Personal data protection
Act no. 122/2013 of the Codex as amended
Act no. 122/2013 about the personal data protection
and its application
An amendment to the Act about personal data protection is in force from the year 2013. This amendment assigned to the companies an obligation to to protect all personal data they work with throughout the business activities performed. Personal data are tied to the individuals only, so the data of corporate entities or self-employed are not concerned. Among the most common personal data belong name, surname, address, date of birth, identification number, or combination of these data. Some conditions of the Act were changed by full wording of the Act under no. 84/2014 in May 2014. In addition to this, the Office for personal data protection issues various guidelines that have explanatory nature of some of the act requirements. Mainly it includes requirements related to usage of video surveillance systems, e-shops, cloud services, biometric data and alike.
Our portfolio of services in the personal data protection area
We supported many companies with implementation of the Act about personal data protection. I doesn't matter what is the company's core business, usually each company has at least employees, whose personal data have to be protected. This protection is documented in a security directive or in a security project, depending on if you process the data on a computer that is or is not connected to the internet. Each company has different "kinds" of the personal data, that have to be protected. Due to this, the initial analysis of so called (based on the law definition) "information systems" is the key for creating security documentation that is tailored to the needs.
- 1Initial status analysisit is necessary to create an initial analysis in each company, to properly meet legal requirements. This analysis consists of the identification of "information systems", authorized persons, intermediaries and overall definition of the physical space, where the personal data are processed
- 2Elaboration of the registration cards of the information systemsmost of the information systems does not have to be reported to the Office for personal data protection, but evidence of them has to be available in the company
- 3Elaboration of authorized persons guidancethe authorized persons have to be instructed, how to process personal data they come into contact with, so it is assured the protection against damage, misuse or lost respectively.
- 4Elaboration of the contracts with the intermediariesintermediaries are companies that process personal data on behalf of the organization (e.g. company providing accounting, IT services, etc.); so the organization has to assure that the data provided to the intermediary are as well protected and confidential
- 5Elaboration of the risk analysisthe analysis of risks that influence the data protection is important part of setting up the preventive actions - technical, personal or organizational
- 6Elaboration of the security directivesecurity directive covers technical, organizational and personal measures for the personal data protection in the company
- 7Elaboration of the security projectoverall summary of the security measures, risk analysis methodology as well as the physical definition of the space where the personal data are processed or located respectively, is covered in the security project
- 8Assistence by the information systems reporting or individual registration in the Office respectivelyby meeting some of the requirements of the Act, the information system has to be reported to the Office for personal data protection (e.g. video-surveillance system or marketing campaings), or has to be individually registered respectively (processing of biometric data - attendance system using fingerprints)
- 9Update and review of the alignment with the Act no. 122/2013a condition of the act talks about regular inspection activities oriented to the adherence to the rules of personal data protection, review of the risks set as well as about the update of the security documentation from the amendment of the law point of view