Government softens GDPR regulation for SMEs

The justification for the amendment is that the law will harmonize Hungarian legislation with the EUʼs new General Data Protection Regulation (GDPR), according to information published on Parliamentʼs website on Wednesday, cited by state news agency MTI.

The reasoning of the proposal states that the original function of the regulation is to control multinational companies taking advantage of regulatory discrepancies between member states.

Other companies, specifically SMEs, should be warned and not sanctioned when first breaching the law, the government argues. Compliance puts a substantial burden on SMEs, the proposal notes, which the authorities should take into consideration. Tasks related to the introduction of the GDPR will be performed by the National Authority for Data Protection and Freedom of Information (NAIH).

The GDPR, which was adopted on April 14, 2016, and became enforceable on May 25, 2018, after a two-year transition period, is a regulation, not a directive. As such, it does not require national governments to pass any enabling legislation and is directly binding and applicable. The regulation harmonizes data protection regulation throughout the EU, and applies to all authorities, companies or organizations handling or using personal data of people residing in the EU.