Audit Services of the Hungarian DPA
As from 1 January 2012 the Hungarian DPA opens its services for
providing audit services. The audit service is regulated by the Privacy Act,
however data controllers and experts still have a lot of concerns regarding the
service. In Hungary no other authority has the same entitlement.
According to chapter 39 of the Privacy Act the data protection audit „is a service provided by the authority designed
to evaluate and assess data processing operations in progress or proposed along
technical merits, intended to effectively implement a high level of data
protection and data security system”. The unclear wording of the act raises
concerns and suggests that it is possible to request that the authority analyze
the technical system and safety of the technical equipment used by the data
controllers. Proposed data processing operations may be audited if deemed
justified based on the elaboration of the data processing concept.
The audit service can be conducted by the Authority solely at the data
controller’s request. It is not clear, whether it can be requested by any of
the controllers if there are more than one controllers, or the controllers shall
request it jointly. For the data
protection audit an administrative service fee shall be charged in the amount
decreed by the relevant minister. This fee is not yet made available to public,
however, based on official communications it will be determined on a case by
case basis.
Dr. Andrea Klára Soós
andrea.soos@gfplegal.com
+ 36 1 270 99 00
No comments:
Post a Comment