GDPR

The GDPR touches anyone who collects or processes Europeans’ personal data, including companies and institutions outside the EU that are working in the European market. So it could be said that it affects all entities. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL targets companies, institutions and individuals who handle personal data – employees, customers, clients or suppliers – that being across segments and sectors. It also affects those who monitor or analyse user behaviour on the web, when using apps or smart technologies.

The aim of the GDPR is to protect the digital rights of EU citizens. Whether it is banking institutions, healthcare, public administration or e-shops, all will soon be faced with the need to adjust the manner in which they process personal data. In the event of a serious violation, companies will run the risk of heavy fines.

The GDPR was applied uniformly throughout the EU from 25 May 2018. In the Czech Republic, it replaced the current personal data protection legislation in the form of Directive 95/46/EC and the related Act No. 101/2000 Coll., on Personal Data Protection. The rights and obligations in the current Data Protection Act have been replaced by the rights and obligations under the GDPR.

After it was amended, the Personal Data Protection Act only regulated some aspects concerning the Personal Data Protection Office (e.g. its establishment, organization, etc.) and some sub-issues necessary to complete the overall framework of personal data protection which are not regulated by the GDPR or which the GDPR allows to be regulated at the national level. The GDPR assumes national regulation for certain aspects.