CLVPartners

CLV-02
Menu

Start-ups

Reinterpreted Restrictive Covenant!

Employment, labour law, Medium-sized companies, News, Start-ups / / , , ,

The supreme court has confirmed that it is not possible to incorporate the consideration for non-compete into the monthly wages even in the labour contract with the executive employees. The common practice is that the employees are required to notify the employer on the data of their a new employer.

Now according to the decision of the supreme court, breach of the notification undertaking shall not be penalised, only breach of the restrictive covenant. This surprising decision would significantly reduce the employers ability to check the fulfilment of this undertaking, because they do not become aware or only by accident if their former employee works for their competitor if there is no sanction for non-reporting. The labour code but it is a contract governed by the Civil Code which basically based on the principle of the parties’ freedom to freely determine their agreement in the absence of expressly prohibited provision, and the Civil Code does not prohibit the imposition of a penalty for breaching of notification obligation. It seems that the courts leave less room for the Hungarian employers in their civil law

Amendments with regard to the GDPR has been published

Company groups, Data protection, Employment, labour law, Medium-sized companies, News, Start-ups / / , , , , ,

The amendments with regards to the GDPR, which was adopted by the Hungarian Parliament on the 1st of April, was officially published today.

In order to harmonize with the GDPR, the amendments modifies over 80 sectorial law, including provisions of the Labour Code.

The majority of the amendments will come into effect at the end of April, but the modifications regarding the national accreditation and the protection of inventions by patents will come into force in May.

Legislative changes on the bill related to GDPR

Company groups, Data protection, Medium-sized companies, News, Start-ups / / , ,

It became necessary with the entry into force and application of the GDPR, amend the domestic sectoral laws, which proposals are expected to be adopted by the Parliament this week. The draft also affects the provisions of the Labour Code.

Provisions related to workplace data management are defined under a new title Data Process after the section of protection of privacy rights. According to this, in addition to the employer, the works council and the trade union may also request employees to make a statement or to disclose any information for exercising their rights or fulfilling their obligations as defined in the Labour Code. In regard to the provisions above, they may also request to present them a document, thus, storing and copying them cannot be necessary for the above reasons, it is sufficient to present them and record the necessary data.

Based on the draft, the processing of biometric identifiers has been further regulated, that the employee’s biometric data can be processed for the purpose of identifying the data subject if it is necessary to prevent unauthorized access to a thing or data which would endanger the life, bodily integrity or health of the employee or others, or the serious or massive irreversible harm of a significant interest protected by law.

Regarding monitoring of the workplace, it has been recorded in the draft, surprising many people that the employee may only use the computing device provided by the employer for the purpose of performing the employment relationship. The parties may differ from this rule by mutual agreement, however, by default, these devices cannot be used by the employee for private purposes at all. Although the draft provides that the employer may only monitor employment-related data when monitoring, it also qualifies, for the purposes of the above entitlement, the data necessary to verify compliance with the private use restriction.

The provisions of the above draft have not yet been adopted, so we will inform you about its subsequent adoption or possible modifications later on.

Legislative changes in Hungary anticipating a possible ‘No Deal’ Brexit

Employment, labour law, Medium-sized companies, News, Start-ups / / , , , , , , ,

The proposal affects the right of residence, employment and entitlement to social security and unemployment benefits for British citizens in Hungary.

The Hungarian government has drafted a bill on 26 February 2019 titled “Amendments to certain laws in the event of the withdrawal of the United Kingdom of Great Britain and Northern Ireland from the European Union in a disorderly manner” under number T/4821. According to the explanatory memorandum to the bill, the likelihood of a disorderly exit has increased significantly, which means that on the midnight of 29 March 2019 the United Kingdom of Great Britain and Northern Ireland would become identical to third-countries. The amendments to the law contained in the bill would enter into force in Hungary at the time and in the event of a no deal Brexit.

As regards residence and employment, the essence of the bill is that British citizens can continue to hold the same status as an EU citizen for 3 years after leaving which means, they can legally reside and work in Hungary after leaving the EU in case their status is in order, i.e. they have a Registration Certificate for EEA Nationals or a Permanent Residence Card prior to the date of the exit. After leaving and staying for at least 3 years in Hungary, they can apply for a National Permanent Residence Permit without examining the terms and conditions applicable to housing, subsistence, health insurance and Hungary’s interest. After 5 years of uninterrupted stay in Hungary, British citizens may apply for EC residence permit as well. In the latter case, however, the examination of the residence conditions, unlike national residence permit, cannot be waived.

As it follows from the rules above, British citizens arriving in Hungary after Brexit will be entitled to reside and work under the rules applicable to third-country nationals.

The main principle for the various social security benefits is that the benefits determined before the UK’s exit remain the same.
In terms of pension rights, the periods of insurance completed both prior and past to Brexit are recognized and offset, as proposed in the bill.

NAIH imposed a fine of one million forints

Company groups, Data protection, Medium-sized companies, News, Start-ups / / , , , , ,

The Hungarian Data Protection Authority (NAIH) imposed a fine of one million forints on a company with a turnover of 15 million forints, which the Authority considered to be a symbolic amount of money, for not restricting and issuing copies of camera recordings, despite a request from the data subject.

The data subject wanted to use the recordings as evidence in legal proceedings, as he/she also stated in the request. The company justified its decision of not restricting and giving out a copy of the recordings because the data subject did not indicate how deleting of the camera recording would infringe his/her legitimate interest, and in connection with what legal proceedings he/she requests the restriction of processing data of the camera recordings, although it is required to do so according to the Act CXXXIII of 2005 on the private security services and the activity of private detectives (Szvmt).

According to NAIH, the company violated the data subject’s right to restrict data processing. According to Article 18 (1) (c) of the GDPR, it is sufficient for the data subject to argue that the restriction of the processing is necessary for the submission and enforcement of his legal claims. In this regard, Szvmt. is expected to be amended soon.

According to the opinion of NAIH, the company should have complied with the request of the data subject without consideration, since the reason stated by the data subject shall be sufficient to fulfill the request.

In imposing the fine, the Authority assessed the nature of the infringement as an aggravating circumstance, as it violated the applicant’s rights, furthermore, the refusal of the request has led to the deletion of the recordings, which cannot be restored. It was a mitigating circumstance that the company committed the infringement for the first time, and also that the provision referred from the Szvmt. is still in force, which could have misled the company in its decision to deny the data subject’s request.

Google fined €50 million for infringing the GDPR

Company groups, Data protection, Medium-sized companies, News, Start-ups / / , , , , , ,

On 21 January 2019, the French Data Protection Authority (the ‘CNIL’) fined Google EUR 50 million for infringement of the GDPR. Though this decision only concerned user data, given the unprecedented amount of the fine, it should be considered a warning to all companies to ensure that their personal data management practices, including on HR matters, are GDPR compliant.
The Authority based the investigation on two complaints that arrived immediately after the entry into force of GDPR on May 25, 2018.

The CNIL has examined the complained data processing operations and found two types of infringement.

• Violation of the obligation to have a legal basis for advert personalization processing:

The CNIL observed that the information on the data processing activities provided to users was neither easily accessible nor always clear or comprehensive. Essential information required to sufficiently inform data subjects of storage purposes, periods or categories of personal data used for ads personalization was spread across various documents.

• Violation of the obligation to have a legal basis for advert personalization processing:

Google relied on data subjects’ consent to process data for ad personalization purposes. However, the Authority found that this agreement did not constitute specific, informed and unambiguous consent for the data subjects, because they had to ‘agree’ to Google’s entire privacy policy and terms and conditions in order to access the its products. The CNIL concluded that the data subjects’ consent was not freely given, because they had not been sufficiently informed due to the use of multiple documents and the unclear depiction of the services and websites that would be involved in the ad personalization section.

Further, the CNIL noted that before creating a Google account, each user was asked to agree to the company’s terms of service and privacy policy, which he or she could only amend at a later time by going into ‘more options’ and de-selecting ad personalization.

This is the first time that the CNIL has applied the new sanction limits provided by the GDPR since its entry into force on 25 May 2018. In imposing the fine, the Authority took into account the serious breach of the main principles of the GDPR, according to which the maximum amount to be imposed could be EUR 20 million or 4 % of the company’s global annual turnover. The factors taken into consideration in the Authority’s decision whether to impose a fine or its amount, were the fact that Google’s violations were not one-off incidents or limited in time, but rather continuous breaches of the GDPR, and that their data process cover a wide range of data subjects. Lastly, the CNIL pointed out that as the company’s business model was partly based on ad personalization, Google had all the more reason to ensure that it complied with its GDPR obligations.

The fines serve as a lesson for employers that they need to ensure that the information provided to applicants and employees on the processing of their personal data is clear, unambiguous and easily accessible.

Opportunities created by the “overtime act” put into practice

Employment, labour law, Medium-sized companies, News, Start-ups / / , , , , ,

Amending Act CXVI of 2018 on the organization of working time and the minimum fee of labor leasing activity (hereinafter: amendment) has been announced on 20 December 2018 and entered into force on 1 January 2019.

In our article we are looking for answers to the following questions; what opportunities the change has actually created for employers and which employers can take advantage of the opportunities created by the change.
The amendment essentially concerns issues related to the organization of working time, in particular the rules on working time banking and overtime.

The new opportunities provided by working time banking are only open for employers with collective agreements, while the opportunities in the area of overtime may be used by employers without collective agreements as well, as follows:

I. Options based on collective agreement

According to the amendment as from 1 January 2019, a maximum of 36 months of working time banking may be introduced on the basis of a collective agreement instead of a maximum of one year. In practice, this means that employers wishing to apply a longer working time frame, an amendment must be initiated to the collective agreement currently in force or; in the absence of a collective agreement in force, a collective agreement must be concluded with the trade union authorized to conclude the collective agreement, including that option.

It is important to note that not only 36 months, but shorter, e.g. a 24-month working time frame may also be included in a collective agreement by the parties.

There is a statutory limit to the extremes of work schedules arrangement within the longer working time banking – in addition to the rules on rest days/rest periods – that the 48 hours a week should be at most an annual average (and not, for example, the average of the three years).

For the time being, it is disputed whether the working time banking of more than one year is harmonized with the rules of Directive 2003/88/EC on certain aspects of the organization of working time. Article 19 of that directive provides that a ‘reference period’ for the calculation of working time or rest periods in a collective agreement may not exceed 12 months.

II. Options based on individual agreements with employees

The annual number of overtime hours can be increased up to 400 hours based on an individual agreement with employees. This option is therefore open to employers which do not have a collective agreement/ do not have a trade union with authorized to conclude a collective agreement.

400 hours is the absolute upper limit for overtime work. Higher amounts cannot validly be stipulated in a collective agreement either.

The employee may terminate the agreement by the end of the calendar year. Termination of the agreement shall not be a reason for termination of employment.

III. Options based on the request of the employee

According to the amendment, overtime (supplement payment) is not generated in situations where the employees themselves request the modification of the working time schedule in advance within 96 hours.

This provision recognizes situations that actually occur in practice, when for example the employee asks for a change in the working time schedule for some kind of personal reasons, e.g. “exchange” a workday with another colleague.

It is important that the initiative really comes from the employee. Using employee’s requests for employers’ interests are abusive, thus illegal.

In relation to the option described above it is also important to take into account the general principle of labor law, that working schedule arrangements, overtime arrangements are possible only if the requirements of healthy and safe work are met. In addition to the economic benefits associated with more flexible working hours, it is important to consider that the employer may be required to pay financial compensation for the damage caused by the workers who are proven overloaded or the accidents and health damage caused to them.

Labour law related changes in 2019

Medium-sized companies, Employment, labour law, Start-ups /

Mandatory and guaranteed minimum wage – Childcare benefits – Sick pay – Pension
Government Decree No 324/2018. (XII. 30.) determines the amount of the mandatory minimum wage. The mandatory minimum wage for full-time employees increased with 8% as of 1st January 2019, from 138,000 to gross 149,000 HUF. The guaranteed minimum wage paid to skilled workers rose by 8% as well in the case of completion of full time working as of 1st January 2019, from 180,500 to 195,000 HUF.

Due to the increasing minimum wage the amount of the childcare benefits (GYED), the benefits for university students and graduates grew as well as the sick pay as of 1st January 2019. The eligible families are entitled to a maximum of 208,600 HUF in childcare benefits. Students enrolled in a bachelor’s program will be eligible for 104,300 HUF support and students enrolled in a master’s program for 136,500 HUF. The daily maximum of sick pay increased from 9180 HUF to 9933 HUF.

The amount of pensions amended favorably. The pensions (including among others retirement pension, widows’ pension, orphans’ allowance etc.) increased with 2,7% with the effective date of 1st January 2019. The amount of minimum pension remained unchanged (28,500 HUF).

Blacklist on Data Protection Impact Assessment (DPIA)

Company groups, Data protection, Medium-sized companies, News, Start-ups / / , , , , , , ,

Under Article 35 (4) of regulation (EU) 2016/679 of the European Parliament and of the Council („GDPR”), the National Authority for Data Protection and Freedom of Information
(„NAIH”) established a list of the kind of processing operations which
are subject to the requirement for a data protection impact assessment („black list”).
According to article 35 of the GDPR: Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.

The GDPR defines some circumstances when a DPIA is to be carried out:
• a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and upon which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
• processing on a large scale of special categories of data, or of personal data relating to criminal convictions and offences; or
• a systematic monitoring of a publicly accessible area on a large scale.

The black list contains the following processing activities when a DPIA is to be carried out:
• processing of biometric or genetic data;
• scoring;
• credit or solvency rating;
• further use of data collected from third persons;
• the use of the personal data of pupils and students for assessment;
• profiling;
• anti-fraud activity;
• smart meters;
• automated decision making producing legal effects or similarly significant effects;
• systematic surveillance;
• location data;
• monitoring employee work;
• processing of considerable amounts of special categories of personal data;
• processing of considerable amounts of personal data for law enforcement purposes;
• the processing of the personal data of children for profiling;
• the use of new technologies for data processing;
• the processing of health data;
• an application, tool, or platform for use by an entire sector;
• combine data from various sources.

Resolution on criteria for setting administrative fines

Company groups, Data protection, Medium-sized companies, News, Start-ups / / , , , ,

In its resolution published on 19 September 2018, the National Authority for Data Protection and Freedom of Information (NAIH) assessed the criteria to take into consideration during the process of setting a fine, especially the level of the fine that NAIH may impose in case of the first infringement of the data protection regulations.

The Authority is being guided by the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council (“Regulation”) and the Act CXII of 2011 on Informational Self-determination and Freedom of Information (“Info Act”) with regard to the determination of the fine.

Article 83 (1) of the Regulation states, that the administrative fines shall be effective, proportionate and dissuasive. Pursuant to Preamble (148) in a case of a minor infringement or if the fine likely to be imposed would constitute a disproportionate burden to a natural person, a reprimand may be issued instead of a fine.

This provision was completed by Section 75/A of the Info Act according to which the Authority shall exercise its competence provided for in Article 83 (2)-(6) of the Regulation in due consideration of the principle of proportionality, in particular with the provision that in the event of any non-compliance with the Regulation for the first time, the Authority shall in principle issue warning to the data controller or data processor in order to arrange the remedy of the infringement.

The Authority shall take into account the Data Protection Working Party (WP29) guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679, available at the following link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611237

CLVPartners
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.