Czech Republic
for the shortcomings are eliminated in accordance with the determined measures or immediately after the breach of obligation is found, the Office may decide not to impose fines. If the fines are imposed, the general rules of the GDPR apply. Infringements of the GDPR are subject to administrative fines up to EUR 20,000,000, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher. their elimination. If In case of commercial messages, legal entities may be fined up to CZK 10,000,000 (approximately EUR 405,000) for disseminating commercial communications in violation of the Certain Information Society Services Act. The Czech Office for Personal Data Protection (Office) is the authority for supervision of compliance with this act. In addition, fines and other measures may apply under the GDPR in case of breach of rules for processing of personal data (please see above). Unsolicited/harassing phone calls (i.e., also marketing phone calls without consent unless the exception applies) are considered misdemeanours under the Act on Electronic Communications. The Czech Telecommunication Office supervises compliance with the Czech Act on Electronic Communications, and has the authority to issue binding decisions, including prohibitions or orders and fines for violations. Legal entities may be fined up to CZK 50,000,000
(approximately EUR 2,022,000) or 10 % of the total worldwide annual turnover of the preceding financial year for unsolicited/harassing phone calls in violation of the Act on Electronic Communications. has implemented the GDPR mainly through the Act on Processing of Personal Data, as mentioned above. There are also other laws that deal with the same or similar issues as the GDPR, but the GDPR remains the main law in the area of data protection, and there are only very few additional requirements and derivations from the GDPR in the Czech Republic. Conclusion The Czech Republic As for the new legislation, the new Act on Cyber Security (effective as of 1 November 2025 in the Czech Republic) implementing the NIS 2 Directive will substantially broaden the number of entities to which this new Czech law will apply (from approx. 400 entities under the previous law to approx. 6,000 entities under the new law). THIS IS NOT LEGAL ADVICE. This document provides general information on the current relevant legislation in the Czech Republic as of January 19, 2024. We remain at your entire disposal to analyse specific cases.
www.peterkapartners.com/
Made with FlippingBook - PDF hosting