Privacy Laws

Czech data protection compared to the GDPR

The Czech flag in the foreground and the capital in the background. — © Michaela Jílková / stock.adobe.com | #76873092

General overview

The Czech Data Protection Act is not a complex data protection law but contains several exceptions and clarifications of GDPR rules in the national context. Exceptions include reduced information obligations and lower administrative fines for certain controllers, as well as exemptions for the exercise of certain data subject rights. Clarifications include age specifications for children's consent, the processing of personal data, i.e., when necessary to fulfill a legal obligation, and the performance of a task carried out in the public interest.

GDPR opening clauses

Czech Republic has specific regulations for the processing of data related to minors, the processing of data for journalistic purposes, and the processing of data for scientific research.

Key differences and national particularities

Specific data protection law and official guidelines

Czech Republic has specific data protection laws and official guidelines. These provide detailed information and guidance on compliance with data protection provisions in Czech Republic.

Legal basis and sensitive data

Czech Republic has specific regulations concerning the legal basis for data processing and the processing of sensitive data. Companies must ensure that they adequately inform data subjects about the processing of their data.

E-Marketing and online data protection

There are regulations regarding e-marketing and online data protection in the Czech Republic. However, it is important to note that a new regulation through the ePrivacy Regulation is still pending.

Data subject rights

The rights of data subjects in the Czech Republic are detailed. Companies should ensure that they respect these rights.

Data Protection Impact Assessments (DPIAs) and Data Protection Officer (DPO)

Companies in the Czech Republic should ensure they conduct DPIAs in accordance with Czech regulations. Additionally, there are regulations concerning the appointment of a Data Protection Officer.

Conclusion

Czech Republic has adopted many of the GDPR guidelines but has also introduced some national particularities. Companies operating in Czech Republic or conducting business with Czech citizens should ensure they fully understand and comply with both the GDPR and the Czech Data Protection Act.

Write email

Group	external media
Name	Calendly
Technical name	_cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy	https://calendly.com/privacy
Use	To arrange appointments via the provider Calendly.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Used to protect the encrypted website (HTTPS) from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user-friendliness. Data entered in forms is stored for a short time, for example, if the user makes an input error and receives an error message. Otherwise, all data would have to be entered again.
Allowed
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider	Contao
Expire in days	0
Privacy policy
Use	Saves a visitor's information as soon as they log in to the frontend.
Allowed