HUNGARY Law and Practice Contributed by: Adam Liber and Tamás Bereczki, PROVARIS Varga & Partners
3.5 International Data Transfers Generally, the international data transfer provi - sions of the GDPR apply to the extent person - al data is concerned by the international data transfer. Various financial sectoral provisions lay down additional requirements for internation- al data transfers, such as those applicable to bank secrets, insurance secrets and securities secrets. Bank Secrets Under Section 54(1)(h) of Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises, the transfer of data constituting bank secrets from a financial institution to a foreign financial institution is permissible provided all the follow - ing conditions are met: • Client’s Written Consent: The client (data subject) must provide explicit written consent for the data transfer. • Adequate Data Protection Measures: The foreign financial institution (data controller) must ensure that data processing conditions meet the requirements set forth by applicable laws and directly applicable legal acts of the European Union for each piece of data. • Adequate Data Protection Legislation: The country where the foreign financial institution is headquartered must have data protection laws that satisfy the requirements imposed by applicable laws and directly applicable legal acts of the European Union. Insurance Secrets Under Section 140(1) of Act LXXXVIII of 2014 on Insurance Activities, the transfer of insurance secrets by an insurer or reinsurer to a third-coun - try insurer, reinsurer, or data processor is permis - sible under the following conditions:
• the data subject (client) has provided explicit written consent for the data transfer; or • in the absence of the data subject’s consent, the data transfer complies with the regula - tions governing the transfer of personal data
to third countries. Securities Secrets
Under Section 120(e) of Act CXXXVIII of 2007 on Investment Firms and Commodity Dealers, the transfer of securities secrets by an investment firm or commodity dealer to a foreign investment firm or commodity dealer is permissible provided all the following conditions are met: • the client has explicitly consented to the data transfer; • the foreign investment firm or commodity dealer ensures that data processing condi - tions meet the requirements set forth by applicable laws and directly applicable legal acts of the European Union for each piece of data; and • the country where the foreign investment firm or commodity dealer is headquartered has data protection laws that satisfy the require - ments imposed by applicable laws and directly applicable legal acts of the European Union. The MNB issued its Guidance 4/2019 (IV. 1.) on the use of public cloud services, which stipulates that institutions utilising public cloud services for data processing, storage, or management must establish appropriate safeguards in com - pliance with national and EU legal frameworks. These safeguards require data controllers and processors to handle, process, and store cli - ent data and financial sector secrets strictly in accordance with the principle of purpose limi - tation, ensuring that data is used only to the extent and for the duration necessary to fulfil the
110 CHAMBERS.COM
Powered by FlippingBook