Article 90
Obligations of secrecy
There is no recital in the Directive related to article 90.
Regulation
Art. 90 1. Member States may adopt specific rules to set out the powers of the supervisory authorities laid down in points (e) and (f) of Article 58(1) in relation to controllers or processors that are subject, under Union or Member State law or rules established by national competent bodies, to an obligation of professional secrecy or other equivalent obligations of secrecy where this is necessary and proportionate to reconcile the right of the protection of personal data with the obligation of secrecy. Those rules shall apply only with regard to personal data which the controller or processor has received as a result of or has obtained in an activity covered by that obligation of secrecy. 2. Each Member State shall notify to the Commission the rules adopted pursuant to paragraph 1, by 25 May 2018 and, without delay, any subsequent amendment affecting them. |
Directive
No specific provision |
Romania
|
Hungary
Data processing and confidentiality § 71 Data Protection Act (1) In its proceedings the Authority shall be entitled to process - to the extent and for the duration required - those personal data, and classified information protected by law and secrets obtained in the course of professional activities, which are related to the given proceedings, or which are to be processed with a view to concluding the procedure effectively. (2) The Authority may use the data obtained in the course of conducting its examination for administrative proceedings. (3) In its proceedings provided for in this Act, the Authority shall have access to data specified in Paragraphs a)-f) and i) of Subsection (1), Subsection (2), Paragraphs c)-f) of Subsection (3), Paragraphs c)-g) of Subsection (4), and Paragraph d) of Subsection (5) of Section 23 of Act CXI of 2011 on the Commissioner of Fundamental Rights (hereinafter referred to as “FRA”) as defined in Subsection (7) of Section 23 of the FRA. (3a) The Authority shall have access to data specified in Paragraph e) of Subsection (3), Paragraph f) of Subsection (4) and Paragraph d) of Subsection (5) of Section 23 of the FRA, Subsection (3) notwithstanding, if it is required in: a) formal investigation procedures, b) administrative proceedings for data protection, or c) administrative proceedings for the control of secrets, opened for the protection of personal data of persons covertly cooperating. (3b) The Authority shall have access to data specified in Paragraph f) of Subsection (3) and Paragraph g) of Subsection (4) Section 23 of the FRA, Subsection (3) notwithstanding, which allow for the identification of individuals using means and methods for covert information gathering operations, if it is required in: a) formal investigation procedures, b) administrative proceedings for data protection, or c) administrative proceedings for the control of secrets, opened for the protection of personal data of those individuals. (3c) If the document the Authority plans to examine contains any data which the Authority is entitled to access only within the context of Subsection (3), the data that cannot be disclosed shall be blacked out before the Authority is allowed access to the document in question. (4) In proceedings related to the processing of classified information the Vice-President of the Authority, including executive officers and examiners shall - in possession of a personal security certificate of appropriate level of clearance - be allowed access to classified information without the authorization prescribed in the Act on the Protection of Classified Information for use. (5) The President and Vice-President of the Authority, and persons currently or formerly employed by the Authority as civil servants or in any other work-related relationship shall keep confidential any personal data, classified information, secrets protected by law and secrets obtained in the course of professional activities they may have learnt in relation to the operation and actions of the Authority as well as any other data, fact or circumstance that the Authority is not required to make available to the public - except for any disclosure or supply of data to other organizations under the relevant legislation -, during the term of their employment and after the termination thereof. (6) According to the confidentiality requirement, the persons mentioned in Subsection (5) may not disclose unlawfully any data, facts or circumstance they obtained in connection with the performance of their official duties, nor shall they be allowed to use or reveal such information to third persons. |