Copying personal documents becomes lawful

The entry into force of the Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (‘new AML’) on 26 June 2017 has a particular significance from a data protection perspective. Now the new regulation makes it possible to photocopy and store the documents of a personally appearing client which is a 180-degree change compared to the previous regulations.
 
According to the provisions of the new AML, for customer due diligence, service providers are required to make a copy of the personal documents and store them, which means that from 26 June 2017 service providers can refer to their statutory obligation under the new AML in any privacy proceeding. Lawfully made copies are to be stored for 8 years.
 
Under the old AML the service providers (such as financial, insurance, real estate companies) were obliged to check the data of their customers they were entering into a business relation with upon the establishment of the business relation in order to cross-check particular personal data. However, administrators of the service providers would have been entitled to view the documents only, it was a common practice to copy and store them.
 
It has been clearly stated in a recent judicial review decision following a data protection procedure of the Hungarian National Authority for Data Protection and Freedom that this practice was unlawful and could have led to the imposition of a data protection fine. Such data control was unlawful even if the customer gave his/her consent to the copying of the personal document and their storing.
 
The court’s decision is unambiguous in respect of the unlawfully made copies: these documents are to be destroyed and service providers cannot even avoid it by referring to the new AML.
 
If you believe that your data processing does not meet any of the above requirements or you have further questions in the topic please contact our experts at Ecovis Hungary Legal. We are at your disposal!