The legal regulations governing the operation of online stores are complex: the operators of online stores shall be aware of a number of legal requirements found in different legal sources.
It is not enough to apply a GTC the content and form of which is in accordance with the legal regulations; there are also technical requirements for online stores that must be in line with the GTC.
The legal operation of online stores is supervised by the Ministry of National Development. If during its proceeding the authority establishes the breach of the consumer protection rights, it may apply a number of legal consequences.
The data base of online stores that have committed a serious infringement operates since January 1st 2017. The final decisions of the consumer protection authority, the Hungarian Competition Authority or the court on serious infringements are published on the website of the Ministry of National Development. The companies in the database are deleted from the list by the ministry only after two years. The database makes it possible to identify the infringing business and online store, and by using the search engine available on the website consumers can easily search for infringing businesses. All of this is immensely disadvantageous for the business reputation and public opinion of an online store.
Data Management Briefing
The data controller shall clearly and in detail inform the data subject about all the facts related to the handling of the data subject’s data, including the rights and remedies of the data subject in connection with such data handling. The data controller can fulfil these obligations by publishing the data management briefing.
- Data controllers and data processors handling national authority, labour or criminal data files;
- electronic communications and utility service providers; furthermore
- other state or local governmental data controllers shall prepare privacy and data security policies.
Data Protection Register
The Hungarian National Authority for Data Protection and Freedom of Information maintains a data protection record on the data controller’s personal data management. The data controller shall apply for registration of the processing of personal data at the Authority prior to the processing of the data. In its decision granting the application, the Authority shall communicate the registration number of the data handling that shall be indicated by the data controller when transmitting, publishing and releasing the data to the data subject.
Hungarian National Authority for Data Protection and Freedom of Information
By forwarding a request to the Authority, anyone may initiate an investigation by claiming that there has been a violation of rights in connection with handling of personal data, access to public data or data of public interest or if there is a direct risk of such violation. If the Authority considers the existence of a breach of law or its immediate risk to be justified, the data controller is called upon to remedy the infringement or to take steps in order to cease the direct risks.
If, on the basis of the notice no legal action has been taken or the immediate threat of infringement has not been ceased, the Authority shall decide on the necessary further actions. The Authority may, inter alia, initiate a data protection procedure, at the end of which the Authority makes a decision. The decision may impose a number of obligations, including a fine ranging from HUF 100.000 to HUF 20.000.000.
- Drafting and reviewing the GTC;
- representation in consumer protection procedures;
- drafting data management briefing;
- drafting privacy and data protection policies;
- application for registration before the Authority.