Czech Republic
i s performed pursuant to a special act (Act no. 255/2012 Coll., on Inspection (Inspection Code), as amended). The Office does not deal with disputes between the controllers or the processors and data subjects or other natural or legal persons/entities arising from contractual or pre-contractual relations. The Office is also responsible for dealing with data subjects’ complaints on unsolicited commercial messages under the Act on Certain Information Society Services (i.e., it receives and solves these complaints). Role, functions, and powers of additional or ancillary data regulation authorities (if applicable): In the Czech Republic, the National Cyber and Information Security Agency (NÚKIB) supervises observance of the legal obligations laid down for the obliged persons by the Cyber Security Act. The Czech Telecommunication Office is responsible for dealing with data subjects’ complaints against unsolicited marketing phone calls under the Act on Electronic Communications (i.e., it receives and solves these complaints). 8.3 Role, function,s and powers of civil/criminal courts in the field of data regulation The Czech civil courts deal with disputes between the controllers or the processors and data subjects or other natural or legal persons/entities arising from contractual or pre-contractual relations and also from the liability relations (damages).
The Czech administrative courts decide on administrative actions filed against decisions of the Czech administrative bodies/authorities, including the Office as mentioned in point 6.1 above. The Czech criminal courts deal with crimes committed in the field of data protection, such as Unauthorised Use of Personal Data under section 180(2), Unauthorised Access to Computer Systems and Information Media under section 230(2) or Violation of Copyright, Rights Related to Copyright and Database Rights under section 270 of the Czech Penal Code (the Act no. 40/2009 Coll.). Consequences of non-compliance 9.1 Consequences and penalties for data breach Infringements of the GDPR are subject to administrative fines up to EUR 20,000,000, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher. 9.2 Consequences and penalties for other violations and non- compliance If the Office finds that obligations imposed by the law have been breached, the Office will determine which measures must be adopted to eliminate the established shortcomings and set a deadline
www.peterkapartners.com/
Made with FlippingBook - PDF hosting