0A4F4F9BD490A749D5437F821CF06DF1
General Privacy/Data Protection Guidelines
https://www.uoou.cz/gdpr-strucne/ds-4843/p1=4843
http://leaux.net/URLS/ConvertAPI Text Files/70D19857805F73A6F925369C7C4FF88B.en.txt
Examining the file media/Synopses/70D19857805F73A6F925369C7C4FF88B.html:
This file was generated: 2020-07-14 08:19:28
Indicators in focus are typically shown highlighted in yellow; |
Peer Indicators (that share the same Vulnerability association) are shown highlighted in pink; |
"Outside" Indicators (those that do NOT share the same Vulnerability association) are shown highlighted in green; |
Trigger Words/Phrases are shown highlighted in gray. |
Link to Orphaned Trigger Words (Appendix (Indicator List, Indicator Peers, Trigger Words, Type/Vulnerability/Indicator Overlay)
Applicable Type / Vulnerability / Indicator Overlay for this Input
Health / Drug Usage
Searching for indicator influence:
(return to top)
p.(None): Česky English
p.(None): Office for Personal Data Protection
p.(None): Topics
p.(None): Basic links OFFICE OPINIONS AND DECISIONS OF THE OFFICE PRESS RELEASE MEDIA CONTACT
p.(None): Path: Home> Main menu> GDPR (General Regulation)> Basic Information> General Regulation (GDPR) in brief
p.(None): GDPR (General Regulation)
p.(None): General Regulation (GDPR) in brief
p.(None): Basic information
p.(None): General Regulation (GDPR) On the protection of personal data in a concise and clear manner
p.(None): briefly
p.(None): Basic guide to protection Although the protection of personal data in our country has been in force since 1992, although the authority established by the Personal Data Protection Act controls
p.(None): data obligations imposed by this law for almost two decades, for many who did not worry about the law as if it were
p.(None): Ten Mistakes A New Thing.
p.(None): Questions and Answers on Under the influence of a campaign unleashed around the General Data Protection Regulation (GDPR), mainly for the purpose of winning a series
p.(None): The General Regulation (GDPR) of the consultancy companies wonder what news the bloody Brussels is coming up with again. The campaign is accompanied by a number
p.(None): The role of the ÚOOÚ incorrect and misleading information, disseminated in the media and also in some lectures. For many, they are
p.(None): also the terms used by the law, such as "processing of personal data", which are operations with personal data, are unclear
p.(None): Obligations of administrators carried out and only covered by this protection. So not on every use of any person's data in any situation, how
p.(None): The instructions of the European Corps are often mistaken for those who identify the protection of personal data with the protection of personality under the Civil Code.
p.(None): Other similar concepts are, for example, the "data subject", the data subject, the "controller", who is the
p.(None): (EDPB) personal data, either at its own discretion or because it is its legal duty, and the "processor", which is
p.(None): someone else whom the administrator entrusts to him by contract.
p.(None): Right to information
p.(None): Let us therefore try, without using these terms and with still permissible simplification in four points, to describe the basic
p.(None): needs to be done to protect personal data and what new is added to the general data protection regulation.
p.(None): Poradna
p.(None): 1. Reason
...
Social / Marital Status
Searching for indicator single:
(return to top)
p.(None): The second generally applicable obligation is to report cases of personal data breaches to the Office for Personal Protection
p.(None): data pursuant to Article 33 of the GDPR (within 72 hours of the detection of such an incident). Serious incidents with
p.(None): the expected serious consequences, not when one paper is accidentally loaded from another paper-based register into another drawer,
p.(None): where it can be found in an hour. If a data leak occurs, for example, in a bank where you have money deposited,
p.(None): as a result, the bank will be obliged to notify you, and in extreme cases by public announcement of such
p.(None): serious incident.
p.(None): Codes and certificates - voluntarily
p.(None): If, in some sectors, such as business, the same or very similar activities with personal data occur,
p.(None): a code of conduct may be drawn up, for example, by a professional association. Signing up for such a code illustrates the desire to be
p.(None): in accordance with the general regulation, but is not compulsory, as well as a personal data protection certificate that will be possible
p.(None): but it will also not be mandatory.
p.(None): Privacy Officer - Just Someone
p.(None): Authorities and other bodies that decide on citizens' rights, including schools, will have to appoint protection officers
p.(None): personal data, a person who will address this issue and draw attention to any shortcomings. It's supposed, that
p.(None): will understand the privacy issues in the industry. The assignee may be both the employee and the employee
p.(None): externista. This makes it possible to use the possibility that a single agent can carry out such an activity for several offices,
p.(None): schools, but also hospitals, because they will also be obliged to appoint a commissioner in terms of a large amount of data on
p.(None): health status of patients in the hospital information system. But the assistant cannot be the head of the organization or department
p.(None): computer science because it would be in conflict of interest.
p.(None): Impact assessment and consultation with the Office - just someone
p.(None): Like the appointment of a trustee, there is no impact assessment on personal data protection and prior consultation with the Office for Data Protection
p.(None): the protection of personal data by the obligations generally applicable, it concerns those who intend to carry out large-scale risky personal data
p.(None): operations involving, for example, the extensive profiling of people via the Internet for marketing purposes
p.(None): detailed information about their private life, or the risk lies in the use of new technologies used,
p.(None): eg a large amount of patient health data. The list of these operations will be the Office for Personal Protection
p.(None): data published.
p.(None): Penalties - always proportionate
p.(None): Flagrant violations of general obligations imposed in such risky large-scale operations
p.(None): the volume of data, usually by large multinationals, may be subject to the maximum sanction imposed by the general regulation,
p.(None): reaching significant amounts. It is nonsense to scare a smaller company or school with such sanctions, as is the extravagance
...
Social / Police Officer
Searching for indicator officer:
(return to top)
p.(None): The General Regulation (GDPR) of the consultancy companies wonder what news the bloody Brussels is coming up with again. The campaign is accompanied by a number
p.(None): The role of the ÚOOÚ incorrect and misleading information, disseminated in the media and also in some lectures. For many, they are
p.(None): also the terms used by the law, such as "processing of personal data", which are operations with personal data, are unclear
p.(None): Obligations of administrators carried out and only covered by this protection. So not on every use of any person's data in any situation, how
p.(None): The instructions of the European Corps are often mistaken for those who identify the protection of personal data with the protection of personality under the Civil Code.
p.(None): Other similar concepts are, for example, the "data subject", the data subject, the "controller", who is the
p.(None): (EDPB) personal data, either at its own discretion or because it is its legal duty, and the "processor", which is
p.(None): someone else whom the administrator entrusts to him by contract.
p.(None): Right to information
p.(None): Let us therefore try, without using these terms and with still permissible simplification in four points, to describe the basic
p.(None): needs to be done to protect personal data and what new is added to the general data protection regulation.
p.(None): Poradna
p.(None): 1. Reason
p.(None): Protection Officer In order to collect and use information about a category of people, such as our customers or employees,
p.(None): of personal data we have to have a (legal) reason. Very often it is the contracts we conclude with them. Employment contracts with
p.(None): employees, sales or other contracts with customers.
p.(None): Obviously published Such a reason is of course the law that imposes it, eg when keeping records of citizens by state authorities, but also when
p.(None): accounting and payroll information in a private company. In some cases, the reason may be to protect our rights, e.g.
p.(None): if the camera is guarding our valuable property from a thief or vandal. Other times it may be in the public interest in information about certain
p.(None): Legislation for persons, in particular publicly known or publicly active.
p.(None): However, such information and its use cannot unduly interfere with their private life. If we do not find any of
p.(None): for these reasons, and yet we would like to get data about people, such as what goods they prefer,
p.(None): they should be asked to agree to keep such data. But we have to remember that consent is voluntary,
p.(None): Supervisory and decision-making activities cannot be made conditional upon the conclusion of a contract, and when the customer revokes it, he has the right to have such data deleted.
p.(None): Commercial Communication When a customer has already bought or ordered something from us, we do not need to obtain their consent to send us another offer of our goods
...
p.(None): Activity logs - all
p.(None): It will be necessary to keep a record of the activities carried out with the personal data. It is advisable to prepare a form with
p.(None): enter in the boxes the information required by Article 30 of the GDPR (record of contracts, records of employees,
p.(None): or discount program for customers, etc.). This should not take more than 10-15 minutes.
p.(None): Reporting Security Violations - Everyone
p.(None): The second generally applicable obligation is to report cases of personal data breaches to the Office for Personal Protection
p.(None): data pursuant to Article 33 of the GDPR (within 72 hours of the detection of such an incident). Serious incidents with
p.(None): the expected serious consequences, not when one paper is accidentally loaded from another paper-based register into another drawer,
p.(None): where it can be found in an hour. If a data leak occurs, for example, in a bank where you have money deposited,
p.(None): as a result, the bank will be obliged to notify you, and in extreme cases by public announcement of such
p.(None): serious incident.
p.(None): Codes and certificates - voluntarily
p.(None): If, in some sectors, such as business, the same or very similar activities with personal data occur,
p.(None): a code of conduct may be drawn up, for example, by a professional association. Signing up for such a code illustrates the desire to be
p.(None): in accordance with the general regulation, but is not compulsory, as well as a personal data protection certificate that will be possible
p.(None): but it will also not be mandatory.
p.(None): Privacy Officer - Just Someone
p.(None): Authorities and other bodies that decide on citizens' rights, including schools, will have to appoint protection officers
p.(None): personal data, a person who will address this issue and draw attention to any shortcomings. It's supposed, that
p.(None): will understand the privacy issues in the industry. The assignee may be both the employee and the employee
p.(None): externista. This makes it possible to use the possibility that a single agent can carry out such an activity for several offices,
p.(None): schools, but also hospitals, because they will also be obliged to appoint a commissioner in terms of a large amount of data on
p.(None): health status of patients in the hospital information system. But the assistant cannot be the head of the organization or department
p.(None): computer science because it would be in conflict of interest.
p.(None): Impact assessment and consultation with the Office - just someone
p.(None): Like the appointment of a trustee, there is no impact assessment on personal data protection and prior consultation with the Office for Data Protection
p.(None): the protection of personal data by the obligations generally applicable, it concerns those who intend to carry out large-scale risky personal data
p.(None): operations involving, for example, the extensive profiling of people via the Internet for marketing purposes
p.(None): detailed information about their private life, or the risk lies in the use of new technologies used,
...
Searching for indicator police:
(return to top)
p.(None): or services, most often sent to his email. However, as soon as they reply that they do not want such commercial communication, sending is required
p.(None): Abandon quotes at its address. Unless there is any other reason for publication in the database of stored personal data, eg.
p.(None): employee contact information for contact with customers is also required to disclose personal information
p.(None): agreement. There are special reasons to be able to obtain and use categories of data that could be
p.(None): Schengen (information systems abused to discriminate against people, eg health data).
p.(None): EU)
p.(None): 2. Principles
p.(None): ORG information system We should always realize first of all why we need or want to get data about some people. It is then necessary
p.(None): to come up with a request to provide data so that we don't unnecessarily record information about those people that we actually have
p.(None): We do not need publications. The scope of the data should therefore be minimal in order to achieve what we have set ourselves. We should take care of
p.(None): that the data obtained are accurate and that their accuracy is verified. Possibility to verify the accuracy of the identity card data concerned
p.(None): persons are not excluded, however, copying the ID card and passport is, with the exceptions stipulated by law, inadmissible.
p.(None): Pro mládež
p.(None): Recorded data cannot be used contrary to the original objective. For example, there is plenty on the camera record
p.(None): visual information about all persons who entered the monitored area. They shall be kept for a reasonable period to:
p.(None): eventually it was possible to provide the police with information about the offender. However, they cannot be used as unfounded
p.(None): monitoring neighbors, perhaps just because someone did not clean their shoes, or to disproportionately control employees on
p.(None): workplace.
p.(None): Another principle is to have data as long as necessary. The time can vary a lot in different cases. From several
p.(None): days of camera recording, when it is clear that nothing extraordinary happened at that time, up to decades at the statutory
p.(None): storage of some documents, such as payroll sheets. The retention period does not always end
p.(None): some activities, eg termination of employment or fulfillment of contractual arrangements. Both deadlines should be taken into account
p.(None): provided for by law for the retention of certain documents, as well as any limitation periods for the possibility of bringing legal proceedings; and
p.(None): in the case of paper documents also the retention period.
p.(None): 3. Information
p.(None): Most misunderstandings and complaints arise because people do not receive enough information about why their personal information
p.(None): they provide and what will happen to this data, to whom they will be passed. The data subject is therefore already in need of the data subject
p.(None): provide such information to a person, preferably in writing, whether at the point where the data is obtained or otherwise
p.(None): through the website.
p.(None): Other rights that people can exercise if you store and use their personal information are also to be respected. Right to
p.(None): they have to provide information about their data not only at the moment of their provision, but they can also ask questions later. if
p.(None): this does not affect the rights of other persons, everyone has the right to provide a copy of his data. However, you can request for another copy
...
p.(None): authorized to work with certain data. For larger and more complex systems, it is also necessary to make electronic records that:
p.(None): allows you to identify and verify when, who, and for what reason, the data, the so-called logs.
p.(None): Safety rules should also be observed for electronic means used on various journeys, such as
p.(None): not to be left unattended in a car. Personal data must also be adequately secured during transmission
p.(None): by electronic means. It is necessary to realize that common email communication is not very secure. Sometimes it even
p.(None): compared to the postcard equivalent. In some cases, it is appropriate to choose a safer form of transmission
p.(None): information, eg by encrypting them. The encrypted file can also be sent by less secure forms of communication. It is always necessary
p.(None): consider the desirability of sending unsecured documents containing larger pensions of personal data (or sensitive)
p.(None): through freemail services. However, this does not mean that it would never be possible to use the freemail service, for example if
p.(None): it is only a simple agreement with the customer or sending any risky information.
p.(None): If you pass on personal information, such as your customers or employees, to someone else to work with for you and
p.(None): instead of you, you need to sign a contract with him to commit to protecting your data as much as you do. Without such a contract you would
p.(None): for the transfer of data to other persons outside the company or organization, they must have obtained the consent of the person concerned, if not
p.(None): a request by the police or other state authority that has the right to request the data necessary for its activities and is obliged to do so
p.(None): to provide them.
p.(None): 5. What has been added to the General Data Protection Regulation (GDPR) since 25 May 2018?
p.(None): For a smaller company that only keeps records of contracts with its customers and records of employees, not so much.
p.(None): Activity logs - all
p.(None): It will be necessary to keep a record of the activities carried out with the personal data. It is advisable to prepare a form with
p.(None): enter in the boxes the information required by Article 30 of the GDPR (record of contracts, records of employees,
p.(None): or discount program for customers, etc.). This should not take more than 10-15 minutes.
p.(None): Reporting Security Violations - Everyone
p.(None): The second generally applicable obligation is to report cases of personal data breaches to the Office for Personal Protection
p.(None): data pursuant to Article 33 of the GDPR (within 72 hours of the detection of such an incident). Serious incidents with
p.(None): the expected serious consequences, not when one paper is accidentally loaded from another paper-based register into another drawer,
p.(None): where it can be found in an hour. If a data leak occurs, for example, in a bank where you have money deposited,
p.(None): as a result, the bank will be obliged to notify you, and in extreme cases by public announcement of such
p.(None): serious incident.
p.(None): Codes and certificates - voluntarily
p.(None): If, in some sectors, such as business, the same or very similar activities with personal data occur,
...
Social / Property Ownership
Searching for indicator home:
(return to top)
p.(None): Česky English
p.(None): Office for Personal Data Protection
p.(None): Topics
p.(None): Basic links OFFICE OPINIONS AND DECISIONS OF THE OFFICE PRESS RELEASE MEDIA CONTACT
p.(None): Path: Home> Main menu> GDPR (General Regulation)> Basic Information> General Regulation (GDPR) in brief
p.(None): GDPR (General Regulation)
p.(None): General Regulation (GDPR) in brief
p.(None): Basic information
p.(None): General Regulation (GDPR) On the protection of personal data in a concise and clear manner
p.(None): briefly
p.(None): Basic guide to protection Although the protection of personal data in our country has been in force since 1992, although the authority established by the Personal Data Protection Act controls
p.(None): data obligations imposed by this law for almost two decades, for many who did not worry about the law as if it were
p.(None): Ten Mistakes A New Thing.
p.(None): Questions and Answers on Under the influence of a campaign unleashed around the General Data Protection Regulation (GDPR), mainly for the purpose of winning a series
p.(None): The General Regulation (GDPR) of the consultancy companies wonder what news the bloody Brussels is coming up with again. The campaign is accompanied by a number
p.(None): The role of the ÚOOÚ incorrect and misleading information, disseminated in the media and also in some lectures. For many, they are
p.(None): also the terms used by the law, such as "processing of personal data", which are operations with personal data, are unclear
p.(None): Obligations of administrators carried out and only covered by this protection. So not on every use of any person's data in any situation, how
...
Searching for indicator property:
(return to top)
p.(None): Other similar concepts are, for example, the "data subject", the data subject, the "controller", who is the
p.(None): (EDPB) personal data, either at its own discretion or because it is its legal duty, and the "processor", which is
p.(None): someone else whom the administrator entrusts to him by contract.
p.(None): Right to information
p.(None): Let us therefore try, without using these terms and with still permissible simplification in four points, to describe the basic
p.(None): needs to be done to protect personal data and what new is added to the general data protection regulation.
p.(None): Poradna
p.(None): 1. Reason
p.(None): Protection Officer In order to collect and use information about a category of people, such as our customers or employees,
p.(None): of personal data we have to have a (legal) reason. Very often it is the contracts we conclude with them. Employment contracts with
p.(None): employees, sales or other contracts with customers.
p.(None): Obviously published Such a reason is of course the law that imposes it, eg when keeping records of citizens by state authorities, but also when
p.(None): accounting and payroll information in a private company. In some cases, the reason may be to protect our rights, e.g.
p.(None): if the camera is guarding our valuable property from a thief or vandal. Other times it may be in the public interest in information about certain
p.(None): Legislation for persons, in particular publicly known or publicly active.
p.(None): However, such information and its use cannot unduly interfere with their private life. If we do not find any of
p.(None): for these reasons, and yet we would like to get data about people, such as what goods they prefer,
p.(None): they should be asked to agree to keep such data. But we have to remember that consent is voluntary,
p.(None): Supervisory and decision-making activities cannot be made conditional upon the conclusion of a contract, and when the customer revokes it, he has the right to have such data deleted.
p.(None): Commercial Communication When a customer has already bought or ordered something from us, we do not need to obtain their consent to send us another offer of our goods
p.(None): or services, most often sent to his email. However, as soon as they reply that they do not want such commercial communication, sending is required
p.(None): Abandon quotes at its address. Unless there is any other reason for publication in the database of stored personal data, eg.
p.(None): employee contact information for contact with customers is also required to disclose personal information
p.(None): agreement. There are special reasons to be able to obtain and use categories of data that could be
p.(None): Schengen (information systems abused to discriminate against people, eg health data).
p.(None): EU)
p.(None): 2. Principles
p.(None): ORG information system We should always realize first of all why we need or want to get data about some people. It is then necessary
p.(None): to come up with a request to provide data so that we don't unnecessarily record information about those people that we actually have
...
Social / employees
Searching for indicator employees:
(return to top)
p.(None): The role of the ÚOOÚ incorrect and misleading information, disseminated in the media and also in some lectures. For many, they are
p.(None): also the terms used by the law, such as "processing of personal data", which are operations with personal data, are unclear
p.(None): Obligations of administrators carried out and only covered by this protection. So not on every use of any person's data in any situation, how
p.(None): The instructions of the European Corps are often mistaken for those who identify the protection of personal data with the protection of personality under the Civil Code.
p.(None): Other similar concepts are, for example, the "data subject", the data subject, the "controller", who is the
p.(None): (EDPB) personal data, either at its own discretion or because it is its legal duty, and the "processor", which is
p.(None): someone else whom the administrator entrusts to him by contract.
p.(None): Right to information
p.(None): Let us therefore try, without using these terms and with still permissible simplification in four points, to describe the basic
p.(None): needs to be done to protect personal data and what new is added to the general data protection regulation.
p.(None): Poradna
p.(None): 1. Reason
p.(None): Protection Officer In order to collect and use information about a category of people, such as our customers or employees,
p.(None): of personal data we have to have a (legal) reason. Very often it is the contracts we conclude with them. Employment contracts with
p.(None): employees, sales or other contracts with customers.
p.(None): Obviously published Such a reason is of course the law that imposes it, eg when keeping records of citizens by state authorities, but also when
p.(None): accounting and payroll information in a private company. In some cases, the reason may be to protect our rights, e.g.
p.(None): if the camera is guarding our valuable property from a thief or vandal. Other times it may be in the public interest in information about certain
p.(None): Legislation for persons, in particular publicly known or publicly active.
p.(None): However, such information and its use cannot unduly interfere with their private life. If we do not find any of
p.(None): for these reasons, and yet we would like to get data about people, such as what goods they prefer,
p.(None): they should be asked to agree to keep such data. But we have to remember that consent is voluntary,
p.(None): Supervisory and decision-making activities cannot be made conditional upon the conclusion of a contract, and when the customer revokes it, he has the right to have such data deleted.
p.(None): Commercial Communication When a customer has already bought or ordered something from us, we do not need to obtain their consent to send us another offer of our goods
p.(None): or services, most often sent to his email. However, as soon as they reply that they do not want such commercial communication, sending is required
p.(None): Abandon quotes at its address. Unless there is any other reason for publication in the database of stored personal data, eg.
p.(None): employee contact information for contact with customers is also required to disclose personal information
p.(None): agreement. There are special reasons to be able to obtain and use categories of data that could be
p.(None): Schengen (information systems abused to discriminate against people, eg health data).
p.(None): EU)
p.(None): 2. Principles
p.(None): ORG information system We should always realize first of all why we need or want to get data about some people. It is then necessary
p.(None): to come up with a request to provide data so that we don't unnecessarily record information about those people that we actually have
p.(None): We do not need publications. The scope of the data should therefore be minimal in order to achieve what we have set ourselves. We should take care of
p.(None): that the data obtained are accurate and that their accuracy is verified. Possibility to verify the accuracy of the identity card data concerned
p.(None): persons are not excluded, however, copying the ID card and passport is, with the exceptions stipulated by law, inadmissible.
p.(None): Pro mládež
p.(None): Recorded data cannot be used contrary to the original objective. For example, there is plenty on the camera record
p.(None): visual information about all persons who entered the monitored area. They shall be kept for a reasonable period to:
p.(None): eventually it was possible to provide the police with information about the offender. However, they cannot be used as unfounded
p.(None): monitoring neighbors, perhaps just because someone did not clean their shoes, or to disproportionately control employees on
p.(None): workplace.
p.(None): Another principle is to have data as long as necessary. The time can vary a lot in different cases. From several
p.(None): days of camera recording, when it is clear that nothing extraordinary happened at that time, up to decades at the statutory
p.(None): storage of some documents, such as payroll sheets. The retention period does not always end
p.(None): some activities, eg termination of employment or fulfillment of contractual arrangements. Both deadlines should be taken into account
p.(None): provided for by law for the retention of certain documents, as well as any limitation periods for the possibility of bringing legal proceedings; and
p.(None): in the case of paper documents also the retention period.
p.(None): 3. Information
p.(None): Most misunderstandings and complaints arise because people do not receive enough information about why their personal information
p.(None): they provide and what will happen to this data, to whom they will be passed. The data subject is therefore already in need of the data subject
p.(None): provide such information to a person, preferably in writing, whether at the point where the data is obtained or otherwise
p.(None): through the website.
p.(None): Other rights that people can exercise if you store and use their personal information are also to be respected. Right to
p.(None): they have to provide information about their data not only at the moment of their provision, but they can also ask questions later. if
p.(None): this does not affect the rights of other persons, everyone has the right to provide a copy of his data. However, you can request for another copy
p.(None): reasonable fee. Other rights include the right to correct inaccurate data, the right to object, eg against another
p.(None): sending marketing offers, as well as the right to delete data, but only if there is no other reason to keep it.
p.(None): 4. Security
p.(None): If you only have people's data on paper documents and not on your computer, they are protected only if they are kept
p.(None): in the form of registration of natural persons.
p.(None): Paper documents must be kept in a locked desk drawer or locked when not in use.
p.(None): the closet and not left in an unlocked room if the person who is to work with it leaves it. The data stored in
p.(None): a computer or other electronic device can only be accessed by someone who is correctly based on the correct password
p.(None): authorized to work with certain data. For larger and more complex systems, it is also necessary to make electronic records that:
p.(None): allows you to identify and verify when, who, and for what reason, the data, the so-called logs.
p.(None): Safety rules should also be observed for electronic means used on various journeys, such as
p.(None): not to be left unattended in a car. Personal data must also be adequately secured during transmission
p.(None): by electronic means. It is necessary to realize that common email communication is not very secure. Sometimes it even
p.(None): compared to the postcard equivalent. In some cases, it is appropriate to choose a safer form of transmission
p.(None): information, eg by encrypting them. The encrypted file can also be sent by less secure forms of communication. It is always necessary
p.(None): consider the desirability of sending unsecured documents containing larger pensions of personal data (or sensitive)
p.(None): through freemail services. However, this does not mean that it would never be possible to use the freemail service, for example if
p.(None): it is only a simple agreement with the customer or sending any risky information.
p.(None): If you pass on personal information, such as your customers or employees, to someone else to work with for you and
p.(None): instead of you, you need to sign a contract with him to commit to protecting your data as much as you do. Without such a contract you would
p.(None): for the transfer of data to other persons outside the company or organization, they must have obtained the consent of the person concerned, if not
p.(None): a request by the police or other state authority that has the right to request the data necessary for its activities and is obliged to do so
p.(None): to provide them.
p.(None): 5. What has been added to the General Data Protection Regulation (GDPR) since 25 May 2018?
p.(None): For a smaller company that only keeps records of contracts with its customers and records of employees, not so much.
p.(None): Activity logs - all
p.(None): It will be necessary to keep a record of the activities carried out with the personal data. It is advisable to prepare a form with
p.(None): enter in the boxes the information required by Article 30 of the GDPR (record of contracts, records of employees,
p.(None): or discount program for customers, etc.). This should not take more than 10-15 minutes.
p.(None): Reporting Security Violations - Everyone
p.(None): The second generally applicable obligation is to report cases of personal data breaches to the Office for Personal Protection
p.(None): data pursuant to Article 33 of the GDPR (within 72 hours of the detection of such an incident). Serious incidents with
p.(None): the expected serious consequences, not when one paper is accidentally loaded from another paper-based register into another drawer,
p.(None): where it can be found in an hour. If a data leak occurs, for example, in a bank where you have money deposited,
p.(None): as a result, the bank will be obliged to notify you, and in extreme cases by public announcement of such
p.(None): serious incident.
p.(None): Codes and certificates - voluntarily
p.(None): If, in some sectors, such as business, the same or very similar activities with personal data occur,
p.(None): a code of conduct may be drawn up, for example, by a professional association. Signing up for such a code illustrates the desire to be
p.(None): in accordance with the general regulation, but is not compulsory, as well as a personal data protection certificate that will be possible
p.(None): but it will also not be mandatory.
p.(None): Privacy Officer - Just Someone
p.(None): Authorities and other bodies that decide on citizens' rights, including schools, will have to appoint protection officers
p.(None): personal data, a person who will address this issue and draw attention to any shortcomings. It's supposed, that
...
General/Other / Relationship to Authority
Searching for indicator authority:
(return to top)
p.(None): Česky English
p.(None): Office for Personal Data Protection
p.(None): Topics
p.(None): Basic links OFFICE OPINIONS AND DECISIONS OF THE OFFICE PRESS RELEASE MEDIA CONTACT
p.(None): Path: Home> Main menu> GDPR (General Regulation)> Basic Information> General Regulation (GDPR) in brief
p.(None): GDPR (General Regulation)
p.(None): General Regulation (GDPR) in brief
p.(None): Basic information
p.(None): General Regulation (GDPR) On the protection of personal data in a concise and clear manner
p.(None): briefly
p.(None): Basic guide to protection Although the protection of personal data in our country has been in force since 1992, although the authority established by the Personal Data Protection Act controls
p.(None): data obligations imposed by this law for almost two decades, for many who did not worry about the law as if it were
p.(None): Ten Mistakes A New Thing.
p.(None): Questions and Answers on Under the influence of a campaign unleashed around the General Data Protection Regulation (GDPR), mainly for the purpose of winning a series
p.(None): The General Regulation (GDPR) of the consultancy companies wonder what news the bloody Brussels is coming up with again. The campaign is accompanied by a number
p.(None): The role of the ÚOOÚ incorrect and misleading information, disseminated in the media and also in some lectures. For many, they are
p.(None): also the terms used by the law, such as "processing of personal data", which are operations with personal data, are unclear
p.(None): Obligations of administrators carried out and only covered by this protection. So not on every use of any person's data in any situation, how
p.(None): The instructions of the European Corps are often mistaken for those who identify the protection of personal data with the protection of personality under the Civil Code.
p.(None): Other similar concepts are, for example, the "data subject", the data subject, the "controller", who is the
p.(None): (EDPB) personal data, either at its own discretion or because it is its legal duty, and the "processor", which is
p.(None): someone else whom the administrator entrusts to him by contract.
p.(None): Right to information
...
p.(None): allows you to identify and verify when, who, and for what reason, the data, the so-called logs.
p.(None): Safety rules should also be observed for electronic means used on various journeys, such as
p.(None): not to be left unattended in a car. Personal data must also be adequately secured during transmission
p.(None): by electronic means. It is necessary to realize that common email communication is not very secure. Sometimes it even
p.(None): compared to the postcard equivalent. In some cases, it is appropriate to choose a safer form of transmission
p.(None): information, eg by encrypting them. The encrypted file can also be sent by less secure forms of communication. It is always necessary
p.(None): consider the desirability of sending unsecured documents containing larger pensions of personal data (or sensitive)
p.(None): through freemail services. However, this does not mean that it would never be possible to use the freemail service, for example if
p.(None): it is only a simple agreement with the customer or sending any risky information.
p.(None): If you pass on personal information, such as your customers or employees, to someone else to work with for you and
p.(None): instead of you, you need to sign a contract with him to commit to protecting your data as much as you do. Without such a contract you would
p.(None): for the transfer of data to other persons outside the company or organization, they must have obtained the consent of the person concerned, if not
p.(None): a request by the police or other state authority that has the right to request the data necessary for its activities and is obliged to do so
p.(None): to provide them.
p.(None): 5. What has been added to the General Data Protection Regulation (GDPR) since 25 May 2018?
p.(None): For a smaller company that only keeps records of contracts with its customers and records of employees, not so much.
p.(None): Activity logs - all
p.(None): It will be necessary to keep a record of the activities carried out with the personal data. It is advisable to prepare a form with
p.(None): enter in the boxes the information required by Article 30 of the GDPR (record of contracts, records of employees,
p.(None): or discount program for customers, etc.). This should not take more than 10-15 minutes.
p.(None): Reporting Security Violations - Everyone
p.(None): The second generally applicable obligation is to report cases of personal data breaches to the Office for Personal Protection
p.(None): data pursuant to Article 33 of the GDPR (within 72 hours of the detection of such an incident). Serious incidents with
p.(None): the expected serious consequences, not when one paper is accidentally loaded from another paper-based register into another drawer,
p.(None): where it can be found in an hour. If a data leak occurs, for example, in a bank where you have money deposited,
p.(None): as a result, the bank will be obliged to notify you, and in extreme cases by public announcement of such
p.(None): serious incident.
p.(None): Codes and certificates - voluntarily
p.(None): If, in some sectors, such as business, the same or very similar activities with personal data occur,
...
Orphaned Trigger Words
p.(None): schools, but also hospitals, because they will also be obliged to appoint a commissioner in terms of a large amount of data on
p.(None): health status of patients in the hospital information system. But the assistant cannot be the head of the organization or department
p.(None): computer science because it would be in conflict of interest.
p.(None): Impact assessment and consultation with the Office - just someone
p.(None): Like the appointment of a trustee, there is no impact assessment on personal data protection and prior consultation with the Office for Data Protection
p.(None): the protection of personal data by the obligations generally applicable, it concerns those who intend to carry out large-scale risky personal data
p.(None): operations involving, for example, the extensive profiling of people via the Internet for marketing purposes
p.(None): detailed information about their private life, or the risk lies in the use of new technologies used,
p.(None): eg a large amount of patient health data. The list of these operations will be the Office for Personal Protection
p.(None): data published.
p.(None): Penalties - always proportionate
p.(None): Flagrant violations of general obligations imposed in such risky large-scale operations
p.(None): the volume of data, usually by large multinationals, may be subject to the maximum sanction imposed by the general regulation,
p.(None): reaching significant amounts. It is nonsense to scare a smaller company or school with such sanctions, as is the extravagance
p.(None): amounts substantially in excess of the amount of fines imposed by the Office for Personal Data Protection imposed on external audits are in accordance with
p.(None): non-guaranteeing regulations. Any penalties for breach of the obligations of the General Regulation will be proportionate as yet;
p.(None): in any case, they cannot be liquidated.
p.(None): Context
p.(None): Placing: Document folders> Sitemap> Main menu> GDPR (General Regulation)> Basic Information> General Regulation (GDPR)
p.(None): briefly
p.(None): View current documents archive of documents documents including archive
p.(None): Sign In | Site map Mobile version About the site Terms of use of the Office logo Cookies | RSS | Contact
p.(None): Copyright © 2013 Office for Personal Data Protection. All rights reserved.
...
Appendix
Indicator List
Indicator | Vulnerability |
authority | Relationship to Authority |
employees | employees |
home | Property Ownership |
influence | Drug Usage |
officer | Police Officer |
police | Police Officer |
property | Property Ownership |
single | Marital Status |
Indicator Peers (Indicators in Same Vulnerability)
Indicator | Peers |
home | ['property'] |
officer | ['police'] |
police | ['officer'] |
property | ['home'] |
Trigger Words
consent
protect
protection
risk
sensitive
Applicable Type / Vulnerability / Indicator Overlay for this Input