From the 1st of October 2015, a change in law will allow Hungary to accept Binding Corporate Rules (BCRs) as providing an adequate level of protection for cross-border transfers.
This is a very welcome change from the current position and provides for an European-wide solution as intended by the BCRs. Currently, global companies have had to find alternative ways to legitimise the transfer of data from Hungary. Most opted to put in place Model Clauses, in addition to their BCRs, usually resulting in a spider web of “extra” agreements.
With the change of law looming, there are still many details to confirm. For example, it is not yet clear whether Hungary will be part of the mutual recognition mechanism during the BCR approval process.
For those companies that already have BCRs in place, the scope of their BCRs can be extended to include Hungary. As with other European DPAs, local requirements will need to be complied with in order to obtain national approval for BCRs in Hungary. The Hungarian DPA is yet to confirm the local requirements, but the following is clear: (i) an administrative fee will be payable; (ii) an application form will need to be filed with the Hungarian DPA (the format of which is not yet available); and (iii) there will be a time period within which the Hungarian DPA will respond to an application.
With little time left to finalise the requirements, the Hungarian DPA is sure to be facing a few applications come Thursday.