Support Centre

Czechia

Summary

Law: Act No. 110/2019 Coll. on Personal Data Processing ('the Act') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')

Regulator: Office for Personal Data Protection ('UOOU')

Summary: The Act is the main piece of privacy regulation in Czechia and transposes the GDPR. The Act establishes the UOOU as the supervisory authority regarding data protection, designating the UOOU with supervisory responsibilities, including performing audits, publishing Standard Contractual Clauses ('SCCs'), investigating complaints in relation to breaches of obligations laid down by law, and imposing fines. Article 89(3) of the Act No. 127/2005 Coll. Of 22 February 2005 on Electronic Communications and on Amendment to Certain Related Acts ('the Electronic Communications Act') implements the Directive on Privacy and Electronic Communications (2002/58/EC) (as amended) ('the ePrivacy Directive'). Czechia has, since the 2009 amendment of the ePrivacy Directive, retained the 'opt-out' system, meaning that the Electronic Communications Law does not reflect the 'opt-in' consent requirement under the amended ePrivacy Directive. In relation to Data Protection Impact Assessments ('DPIA'), the UOOU has issued both a list of activities which require a DPIA (i.e. a blacklist) and a list of activities which do not require a DPIA (only available in Czech here).

Insights

This Insight article delves into the recent adoption of the Act on the Protection of Whistleblowers (the Act) in Czechia, highlighting changes for employers. It covers key rules, the role of designated competent persons, and control mechanisms, offering practical recommendations for companies adjusting to the new whistleblowing regulations.

Cookies have become an integral part of web browsing. However, the use of cookies has raised several privacy and security concerns. Under Czech law, website operators are required to obtain visitors' consent before storing non-technical cookies on their devices. In this Insight article, Tomáš Matějovský, Daniel Szpyrc, and Jakub Kabát, from CMS Cameron McKenna Nabarro Olswang, advokáti, v.o.s., delve into practical strategies for implementing cookie consent mechanisms. They also provide an overview of frequently asked questions (FAQs) regarding cookie banners and consents, only available in Czech, and recently published by the Czech Office for Personal Data Protection (UOOU).

A new and updated draft Bill on the Protection of Whistleblowers ('the Draft Bill') was published on 29 April 2022 and, if enacted, is expected to come into force on 1 July 2023. Michal Nulíček and Anna Cervanova, from Rowan Legal, break down key updates and aspects of the Draft Bill, comparing it to the Directive on the Protection of Persons who Report Breaches of Union Law (Directive (EU) 2019/1937) ('the Whistleblowing Directive').

The processing of personal data relating to criminal convictions under Article 10 of the General Data Protection Regulation (Regulation (EU) 2016/679 ('GDPR') outlines that the processing of such data is subject to additional restrictions. OneTrust DataGuidance Research breaks down Member State requirements regarding the processing of personal data related to criminal offences for employment purposes in the Czech Republic, Germany, and Spain, featuring insights from Bartoš Vojtěch and Ema Černá, from Havel & Partners s.r.o, Clemens Ganz and Dr. Isabelle Brams, from Latham & Watkins LLP, and Juan Ignacio Alonso Dregi, from Ceca Magán. Part one focuses on Member State requirements in France, Portugal, and Italy.

We recently published an article about the amendment to Act No. 127/2005 Coll. Of 22 February 2005 on Electronic Communications ('the Electronic Communications Act'), which introduced a significant change to the use of cookies and telemarketing. The key change consists of replacing the opt-out regime with an opt-in one, our previous article summarised the change and its implications for businesses. However, since the amendment came into force, many questions have been asked and specific situations in daily practical life have challenged the authorities, lawyers, experts, and others connected to law and business. Daniel Szpyrc, Jakub Kabát, and Tomáš Matějovský, from CMS Cameron McKenna Nabarro Olswang, advokáti, v.o.s., discuss the most recent developments in this article.

Act No. 127/2005 Coll. Of 22 February 2005 on Electronic Communications and on Amendment to Certain Related Acts ('the Electronic Communications Act') regulates the use of cookies and telemarketing in the Czech Republic. This regulation will soon be amended as the Czech Parliament has introduced a conceptual change from an opt-out to opt-in regime regarding cookies and telemarketing. This change requires a new technical solution to be found and legal policies updated. Daniel Szpyrc, Jakub Kabát, and Tomáš Matějovský, from CMS Cameron McKenna Nabarro Olswang, advokáti, v.o.s., provide insight into the new legislation and how businesses can start preparing.

Feedback