NAIH (Hungary)

From GDPRhub
Nemzeti Adatvédelmi és Információszabadság Hatóság
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Abbreviation : NAIH
Jurisdiction: Hungary
Head: Dr Attila Péterfalvi
Deputy: n/a
Adress: Szilágyi Erzsébet fasor 22/C

H-1125 Budapest


Email: email:
Phone: +36 1 3911 400
Twitter: n/a
Procedural Law: Act CXII of 2011 on the right to informational self-determination and on the freedom of information

Act CL of 2016 on General Public Administration Procedures

Act I of 2017 on the Code of Administrative Litigation

Decision Database: NAIH (HU)
Translated Decisions: Category:NAIH (Hungary)
Head Count: 114
Budget: 1,131 billion HUF in 2019 (3,429 million EUR)

The Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság) is the national Data Protection Authority for Hungary. It resides in Budapest and is in charge of enforcing GDPR in Hungary.

The National Authority for Data Protection and Freedom of Information (NAIH) is responsible for monitoring and promoting the enforcement of two fundamental rights: the right to the protection of personal data and the right to freedom of information (access to data of public interest and data accessible on public interest grounds), as well as for the promotion of the free movement of personal data within the European Union.

Structure[edit | edit source]

From the organisational perspective, the NAIH is an autonomous state administration body; it may not be instructed in its functions and shall operate independently of other bodies and of undue influence. The tasks of the NAIH may only be determined by an act of the Parliament.

The head of the NAIH is its president, appointed by the President of the Republic upon a proposal of the Prime Minister. The President of the NAIH is appointed for a term of nine years. After the termination of this mandate, the President may be reappointed on one more occasion. The President shall appoint a vice-president for an indefinite period to assist their work. The President shall exercise the employer’s rights over the public officials and the NAIH's employees.

Procedural Information[edit | edit source]

Applicable Procedural Law[edit | edit source]

Based on constitutional provision, the Act CXII of 2011 on the right to informational self-determination and on the freedom of information (Data Protection Act), which entered into force on 1 January 2012, established the Authority and regulated its operation in detail.

The Act CXII of 2011 is comprehensive in scope, as it is applicable to all data processing operations undertaken in Hungary regardless of the public or private legal status of those performing such operations, including also law enforcement, national security and defense sectors, together with activities which relate to the data of a natural person, as well as data in the public interest and data made public on the grounds of being in the public interest.

The national Data Protection Act regulates certain procedural elements as a lex specialis for Act CL of 2016 on General Public Administration Procedures (Administrative Code) as a lex generalis.

Complaints Procedure under Art 77 GDPR[edit | edit source]

If the data subject considers that the processing of personal data relating to him infringes the GDPR, he can submit an application for commencing an administrative procedure for data protection. The application has to meet the substantive requirements prescribed by the Data Protection Act and the rules laid down in the Administrative Code.

Authority inquiries can also be initiated anonymously. The NAIH may dismiss such anonymous notifications without examining it on its merits, however, it is the consistent practice of the Authority, that it conducts the inquiry based on such notifications, unless it is not possible to investigate the infringement.

Ex Officio Procedures under Art 57 GDPR[edit | edit source]

An inquiry might be initiated not only on the basis of the complaint of the data subject or a third party different from the data subject or the data controller/processor, but also ex officio.

Appeals[edit | edit source]

Appeals against the NAIH decision shall be submitted to the authority itself within thirty days of its communication. Only attorney at law can act at the court on behalf of the data subject.

In case of an appeal against the NAIH decision the Court of Budapest (Fővárosi Törvényszék) is the competent tribunal to act.

Practical Information[edit | edit source]

Any individual, who does not speak Hungarian may request the authority to assess his or her request in their native language or another intermediary language, in which their request is phrased, provided that the applicant agrees to advance and cover the costs of translation and interpretation

Statistics[edit | edit source]

In 2018 there were 1205 inspections among which 827 cases were related to data protection, while 375 were related to freedom of information. NAIH publishes a report on its activities each year, by 31 March, and submits this report to the Parliament. The report which is available on the official page of the NAIH contains detailed statistics on the activity of the authority.

EU/EEA Data Protection Authorities
Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland · France · Germany (Baden-Württemberg · Bavaria, private sector · Bavaria, public sector · Berlin · Brandenburg · Bremen · Hamburg · Hesse · Lower Saxony · Mecklenburg-Vorpommern · North Rhine-Westphalia · Rhineland-Palatinate · Saarland · Saxony · Saxony-Anhalt · Schleswig-Holstein · Thuringia ) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain · Sweden
Iceland · Liechtenstein · Norway EDPS · EDPB
Non-EU/EEA Data Protection Authorities
United Kingdom