According to new GDPR-related legislation approved by the Hungarian parliament on April 1, businesses may have to tear out parts of their customer complaints registers in case they contain sensitive personal information about the writer of the complaint.
The legislation says that pages from the registers that contain personal information such as name, e-mail address, phone number, and residence have to be removed immediately in order to prevent them falling into the wrong hands, according to a press release sent to the Budapest Business Journal.
The removed pages have to be kept according to serial number in a locked place. Businesses will have to be able to present these pages if requested by authorities.
The requested changes will necessitate new format registers in most business units, the press release says. As the law comes into effect 15 days after it passed, businesses will have to take several steps in order to ensure compliance. Apart from new registers, they will need new storage units for keeping the previously removed pages, and employees will need to receive training for checking the registry at least once a day, and removing pages if necessary.
"It remains the case that the A4 or A5 format registers will need to be placed in a location that is clearly visible and easily accessible for customers in the retail unit," says Máté Siklósi, CEO of CP Contact, a company specializing in customer complaints.
"The business has to answer notes from consumers in the registry within 30 days. In the case of a rejection of a complaint, a reason has to be given, and the business needs to call the customerʼs attention to the fact that the complaint can be taken up with the authorities or conciliatory body," Siklósi adds.