Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.



Data Protection news from the Czech Republic

PrintMailRate-it

​New Act on Personal Data Processing in the Czech Republic

After a twelve-moth legislative process, the Czech Parliament has finally passed new Act No. 110/2019 Sb. on personal data processing, repealing and replacing existing Act No. 101/2000 Sb., this March. The Act is particularly an adaptation act following the General Data Protection Regulation (GDPR) which has been providing for a uniform regulation in the European Union since 25 May 2018.

Coming into effect on 24 April 2019, the new Act, in conjunction with the GDPR, finally brings for the Czech Republic the comprehensive regulation of personal data protection, including procedural provisions and tools. In addition to the Act on Personal Data Processing itself, an extensive accompanying act has been passed, amending a number of other laws in connection with the adoption of the Act on Personal Data Processing.  

Office for Personal Data Protection

In terms of business companies and entrepreneurs in general as controllers of personal data, the new Act is important particularly from the point of view of enforcing and controlling the GDPR requirements by a domestic supervisory authority, which is the Office for Personal Data Protection in the Czech Republic (in Czech: Úřad pro ochranu osobních údajů).

The Act on Personal Data Processing newly regulates not only the position and the operation of the Office, including supervision of controllers and processors carried out by the Office, but also a possibility to take measures to compensate the deficiencies and particularly to impose penalties for misdemeanours related to the breach of personal data processing and protection obligations that are laid down in Sections 61 to 65 of the Act.

In terms of entrepreneurs, there are crucial elements of a misdemeanour under Section 62 of the Act, i.e. a misdemeanour that is committed by a controller or processor so that he breaches obligations included therein under the affected provisions of the GDPR. It must be emphasized that the statutory restriction of the maximum penalty amount for such misdemeanour up to CZK 10,000,000 relates only to public bodies and authorities, not to business entities which may be generally imposed with a penalty under Art. 83(6) of the GDPR up to EUR 20,000,000, or up to 4% of the total annual turnover on global basis.

Special legal regulation

In relation to the general legal regulation of the GDPR, the Czech Act on Personal Data Processing contains special regulation only with regard to personal data processing carried out for journalistic purposes or for the academic, artistic or literary expression purposes as well as in relation to personal data protection during ensuring the defence and security interests of the Czech Republic.

As far as the special regulation of a child's age to have legal capacity to grant a consent to his or her personal data processing in relation to information society services (Art. 8 of the GDPR) is concerned, the age limit in the Czech Republic is set at 15 years.​​

Contact

Contact Person Picture

JUDr. Pavel Koukal

Attorney at law (Repubblica Ceca)

Associate Partner

+420 236 163 760

Invia richiesta

Rödl & Partner Czech Rep.

Discover more about our offices in Czech Republic. Read more »

Data Protection Bites

Our newsletter aims at collecting updates, news and insights on data protection matters worldwide, with a special focus on the GDPR. Read all releases »
Skip Ribbon Commands
Skip to main content
Deutschland Weltweit Search Menu