Are you sure that your documentation and established privacy procedures are in accordance with the GDPR, the interpretative guidelines and the new Act on Personal Data Processing?
Soon it will be a year since the GDPR came into effect. The interpretation of the GDPR and many practical issues are still the subject of new interpretative materials and guidelines issued by the Czech Office for Personal Data Protection (the “Czech DPA“) and the European Data Protection Board (formerly WP 29).
After major sanctions imposed in other EU countries (e.g. a EUR 50,000,000 fine by a supervisory authority in France), the Czech DPA has also initiated checks of GDPR compliance and imposed fines for violations (the highest fine so far being CZK 250,000).
Following the GDPR, the new Act on Personal Data Processing has been in force in the Czech Republic since 24 April 2019. Among other things, this Act introduces exceptions to some of the controller’s obligations under the GDPR, such as:
- an exemption from the obligation to assess the compatibility of processing purposes;
- exceptions to the controller’s obligation to inform data subjects about the processing and their rights; or
- an exemption from the data protection impact assessment.
It is not always easy for controllers and processors to keep up with the current rules. On the other hand, the broad debate triggered by the introduction of the GDPR and freely available information about the GDPR have resulted in greater awareness among data subjects, who are increasingly exercising their rights with controllers and processors (often over and above their rights under the GDPR) or lodging complains to the Czech DPA, which can now be done via a simple online form available on its website. We can therefore expect a greater administrative burden for controllers and processors in this area as well as an increasing number of Czech DPA inspections.
Personal data protection and data privacy is one of our key practices at DELTA legal and our lawyers have also prepared a commentary on the GDPR for the Codexis law system. In case of your interest, we would be happy to conduct a GDPR audit focusing on the riskiest areas or a more targeted analysis according to your needs and wishes.
Subscribe to our newsletter:
By submitting this contact form you agree to subscribe to our Legal newsletter and to the use of your personal data (e-mail) to send it. After you log in, we will send you an e-mail message to verify the availability of your e-mail address, and after receiving confirmation you will be included in the database of Legal newsletter recipients. We will send you Legal newsletters approximately once every two weeks. Your e-mail address is safe with us and we will take care of it as long as you subscribe to the Legal newsletter. You can unsubscribe at any time by sending a request to email@example.com or by clicking in the footer of each Legal newsletter. We will remove your personal information from the database after the termination of communication.