On 25 May, 2018, the first day of applicability of the GDPR, the Hungarian Data Protection Authority (NAIH) released a statement about the regulations applying for protection of personal data and about the fulfilment of reporting obligations of controllers and processors.
As a general note, NAIH explains that the Hungarian legislation (e.g. sectoral data protection provisions) of which GDPR explicitly allows to be created (or kept in effect) will be considered applicable within the limits set by the new regulation.
The Authority informs about a new platform for reporting data protection incidents and data protection officers maintained on its official website (available currently only in Hungarian). Both obligations of the data controllers apply from 25 May, 2018.
NAIH points out that the obligation of data controllers to register themselves in the registry kept by the Authority is not anymore required under GDPR although the relevant rule of the domestic Act (Infotv.) is still in effect. Nevertheless, the Authority sees no legal grounds for imposing sanctions as a result of failing to submit such requests for registration. (Under the GDPR, the sole obligation of the data controller in this regard is to keep an internal registry on the types of personal data he collects and controls as well as on the ways of processing such data. The existence and accuracy of such registry may, however, be subject of an audit performed by the Authority.)