Hungary issues GDPR interpretation for criminal checks
Hungary's Authority for data protection has made a statement regarding criminal record checks and GDPR.
Along with Hungary's Freedom of Information (NAIH) they have ruled that criminal records can only be obtained if:
a) For certain jobs such as public services or child care the legal basis under GDPR for requesting criminal checks can be found in Article 6 (1) c) which allows for data processing when a data controller has to comply with a legal obligation
b) Where a legitimate interest exists for the need for a clean criminal record in accordance with Article 6 (1) f) of the GDPR.
If a company decides to request such certificates from applicants and employees, this must be reflected in its data protection notices, which must include justification by way of a legitimate-interest test. Employers, for example, may request such certificates if a given job requires specific confidentiality requirements or is a sensitive financial position.
The NAIH emphasises that employers must not make copies of these certificates. Also, a company's previous routines and privacy notices must be checked to make sure they fall in line with this new interpretation.