Data privacy and data protection in Hungary


CMS' 'fully dedicated' team comprises of experienced data protection specialists led by Dóra Petrányi, and serves as a local hub to coordinate regional assignments as part of the wider network. The team is actively advising on data privacy aspects in light of the Covid-19 pandemic, and is also well known for its expertise in AI, automobility systems and data privacy. Petrányi co-chairs the Regulatory Committee of the Hungarian AI Coalition, a partnership between state agencies, leading IT businesses and universities, working towards drafting a comprehensive AI strategy to establish Hungary as an AI innovator. Senior counsel Márton Domokos heads the CEE data protection practice.

Practice head(s):

Dóra Petrányi

Other key lawyers:

Márton Domokos


The greatest advantage of working with CMS Budapest is that their data protection team is fully dedicated to this practice area. It not only means that they can devote more attention to data protection matters as their lawyers’ attention is not disturbed by other issues, but it also means that over the years CMS has been able to assemble an outstanding team, know-how and expertise in data protection related matters.

Given the occasional need for working simultaneously in multiple jurisdictions, the international network of CMS also facilitates their success in meeting with our needs, while, above all, it makes us confident that their assignments are carried out precisely and efficiently.

Key clients



Futureal Group

Liberty Global, UPC DTH S.à r.l.

Magyar Telekom Nyrt. and T-Systems Hungary (Deutsche Telekom subsidiaries)


Iron Mountain

OTP Mobile

Partner in Pet Food

Samsung Electronics

Work highlights

  • Advising on GDPR compliance and data protection matters for Partner in Pet Food in Hungary, the Czech Republic, Slovakia, Poland and the Netherlands.
  • Advising on GDPR compliance and data protection matters for Samsung Electronics, including assisting with regular data privacy country risk assessments, data protection compliance of CCTV operations, marketing activities and employee and customer related data processing operations.
  • Advising Microsoft on a full range of matters regarding data protection.

Andrékó Kinstellar

Andrékó Kinstellar's team of lawyers has a 'deep understanding of data protection' and is a popular choice for privacy governance, TMT- and IT-related matters. It handles a steady stream of work in the healthcare sector where it has noted an influx of work related to data protection as a result of the Covid-19 pandemic. Regulatory expert Ákos Nagy chairs the practice, alongside managing associate  Zsombor Orbán, a GDPR and telecoms specialist with 'broad knowledge in data privacy'. Senior associate Dániel Nagy provides additional support.

Practice head(s):

Ákos Nagy; Zsombor Orbán

Other key lawyers:

Dániel Nagy


‘The team has a deep understanding of data protection practice and good sense of business aspects of data protection. Ability to handle general and complex compliance issues, focusing on data protection aspects. ’

‘They are competent, and they have with good communication skills.’

‘Kinstellar has a core team, which mainly focuses on data privacy and data protection, and they have a broad experience in these matters. There is basically no scenario they have not dealt with, they can instantly give practical advice to in-house teams.

‘I would also highlight, that the Kinstellar team has capacity like BIG4, and they can undertake larger projects.’

‘Very professional; short response times; proper experience know; our company.’

‘Zsombor Orban really stands out, he has broad knowledge and experience in data privacy, he reacts immediately and provides fantastic support in unexpected cases.’

‘Outstanding expertise, fielding several high profile practitioners providing very client-friendly advice.’

‘The Kinstellar TMT/ team has experience in both telecoms and data privacy, which is a very rare combination for external law firms.’

Key clients

Thermo Fisher Scientific




NKM National Utilities


SK Group


Work highlights

  • Supporting Thermo Fisher Scientific on data privacy matters, including setting up new IT infrastructure, day-to-day issues and review and negotiation of customer and supplier agreements.
  • Advising the Hungarian operations of the SK Group on setting up its privacy governance structure.
  • Supporting Teva Hungary and Teva Global in data protection-related issues on a continuous basis.


Dentons handles data protection matters in a range of sectors, spanning consumer goods, telecoms and pharmaceuticals to public entities and non-profit organisations. Key areas of activity include e-commerce, data access agreements, the development, maintenance and protection of database assets and portfolio management. István Réczicza and Tímea Bana are highlighted for their expertise in GDPR compliance.

Practice head(s):

István Réczicza

Other key lawyers:

Tímea Bana

Key clients

Affidea BV (previously Euromedic)

Airbus Defence and Space

EPAM Systems



Ingenious Media




UFA Hungary (RTL Group S.A.)

Work highlights

  • Advising Porsche on GDPR compliance matters, including conducting an internal data protection audit .
  • Representing a self-driving vehicle developer in front of the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) in data protection and regulatory issues.
  • Assisting an IT client in compliance matters as well as in an internal FCPA-investigation.

Lakatos, Köves and Partners

Lakatos, Köves and Partners has 'excellent knowledge in data protection law' and a good reputation advising local and international corporates on a wide range of data protection and privacy matters. The group is adept at handling audits and data consumer protection matters in relation to  marketing campaigns, product development and the roll-out of new products. Iván Sólyom has a strong following among Italian companies. The practice has also grown its Russian speaking portfolio of corporates with the addition of Alekszej Dubalár, who joined in August 2019 from a position as senior lawyer and data protection officer with the Hungarian Chamber of Agriculture. Péter Homoki is a reputable name for data privacy and IT regulation.

Practice head(s):

Ivan Sólyom; Richard Lock

Other key lawyers:

Alekszej Dubalár; Péter Homoki


‘They were are very diligent, know how to interpret the regulations, even when they are vague. We can ask very specific questions and we get the appropriate answer very soon.’

‘Excellent knowledge in data protection law issues’

‘Peter Homoki, excellent expertise, great to work with, and reliable and responsive.’

Key clients


Three Bond

American International School of Budapest




IQVIA (previously IMS Health)

Szentkirályi Kékkúti Ásványvíz, subsidiary of Karlovarské minerální vody

Work highlights

  • Advised Vodafone on the acquisition of Liberty Global’s operations in Hungary as part of a global deal and regarding all types of data protection matters.
  • Legal counsel to American International School in Budapest on all aspects of data privacy issues relating to its operations.
  • Advising MARS Group on all aspects of data privacy in relation to its production unit in Hungary, as well as its commercial units in Hungary, including MARS Multisales and Royal Canine.

Siegler Bird & Bird Ügyvédi Iroda

Bálint Halász at Siegler Bird & Bird Ügyvédi Iroda is the primary contact for data protection and privacy for national and international clients from the electronics, pharmaceutical, retail and IT sectors. Halász advises foreign clients on technical and specialised data retention, compliance and regulatory issues.

Practice head(s):

Bálint Halász

Key clients

National Gaming and Esports Federation

Taylor Wessing Hungary

Taylor Wessing Hungary offers data protection expertise in Hungarian, English and German, operating as a CEE hub assisting corporate clients with GDPR and other EU compliance matters, including data protection audits and data privacy issues. Practice head Dániel Ódor has a strong background conducting compliance audits for multinational clients in the telecoms, construction and food and drink sectors.

Practice head(s):

Dániel Ódor

Key clients

Chipita Hungary Kft.

Angelini Pharma

CML Construction Services Zrt. (Strabag)

AKA Zrt and A-WAY Zrt (subsidiaries of Strabag)

Hiya Inc.


Ekata Inc.

Work highlights

  • Advised the concession right holder (AKA Zrt.)/Hungarian subsidiaries of Strabag company and the public road operator (A-WAY Zrt.) of the Hungarian M5 motorway on data protection audit in connection with the entire operation of the 156.5km long M5 motorway, resolving specific and atypical data protection issues connected to the compliance of the operated traffic-safety camera system, axel weight system, emergency roadside telephone system, road patrol service and dispatcher centres among others.
  • Assisting Hiya, the international spam-blocking and caller identification service provider, with current data processing matters to ensure GDPR compliance.
  • Advised Chipita Hungary on the interpretation of specific national data processing provisions issued in connection with the Covid-19 pandemic.

VJT & Partners

Praised for its expertise across the whole spectrum of data protection, the team at VJT & Partners 'matches its high professional expertise with a client focused approach'. The team advises on complex audit projects, representing clients before the Hungarian Data Protection Authority, and is involved in the latest software developments, including advising Simplexxy on its development of Data Hawk, an automated solution for SMEs for GDPR  data compliance. János Tamás Varga, Endre Várady and Andrea Belényi are the key partners in the 'impressive team'. 

Practice head(s):

János Tamás Varga; Endre Várady

Other key lawyers:

Andrea Belényi


‘We are always able to sit down in a timely manner to talk about our data protection and GDPR process.’

‘VJT & Partners are in my view the “go to” law firm for data protection advice. I have referred clients to them over many years and their advice is timely and practical.’

‘Availability, quality of product and delivery. ’

‘Endre Varady and Andrea Belenyi. They are exceptional lawyers. They are always available to help. They give good comments and draft great responses to the HU Data Protection Authority.’

‘Impressive team. Both quality and knowledge are outstanding. ’

‘VJT & Partners is a go-to firm in data protection matters. VJT team has outstanding knowledge combined with client care and commercial mindedness. The team is capable of making operational even the most difficult GDPR issues.’

‘The team members have a wide range of theoretical and practical knowledge. Not only do they know the rules, but they can also apply them. They are also familiar with European practice. They express their legal position in an understandable, concise manner, supported by examples.’

‘In depth knowledge about data protection laws as well as value for money’

VJT team is unique as it perfectly matches its high professional expertise with a client focused approach. Key strengths:  Excellent communication: Masters of GDPR: Highly knowledgeable and up to date both in Hungarian and international data protection issues.’

Key clients



NN Insurance



Work highlights

  • Acted for Google in handling RTBF cases.
  • Advised Simplexxy on preparing the legal content of the Data Hawk, an automated, digital GDPR compliance product.

CERHA HEMPEL Dezső & Partners

The 'solution-oriented team' at CERHA HEMPEL Dezső & Partners is led by Tamás Polauf and senior associates Adrienn Dömők  and Edmond Kerényi. The group combines multidisciplinary expertise in TMT, IP, regulatory and commercial law to offer the full breadth of data protection and data privacy services.

Practice head(s):

Tamás Polauf; Adrienn Dömők; Edmond Kerényi


‘The team is well prepared for urgent tasks which may overlap in time. The team has members with extensive education and good track record of experience in the area of data protection.’

‘Very professional team, professionally outstanding, helpful.’

‘The team members are knowledgeable, fast, always available. For us, their perfect language skills are very important.’

‘The team shows great professionalism and expertise during the raised cases and also showed maximum flexibility. The reaction time was extremely short and solutions provided were 100% useful.’

‘ It is extremely easy to communicate with the team and it is very smooth. Regarding legal work they performed every aspect of legal work on time, high quality, relevant detailed and always clear on next steps that made our life easy.’

‘ The team is working efficiently, they are solution oriented with all the knowledge needed to deal with the legal tasks. ’

Key clients


Bauhaus Szakáruházak Kereskedelmi Bt.

Evobus Hungária Kft.

Hoerbiger Service Hungaria Korlátolt Felelősségű Társaság

Nemzetközi Vállalatok Magyarországi Társasága

Okkal Dobban Alapítvány

Steindl Imre Program Nonprofit Zrt.

Uniqa Raiffeisen Software Service Kft.

Ober Pénzügyi Lízing Zrt.

Work highlights

  • Assisting Bauhaus with every aspect of data protection in the everyday activity of the company with regard to its services, brick-and-mortar stores and e-commerce.
  • Assisted Steindl Imre Program Nonprofit in revising its data protection documentation.
  • Assisted Uniqa Raiffeisen Software Service (URSS) with its GDPR project as a whole, including advising URSS on its privacy or tech-related (e-signature) questions on a regular basis.

DLA Piper

DLA Piper's Budapest office is fully integrated into the wider firm's pan-European data protection, privacy and cybersecurity department. The team frequently works with the firm's network of offices to handle and coordinate Hungarian audits; GDPR compliance programmes; data loss prevention and breaches; and consumer protection regulations and global data transfer management, among others. The firm also utilises software and apps such as Notify and GDPR Mobile App/Toolkit to support clients with the risk classification of data breaches. TMT partner Zoltán Kozma and IP specialist Mónika Horváth are the key contacts.

Practice head(s):

Zoltán Kozma; Mónika Horváth

Key clients

ANTENNA Hungária Ltd.

Cognizant Technology Solutions Hungary Kft.

Rolls Royce Plc.

Reckitt Benckiser (RB) plc.

Schindler Management AG

Wizz Air Hungary Zrt.

Work highlights

  • Advised a technology company on the completion of DPIAs for new technologies implemented within the organisation, including consideration of data minimisation, consenting requirements (and how to obtain consent), and privacy by design and by default (including the use of encryption and pseudonymisation).
  • Advised a fast-moving consumer goods company on all aspects of the local implementation of a global data protection compliance programme, including design of the programme, development of the information governance framework, preparation of relevant policies, procedures, training material etc.
  • Advising a leading online retailer on all aspects of the implementation of its online business in Hungary including the operation and promotion of its online platform.

KPMG Legal Tóásó Law Firm

KPMG Legal Tóásó Law Firm has a strong data protection practice, which is headed by Bálint Tóásó who also chairs the data protection group within the global KPMG network. The firm primarily assists with GDPR preparation and compliance and as counsel in cases challenging resolutions made by the Hungarian Data Protection Authority.

Practice head(s):

Bálint Tóásó

Key clients

Raiffeisen Bank Zrt.

Üdvhadsereg Szabadegyház Magyarország (Salvation Army)

Amnesty International Magyarország

Amigos a Gyerekekért Alapítvány

Work highlights

  • Assisted EOS Faktor Magyarország, a debt collection agency, with a full-scale legal review of its processes in order to ensure the transparency of its operation and to facilitate its GDPR and data protection compliance.
  • Represented Raiffeisen Bank in several GDPR litigation cases, including securing a significant win against the DPA under the GDPR.
  • Advised Üdvhadsereg Szabadegyház Magyarország (The Salvation Army in Hungary) on a GDPR compliance audit regarding its core activities, as well as its back-office operations.

Oppenheim Ugyvedi Iroda

Oppenheim Ugyvedi Iroda has a strong regulatory and litigation background and regularly conducts data protection audits, advises on GDPR implementation and compliance projects and represents clients in regulatory proceedings. Ivan Bartal chairs the practice, which is a popular choice for telecoms, life sciences, food and drink, and banking clients.

Practice head(s):

Ivan Bartal

Key clients




LKH Leoni


HELL Energy

Vodafone Shared Services

Bank Gutmann




Mediszintech Audiológia Kft.


Tarsago Magyarország (formerly Reader’s Digest)

Réti, Várszegi and Partners PwC Legal

Réti, Várszegi and Partners PwC Legal fields a 'hands-on' team of 'deeply knowledgeable' lawyers who assist clients with implementation of GDPR and data protection internal policies and data privacy issues. It also works in tandem with colleagues to offer additional expertise in conducting audits and the data aspects of commercial transactions. Csilla Dékány and László Szűcs advice on data protection from the standpoint of IP and labour law.

Practice head(s):

Csilla Dékány; László Szűcs; Réka Mihola; Márta Zsédely


‘Deep knowledge of data privacy law and ability to provide complex legal advice, including other areas of law. Very responsive, easy to reach and quick to react. ’

‘In today’s quickly changing economic environment it is extremely important for companies to stay on top of the changes, and PWC provides excellent knowledge. They are also very hands-on with any questions that may arise. ’

‘Extremely hands-on, have excellent knowledge on the subject, and present it in a very kind manner. Their explanation of the questions we have are professional and clear, easily digestible for the average person. They are open to any discussion, they can be reached easily.’

Key clients

PricewaterhouseCoopers Magyarország Kft. PricewaterhouseCoopers Könyvvizsgáló Kft.

SEWS Komponens és Elektronika Európa Kft.

Festo Kft.

FESTO-AM Gyártó Kft.


SBGK fields a team of 'highly engaged professionals'. András György is experienced in the preparation of internal personal data processing policies, GDPR implementation and compliance, audits and data privacy, and also has expertise in data protection cases challenging the decision of the Hungarian Data Protection Authority. Krisztián Osztopáni is another name to note.

Practice head(s):

András György; Krisztián Osztopáni


‘Very responsive, reacts within a short time, highly engaged professionals. ’

‘Our company cooperates with Mr. Osztopani. He is an outstanding expert in the field of data protection, has a very wide and thorough knowledge. I do really appreciate that he always gives a clear and unambiguous legal opinion. He is always up to date, knows the newest international trends in data protection.’

Schoenherr Hetényi Ügyvédi Iroda

Schoenherr Hetényi Ügyvédi Iroda provides day-to-day data protection advice, as well as handling audits, GDPR compliance projects and assisting with due diligence and the implementation of internal policies. The practice has seen a growth in instructions in relation to the data protection aspects of monitoring employees and remote working, as well as in the retail and e-commerce sectors. Counsel Dániel Gera is the key figure.

Practice head(s):

Dániel Gera


‘Schoenherr Attorneys At Law is a reliable company in every respect: accurate, up-to-date, rapid and flexible as much as possible. Regarding Data privacy and data protection, they comply with the regulations 100 % from customer point of view.’

‘When asking for legal help, the direct partners are assisting in the whole process from the beginning to the end. In case of extremely important issues, they are always checking the results, and give feedback from time to time. It is really comforting for us as a customer that they are thorough and caring, and always up-to-date. ’

Key clients

BAUHAUS SZAKÁRUHÁZAK Kereskedelmi Betéti Társaság

Apple Inc.

Hays PLC

BMW Vertriebs GmbH

Makro Cz / Restu s.r.o.

M7 Real Estate Hungary Kft.

Manpower Business Solutions Kft.

Cargoe GmbH & Co KG Magyarországi Fióktelepe

Fressnapf-Hungária Kft.

Bystronic Magyarország Kft.

Work highlights

  • Advising BMW Vertriebs GmbH on the reorganisation of its sales companies in Hungary, Austria and Poland including setting-up the legal process of the transfer of the personal data of BMW’s clients and the direct marketing database to the new BMW entity from a data protection perspective.
  • Advising Bauhaus on its GDPR compliance project, including in the operation of its stores, such as the operation of the switchboard and the data exchange with the suppliers of Bauhaus in the case of warranty.

Wolf Theiss Faludi Erős Ügyvédi Iroda

Well regarded for its GDPR compliance offering, Wolf Theiss Faludi Erős Ügyvédi Iroda's team is 'results oriented'. Barnabás Buzási is the lead figure, assisting clients with the implementation of GDPR and a range of privacy issues, often with an IT, IP and labour law angle.

Practice head(s):

Barnabás Buzási


‘Up-to-date knowledge about cross-country relations as well taking responsibility for their job, real partnership and consultancy.’

‘Always kind and trying to find the most suitable solution, cooperative, not saying no, result-oriented with particular attention to the details.’

Key clients

Türk Telekom Hungary

International Flavors & Fragrances I.F.F. (Hungary) Kft.