The Czech Data Protection Act is not a complex data protection act, but it includes several exceptions and clarifications of GDPR rules within the national context. The exceptions include reduced informing requirements and lower administrative fines for specific controllers as well as exceptions for exercising certain data subject rights, etc. The clarifications include age specification for child consent, processing of personal data – i.e. if it is necessary for compliance with a legal obligation – and the performance of a task carried out in the public interest, etc.
In the following, you will find the additions and derogations to the GDPR on the most important topics of personal data protection for companies. If topics are not linked, there are no derogating or specifying provisions in the national data-protection law.
- Specific data protection law and official guidelines
- Material and territorial scope (no regulations deviating from the GDPR)
- Definitions
- Legal principles (no regulations deviating from the GDPR)
- Legal basis
- Sensitive data
- Information requirements
- E-marketing (new regulation by ePrivacy Regulation remains to be seen)
- Online data protection (new regulation by ePrivacy Regulation remains to be seen)
- Automated decision-making (no regulations deviating from the GDPR)
- Rights of data subjects
- Processing on behalf of a controller (no regulations deviating from the GDPR)
- Records of processing activities
- Data security (no regulations deviating from the GDPR)
- Data breaches
- Data protection impact assessment (DPIA)
- Data protection officer
- Certification
- Data transfer
- Supervisory authorities
- Sanctions and penalties
- Data protection for employees
- Archiving, scientific and historical research
