ILN Data Privacy Paper

Czech Republic concerning health) in section 66 (Transitory Provisions), together with other data referred to as “sensitive data” or „sensitive personal data“ in previous law and legal regulations (where these previous laws and/or regulation use the terms above, this basically means special categories of personal data under the GDPR). The implementation of Article 23.1 of GDPR: Article 23.1 of GDPR has been addressed in the Act on Processing of Personal Data implementing the GDPR in the Czech Republic, namely in Title II, Personal Data Processing Pursuant to Directly Applicable Regulation of the European Union, and Title IV, Personal Data Protection in Ensuring Defence and Security Interests of the Czech Republic. The implementation of Article 35.4 of GDPR: In the implementation of Article 35.4 of GDPR, the Office has issued the lists and the methodologies related to DPIA (the Office published not only the list of activities under the article 35(4) of the GDPR, but also the list of activities under the article 35(5) of the GDPR). The implementation of Article 35.10 of GDPR: Under section 10 of the Act on Personal Data Processing, the controller does not have to carry out an assessment of the impact of the processing on the protection of personal data (DPIA) before it begins, if the legal regulation requires him to carry out such processing of personal data.

The implementation of article 87 of GDPR: The regulation of the use of the birth (identification) number is contained in the Act No. 133/2000 Coll., on the Registration of Population and Birth Numbers and on the Amendment of Certain Acts (the Act on Population Registration). Pursuant to Section 13(9) of this act, only the natural person to whom the birth number has been assigned (or his / her legal representative) is entitled to use it or decide on its use within the limits stipulated by law; otherwise, the birth number may be used only in the cases specified in Section 13c of this act. The implementation of Article 88 of GDPR: The implementation of Article 88 of GDPR, which deals with processing in the context of employment, has been dealt with namely in section 316 of the Labour Code. 3.3 Territorial and extra-territorial application In general, the laws of the Czech Republic apply within the territory of the Czech Republic. As for the GDPR, the provisions of article 3 apply, including extraterritorial application of the GDPR. Legislative Framework 4.1 Key stakeholders There are no derivations based on the local law from the definitions in the GDPR, i.e., the

Made with FlippingBook - PDF hosting