The Hungarian Data Protection Authority (NAIH) recently issued a new guidance on the making and keeping of copies of employees' qualifications to comply with ISO 9001:2015 quality management standards.
The European Court of Justice ("ECJ"), in its judgment of 9 February 2023 in Case C-453/21, considered the interpretation of the dismissability of a Data Protection Officer and the performance by the DPO of other duties that may give rise to a conflict of interest. The ECJ ruled that an appointed DPO cannot hold a position within the organisation that would result in him or her determining the purposes and methods of processing personal data. The decision has significant implications for organisations wishing to entrust their DPO with additional tasks that may conflict with the DPO's duties.
The Hungarian Data Protection and Freedom of Information Authority (NAIH) recently fined a market-leading Hungarian media service provider HUF 10 million (approx. €25,000) for failing to comply with the data processing principles of lawfulness, fairness and transparency in its cookie management solution based on the Interactive Advertising Bureau (IAB) Europe's Transparency and Consent (TCF) Framework. This is the first time that the Hungarian authority has imposed a fine for cookie management issues and made it public.
This past year brought significant privacy-related regulatory challenges to business operations. The pandemic situation and lockdown, the ever-rising number of data breaches, the invalidation of the EU-US Privacy Shield, and the challenges arising from the uncertainties of BREXIT have all tested compliance departments to the full.