Czech Republic
definition for each stakeholder such as ‘Data Controller’, ‘Data Processor’, ‘Data Subject’ etc., are the same as under the GDPR. 4.2 Role and responsibilities of key stakeholders All key stakeholders must be able to prove that they fulfil all requirements stipulated by personal data protection laws, including the Czech local law and the GDPR. As for the language, the Office may require Czech translations or Czech versions of the Czech companies’ (as data controllers or data processors) documents on personal data processing/protection. Under the Czech law, there is no express provision regarding the language in which such internal guidelines/policies/documentation should be drafted. However, in the field of data protection the activity carried out by a controller/processor is subject to the investigation by Czech authorities, namely the Office, based on the Czech law. In this respect, the Czech authorities may require either bilingual documents or certified translations into Czech language of documents issued in a different language. Thus, at least a bilingual version including Czech version or a certified translation into Czech should be available for the relevant authorities. Requirements for Data Processing 5.1 Grounds for collection and processing Consent: No derivations from the GDPR.
Consent Notice: No derivations from the GDPR. Withdrawal of Consent: No derivations from the GDPR. 5.2 Data storage and retention timelines There are no explicit general rules stipulating data retention periods, only some special laws mention such periods. For example, personal data that need to be processed for accounting purposes must be, generally, kept for 5 years as of the end of accounting period for all accounting documents if not stipulated otherwise (under the Accounting Act), 10 years for financial statements and annual reports (under the Accounting Act), for VAT purposes (under the Value Added Tax Act) and for social security payments purposes (under the Act on Social Security Contributions and Contribution to the State Employment Policy) or generally for tax purposes (under the Act on Income Taxes and the Tax Code) and 30 years for pensions purposes must be kept up to (under the Act on the Organization and Implementation of Social Security). If the personal data are needed for debt collection they must be kept until the end of the first financial year following the financial year in which the debt was paid or obligation met (under the Accounting Act). Where accounting units use accounting records not only for the purpose pursuant to the Accounting Act, but also for other purposes, in particular for purposes relating to
www.peterkapartners.com/
Made with FlippingBook - PDF hosting