Úřad pro ochranu osobních údajů
Pplk. Sochora 27
170 00 Praha 7
Tel. +420 234 665 800
Tasks and powers of the Czech supervisory authority
The Czech Data Protection Authority is responsible for supervising the lawfulness of personal data processing and compliance with data protection legislation. The Czech Data Protection Authority’s supervisory activities must comply with the GDPR, Czech Data Protection Act, Act No. 255/2012 Coll. on inspections (the Inspection Code), Act No. 250/2016 Coll. on liability for offenses and proceedings on the same and Act No. 500/2004 Coll., the Administrative Code.
Administrative supervisory activities of the Czech Data Protection Authority are divided into two basic phases:
- detection and evaluation – in particular, the conducting inspections
- remedies or sanctions – the relevancy of this phase depends on the result of the detection and evaluation phase.
The primary task of the Czech Data Protection Authority in accordance with Article 57(1) of the GDPR is to:
- monitor and enforce the application of this Regulation;
- handle complaints lodged by a data subject or by specific bodies, and investigate, to the extent appropriate, the subject matter of the complaint and inform the person who issued the complaint of the progress and outcome of the investigation within a reasonable period, in particular if further investigation or coordination with another supervisory authority is necessary. The data subject may lodge the complaint via a specific form specific form (in Czech).
- conduct investigations on the application of the GDPR, which includes information received from another supervisory authority or other public authority.
The Czech Data Protection Authority publishes anonymised results of its inspections (in Czech).
Additionally, the Czech Data Protection Authority plays a significant consulting role in the area of personal data protection. It provides consultations on the application of the GDPR to representatives of professional and industrial associations. It expresses its views on specific proposals for procedures to fulfil obligations imposed on such controllers, including their relationship with data subjects whose personal data they process. It also provides consultations to individual controllers and data subjects who believe that their personal data is being processed by a controller in violation of the law. It publishes more widely available results from its consulting activities on its website (in Czech) and in justified cases, it organizes a public discussion on draft methodological materials intended for the general public.
On an ongoing basis, the Czech Data Protection Authority also publishes translations of Guidelines of the European Data Protection Board (in Czech).