What are considered personal data?
“Personal data” means any information relating to an identified or identifiable natural person. This can be practically any information that is related to a particular person and by reference to which the person can be identified, whether directly or indirectly (e.g. address, mother’s name, e-mail address, surveillance camera footage, blood group, aptitude test results, etc.).
What is processing?
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data (such as collection, recording, consultation, use, erasure or even reading).
Who is the controller and who is the processor?
“Controller” means the natural or legal person who determines the purposes and means of the processing of personal data (e.g. an employer). “Processor” means an entity which processes personal data on behalf of the controller (e.g. a payroll accounting firm).
What are the key principles of data processing?
- Principle of purpose limitation: personal data may only be processed for specific purposes determined in advance;
- principle of data minimisation and data protection by default: personal data are processed only to the extent necessary for each specific purpose of the processing;
- principle of storage limitation: personal data are stored only as long as necessary to achieve the purposes for which the personal data are processed;
- principle of fair processing: the processing must fulfil the requirement of fairness;
- principle of appropriate legal basis: the processing must be lawful;
- principle of accuracy: the data processed should be accurate and complete;
- principle of prior information: the processing should be based on clear, detailed, complete and easily accessible prior information;
- rights of data subjects: data subjects shall have the right to receive information on the processing of personal data concerning them, object to the processing or request the erasure, rectification or blocking of their personal data.
The above principles, essentially, were included in the applicable Hungarian legislation in force before 25 May.