protection and Freedom of Information (NAIH) is responsible for monitoring and promoting the enforcement of two fundamental rights: the right to the protection of personal data and the right to freedom of information (access to data of public interest and data accessible on public interest grounds), as well as for the promotion of the free movement of personal data within the European Union.
From the organisational perspective, the NAIH is an autonomous state administration body; it may not be instructed in its functions and shall operate independently of other bodies and of undue influence. The tasks of the NAIH may only be determined by an act of the Parliament.
The head of the NAIH is its president, appointed by the President of the Republic upon a proposal of the Prime Minister. The President of the NAIH is appointed for a term of nine years. After the termination of this mandate, the President may be reappointed on one more occasion. The President shall appoint a vice-president for an indefinite period to assist their work. The President shall exercise the employer’s rights over the public officials and the NAIH's employees.
Applicable Procedural Law
Based on constitutional provision, the Act CXII of 2011 on the right to informational self-determination and on the freedom of information (Data Protection Act), which entered into force on 1 January 2012, established the Authority and regulated its operation in detail.
The Act CXII of 2011 is comprehensive in scope, as it is applicable to all data processing operations undertaken in Hungary regardless of the public or private legal status of those performing such operations, including also law enforcement, national security and defense sectors, together with activities which relate to the data of a natural person, as well as data in the public interest and data made public on the grounds of being in the public interest.
The national Data Protection Act regulates certain procedural elements as a lex specialis for Act CL of 2016 on General Public Administration Procedures (Administrative Code) as a lex generalis.
Complaints Procedure under Art 77 GDPR
If the data subject considers that the processing of personal data relating to him infringes the GDPR, he can submit an application for commencing an administrative procedure for data protection. The application has to meet the substantive requirements prescribed by the Data Protection Act and the rules laid down in the Administrative Code.
Authority inquiries can also be initiated anonymously. The NAIH may dismiss such anonymous notifications without examining it on its merits, however, it is the consistent practice of the Authority, that it conducts the inquiry based on such notifications, unless it is not possible to investigate the infringement.
Ex Officio Procedures under Art 57 GDPR
An inquiry might be initiated not only on the basis of the complaint of the data subject or a third party different from the data subject or the data controller/processor, but also ex officio.
Appeals against the NAIH decision shall be submitted to the authority itself within thirty days of its communication. Only attorney at law can act at the court on behalf of the data subject.
In case of an appeal against the NAIH decision the Court of Budapest (Fővárosi Törvényszék) is the competent tribunal to act.
Any individual, who does not speak Hungarian may request the authority to assess his or her request in their native language or another intermediary language, in which their request is phrased, provided that the applicant agrees to advance and cover the costs of translation and interpretation
In 2018 there were 1205 inspections among which 827 cases were related to data protection, while 375 were related to freedom of information. NAIH publishes a report on its activities each year, by 31 March, and submits this report to the Parliament. The report which is available on the official page of the NAIH contains detailed statistics on the activity of the authority.
|EU/EEA Data Protection Authorities|
|Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland · France · Germany (Baden-Württemberg · Bavaria, private sector · Bavaria, public sector · Berlin · Brandenburg · Bremen · Hamburg · Hesse · Lower Saxony · Mecklenburg-Vorpommern · North Rhine-Westphalia · Rhineland-Palatinate · Saarland · Saxony · Saxony-Anhalt · Schleswig-Holstein · Thuringia ) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain · Sweden|
|Iceland · Liechtenstein · Norway||EDPS · EDPB|
|Non-EU/EEA Data Protection Authorities|