In October 2015, when changes are implemented to the Hungarian Data Protection Act, amongst other things, Binding Corporate Rules (BCRs) will be enforceable as a mechanism for global data transfers provided that the BCRs are approved by the DPA upon payment of a fee and upon detailed disclosure of the data controller, purposes for processing data and all other usual aspects of a BCR application.

In addition to the BCR changes to the Hungarian Data Protection Act, there will also be a requirement for data breaches to be held in a breach register by the data controller that has suffered the incident.

The breach register should detail the scope of personal data affected by the breach, the type of individuals and number of individuals involved, the date and time of the incident, the circumstances of the incident, the likely impact of the breach on individuals and the measures applied to prevent a similar incident in the future.

The breach register will be investigable by the Data Protection Authority who now has stronger powers to enforce compliance under changes to the Data Protection Act with an ability to impose a maximum fine of up to the equivalent of 70,000 US dollars.