Bagdi, Katalin2021-06-282021-06-282019-07-20Debreceni Jogi Műhely, Évf. 16 szám 1-2 (2019) ,1787-775Xhttps://hdl.handle.net/2437/318148In most cases, the employer is the only one identified as a data controller in connection with employment relationships, even though other actors of employment such as the trade unions and the works councils also process data in relation to their activities carried out based on and in compliance with the Labour Code. Even so, while the data processing of the trade union does not raise any particular questions compared to other data controllers, issues do arise in connection with the works council. Works councils undeniably process the employees’ personal data in order to carry out their activities and fulfil their tasks, though without own assets and organisation separate from the employer’s, data processing of the works council could be attributed to the employer and considered as if it was the employer’s data processing, which would settle most of the possibly arising questions such as liability for infringing data protection rules. However, after the General Data Protection Regulation (GDPR) of the EU came into force in 2018, the definition of the data controller changed and includes now so-called “other bodies” as well, even if these bodies lack legal personality. Thus, the works council itself shall be considered as data controller which means that it must execute the obligations set in data protection rules. Despite the fact that based on the GDPR rules the works council shall be considered as data controller independent from other data controllers including the employer, this fact seems to be unknown for all relevant bodies, even for the data protection authority. Possibly because the works council is still thought to be a part of the employer’s organization and thus it is not obvious that the transfer of data between the employer and the works council is limited and conditional as they are two independent data controller, obliged to guard the employee’s relevant data even from one another. Hence, it is important to emphasize that the works council itself is an independent data controller in order to ensure a high level of protection for the employees. The aim of this paper therefore is to prove that the works council is clearly an independent data controller by analysing the relevant Hungarian and EU rules.n most cases, the employer is the only one identified as a data controller in connection with employment relationships, even though other actors of employment such as the trade unions and the works councils also process data in relation to their activities carried out based on and in compliance with the Labour Code. Even so, while the data processing of the trade union does not raise any particular questions compared to other data controllers, issues do arise in connection with the works council. Works councils undeniably process the employees’ personal data in order to carry out their activities and fulfil their tasks, though without own assets and organisation separate from the employer’s, data processing of the works council could be attributed to the employer and considered as if it was the employer’s data processing, which would settle most of the possibly arising questions such as liability for infringing data protection rules. However, after the General Data Protection Regulation (GDPR) of the EU came into force in 2018, the definition of the data controller changed and includes now so-called “other bodies” as well, even if these bodies lack legal personality. Thus, the works council itself shall be considered as data controller which means that it must execute the obligations set in data protection rules. Despite the fact that based on the GDPR rules the works council shall be considered as data controller independent from other data controllers including the employer, this fact seems to be unknown for all relevant bodies, even for the data protection authority. Possibly because the works council is still thought to be a part of the employer’s organization and thus it is not obvious that the transfer of data between the employer and the works council is limited and conditional as they are two independent data controller, obliged to guard the employee’s relevant data even from one another. Hence, it is important to emphasize that the works council itself is an independent data controller in order to ensure a high level of protection for the employees. The aim of this paper therefore is to prove that the works council is clearly an independent data controller by analysing the relevant Hungarian and EU rulesapplication/pdfüzemi tanács mint önálló adatkezelőfolyóiratcikkOpen Accesshttps://doi.org/10.24169/DJM/2019/1-2/1Debreceni Jogi Műhely1-216DJM1786-5158