Sat, Jun
67 New Articles

Data Protection In The Czech Republic

Real Estate in the Czech Republic

Czech Republic
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

On May 25, 2018, the personal data protection rules in the Czech Republic were substantially changed. Regulation (EU) 2016/679 of the European Parliament and of the Council – the General Data Protection Regulation, or GDPR – became directly applicable law in all EU Member States, after a two-year transition period. Thus, the principles of personal data protection in the Czech Republic, the rights, duties, and processing requirements are regulated primarily by the GDPR. 

In order to adapt the legal system of the Czech Republic to the GDPR, the new Act No. 110/2019 on Personal Data Processing (PDPA) was passed and finally came into effect on April 24, 2019. The PDPA fully replaced the older Personal Data Protection Act (No. 101/2000, as amended). The PDPA contains provisions that functionally complement the GDPR. It also regulates the jurisdiction of the Office for Personal Data Protection and personal data processing for safeguarding the defense and national security of the Czech Republic. 

Since the GDPR became effective, the Register of Data Controllers maintained by the Office for Personal Data Protection had been terminated. Thus, any registrations or notifications to the Office for Personal Data Protection towards processing personal data in the Czech Republic are no longer required.

A significant derogation from the GDPR, related to the limitation of certain rights and obligations, is stipulated in Section 11 of the PDPA. Articles 12 through 22, on rights of the data subject, and, as far as relevant, also Article 5, on principles relating to the processing of personal data, of the GDPR shall apply, mutatis mutandis. However, compliance with the controller’s or processor’s obligations and exercise of the data subject’s rights, laid down in those articles, could be postponed – if this is necessary and reasonable in terms of scope, to safeguard a protected interest. These include (a) the defense or security interests of the Czech Republic, (b) public policy and national security, prevention, investigation, or detection of criminal offenses, (c) prevention, investigation, detection, and prosecution of breaches of ethics for regulated professions, (d) protection of rights and freedoms of persons, (e) enforcement of civil law claims, among others. If the controller or processor limits the rights or obligations in that way, it must notify the Office for Personal Data Protection of any such limitations without undue delay.

Besides the GDPR and the PDPA, there are also some other statutes which are relevant in the data protection context, in particular Act No. 480/2004 on Certain Information Society Services, as amended, Act No. 127/2005 on Electronic Communications, as amended, and Act No. 181/2014 on Cyber Security, as amended.

The Act on Certain Information Society Services includes rules regarding spam and other unsolicited commercial communications. Any commercial communications may only be sent if a clearly identified recipient has given valid consent in advance, prior to the receipt of said communication. Recipients shall have the option to withdraw their consent in each commercial communication addressed to them, usually reflected in the unsubscribe line found at the end of an e-mail. Alternatively, the sender may rely on the soft opt-in exemption, which presumes the customer’s consent. Thus, the controller may send commercial communications to its current customers, about its own similar products or services, provided that the customer may easily prevent the sending of such commercial communications, using either the unsubscribe line at the end of an e-mail or other opt-out versions.

The Office for Personal Data Protection is the central administrative authority in the field of personal data protection which, inter alia, provides consultations and informs the public of the risks, rules, safeguards, and rights in relation to personal data processing. The Office for Personal Data Protection also adopts statements, summary materials, and recommendations. Most recently, the Office for Personal Data Protection published, inter alia, the Summary Material related to the verification of identity and processing of personal data, the Statement on a Digital Green Certificate (CovidPass), and the Recommendations on mandatory employee testing.

By Michal Matejka, Partner, and Bohdan Zubac, Attorney, PRK Partners 

This Article was originally published in Issue 8.8 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

PRK Partners at a Glance

PRK Partners, one of the leading Central European law firms, has been helping clients achieve their business objectives almost 30 years. Our team of lawyers, based in our Prague, Ostrava, and Bratislava offices, has a unique knowledge of Czech and Slovak law and of the business environment. Our lawyers studied at top law schools in the United States, United Kingdom, Switzerland and elsewhere. They also have experience working for leading international and domestic law firms in a number of jurisdictions. We speak your language, too. Our legal team is fluent in more than 15 languages, including all the key languages of the region.

PRK Partners has one of the most experienced legal teams on the market. We are consistently rated as one of the leading law firms in the region. We have received many significant honours and awards for our work. We represent the interests of international clients operating in the Czech Republic in an efficient way, combining local knowledge with an understanding of their global requirements in a business-friendly approach. We are one of the largest law firms in the Czech Republic and Slovakia. Our specialised teams of lawyers and tax advisors advise major global corporations as well as local companies. We provide comprehensive legal advice drawing on our profound knowledge of local law and markets.

Our legal advice delivers tangible results – as proven by our strong track record. We are the only Czech member firm of Lex Mundi, the world's leading network of independent law firms. As one of the leading law firms in the region, we have received many national and international awards, in some cases several years in a row. Honours include the Chambers Europe Award for Excellence, The Lawyer and Czech and Slovak Law Firm of the Year. Thanks to our close cooperation with leading international law firms and strong local players, we can serve clients in multiple jurisdictions around the globe. Our strong network means that we can meet your needs, wherever you do business.

PRK Partners has been repeatedly voted among the most socially responsible firms in the category of small and mid-sized firms and was awarded the bronze certificate at the annual TOP Responsible Firm of the Year Awards.

Our work is not only “business”: we have participated on a longstanding basis in a wide variety of pro bono projects and supported our partners from the non-profit sector (Kaplicky Centre Endowment Fund, Tereza Maxová Foundation, Czech Donors Forum, etc.).

Firm's website: www.prkpartners.com