The appointment of the DPO is regulated in the same manner as in the GDPR. Section 25/L Subsection 1 of the Info Act states that the data controller and the data processor must appoint a DPO if the data controller and the data processor carry out state tasks or other public tasks prescribed by law (except for courts) or if it is otherwise prescribed by national law or EU law.
Exemption for courts
Courts are exempted from the obligation to designate a DPO.
Notification of the Data Protection Officer to the authorities
Registration of the DPO is obligatory.
The data controller or the data processor can notify the Authority via the online portal at: https://dpo-online.naih.hu/. The Authority qualifies the notification as completed when the DPO sends confirmation of his/her data to the e-mail address designated by the Authority within fifteen (15) days.
Further provisions or official guidelines
The Info Act established a specific and permanent confidentiality obligation for DPOs (Section 25/L Subsection 2 Info Act).
Conference of DPOs
The Authority will convene and set the agenda of the ‘conference of DPOs’ at least once a year. This conference shall serve as a regular interaction point between DPOs and the Authority.
