From 26 July, 2004, Czech data
protection laws have been changed to bring them into line with EU
law. The most important changes are:
- free movement of personal data within the EU
Because other member states are subject to the same
EU directive providing the same protection for the processing of
information about individuals, it is no longer necessary to seek
approval from the Czech supervisory authority when providing data
to another member state.
- greater regulation of data processing
Before a person holding personal data (the data
controller) can allow it to be processed (this includes using it,
altering it, organising it, disclosing it or destroying it) by
anyone else, other than its employees (the data processor), he must
obtain a written guarantee from the data processor that
satisfactory organizational and technical arrangements are in place
for the data processing activities.
Data controllers will need to attach
more importance to data protection legislation – something
they have often neglected to do in the past – as their
compliance comes under increasing scrutiny. This will come not only
from heightened public awareness of individual rights but also from
an increase in the number of inspections carried out by the Czech
supervisory authority.
On 1 January, 2006, data controllers will also need
the express consent of data subjects before processing their birth
numbers. Birth numbers are widely used by businesses as key
identifiers (of customers etc.) in databases because they provide
unambiguous identification of all Czech citizens. Data controllers
should start obtaining consents from all data subjects well in
advance of 2006 or they will need to use a different means of
identification both in new and existing information systems.
For further information please contact Jan Rataj at
jan.rataj@cms-cmck.com or on +420 221 098 871.