Answer ... In relation to data protection, the General Data Protection Regulation and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information apply in Hungary.

Both regulated institutions in the financial sector and fintech companies must comply with the data protection rules if they handle or process personal data. There are no specific implications with regard to fintech companies. In case of infringement of the General Data Protection Regulation, an administrative fine of up to €20 million may be imposed. It is thus essential that fintech companies have a proper understanding of the personal data they process and ensure there is a legal basis for such data processing.

Answer ... Hungary implemented Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union through the Act on Electronic Commercial Services. Its rules apply to online marketplaces, online search engines and cloud computing services. The Act on Electronic Commercial Services sets out some technical requirements concerning the conclusion of contracts via electronic means and data protection (eg, relating to the purposes for which a service provider may process personal data; the user’s right to prohibit data processing; and the right to erasure of personal data). Micro and small companies operating online marketplaces or online search engines, or providing cloud computing services, are exempt from a set of rules on cybersecurity (eg, relating to registration with and notification of the National Cybersecurity Institution). Depending on their size, fintech companies often qualify as small and medium-sized enterprises and are thus likely to fall under the exemption.