The New Hungarian Civil Code (Act V of 2013) entered into force by 15 March 2014 introducing significant changes relating to the compensation for violations of data subject rights in Hungary.
In case of harm in personal rights caused to the data subject in connection with data processing or breach of data security requirements, under Section 2:51 of the New Civil Code, the data subject may now claim the establishment of infringement of personal rights, cease and desist from infringement, granting satisfaction, as well as to hand over financial gains by the perpetrator achieved through infringement. Moreover, under Section 2:52 of the new legislation, the data subject may now also claim exemplary damages i.e. lump sum damages from the data controller that can be awarded by the court for the compensation of the harm in personal rights by the data controller which is a result of unlawful data processing or breach of data security requirements. Regarding the claim for exemplary damages, the data subject as a claimant does not need to evidence the harm beyond the breach of data protection laws which is a significant change in the substantive civil law provisions.
Notably, the data controller is also liable for any damage or harm in the personal rights caused by its data processor. The data controller is exempted from liability if it proves that the damage or harm in the personal rights was the result of force majeure or the result from the intentional or grossly negligent conduct of the data subject.
According to the transitory provisions of the new Civil Code, the above provisions apply to the breach of personal (privacy) rights committed after 15 March 2014.