For multinational employers, it is almost inevitable to transfer personal data to so called third countries meaning countries outside the European Economic Area. In many cases, the company group may have members resident in non-EEA countries who need to process personal data of EU-resident employees or a third party residing outside the EEA may provide a service to the company group that involves processing of personal data. In this article we deal with the question of how such personal data transfers to third countries may be made GDPR compliant.

Smartlegal Schmidt&Partners reports from Hungary:

It is a common practice to provide your employee with a corporate e-mail account for working purposes. In some cases, the employer needs to examine the employee’s e-mail account, for example to ensure the continuous management of cases during the absence of the employee. How can you legally monitor your employee’s e-mail account? Here are five things to consider.
Smartlegal Schmidt&Partners reports from Hungary:

Keywords: Hungary, European Union, NIS2 Directive, Cybersecurity

Before the winter holidays the Hungarian Parliament adopted the new Cybersecurity Act which repeals the former Cybersecurity Certification Act. The Cybersecurity Act implements the EU NIS2 Directive and imposes numerous obligations on the affected organizations. Read our short article and find out if you are affected and if so, what are your key responsibilities.

Smartlegal Schmidt&Partners reports from Hungary:

In our modern age surveillance technology permeates many aspects of daily life and methods such as CCTV cameras have become a common phenomenon in the workplace. Given that their presence also raises significant questions regarding the privacy of the employees, multinational employers must be aware of the basic principles of using such methods in Hungary. In this short article we summarize ti most important issues related to CCTV surveillance in workplaces.

Smartlegal Schmidt&Partners reports from Hungary:

A publication from our India member, MHCO Law

In case of multinational company groups, it is not always easy to determine the capacity in which individual members of the group participate in the processing of the employees’ personal data. Moreover, the company group may use external service providers for certain aspects of the data processing which further complicates the situation. In this article you will find some guidance on how to decide who is a controller, a joint controller or a processor.

Smartlegal Schmidt&Partners reports from Hungary:

What fines can be imposed if a foreign investor breaches the Hungarian General or Temporary Regime regulating the FDI screening procedures? What remedies are available to the foreign investor under the Regimes? In the last part of our FDI article series, we answer these questions.

Smartlegal Schmidt&Partners reports from Hungary:

Hungarian companies affected by the Cybersecurity Certification Act have only until 31 December to comply with their obligation to enter into an agreement with an auditor to conduct a cybersecurity audit. Read this short article to find out who shall engage an auditor and who affected organizations can choose as an auditor.

Smartlegal Schmidt&Partners reports from Hungary:

How does the Hungarian Government assess the approval or prohibition of foreign direct investment in Hungary? What are the possible consequences of the Hungarian Government’s decisions on the foreign direct investment? In the 5th part of our series of articles, we address these questions. 

Smartlegal Schmidt&Partners reports from Hungary:

Do controllers always have to ask for the consent of their clients to transmit their personal data to sponsors for advertising purposes? Can such an interest be regarded as legitimate interest in the sense of the GDPR? Or a legitimate interest can only be an interest that is defined by law? The CJEU has addressed these issues in the case of a tennis federation, which we analyse in this short article.

Smartlegal Schmidt&Partners reports from Hungary: