The possibility to restrict or delay the rights of a data subject
In case that it is necessary and adequate to secure a protected interest (see the section on Definitions), pursuant to Article 11 of the Czech Data Protection Act, the controller may:
- apply GDPR provisions regulating how data subject rights are exercised, such as right to access, right to erasure, etc. (Articles 12 to 22 GDPR)) and general GDPR principles (Article 5 GDPR) in an adequate manner or
- delay the application of these provisions.
The controller has an obligation to inform the Czech Data Protection Authority, without undue delay, of any such restriction.
The possibility to transfer or make accessible personal data that are restricted pursuant to Article 18 of the GDPR
Pursuant to Article 13 of the Data Protection Act, in the case that personal data processing was restricted pursuant to Article 18 of GDPR, the controller or the processor is obliged to transfer or make such data accessible, in the case that any legislation requires the controller or processor to carry out such an obligation.