Data protection and operation of the e-shop

Have you set up or want to set up an e-shop? Do you collect email addresses, contacts or other data about your customers? Then you need to think about data protection.

E-shopy a spotřebitelské spory
4 minutes of reading

The protection of individuals’ personal data is an often neglected area of regulation. It can bring many unpleasant surprises to start-ups and established businesses alike. What are the most important requirements imposed by this regulation? And how to effectively prevent problems with the authorities, but also with “data subjects” (i.e. customers or prospective customers)?

Consent to the processing of personal data

If you use your website users’ personal data for purposes other than purely to supply them with the goods or service you offer, you will most likely need consent to process their data for those purposes.

Consent must include the purpose of the processing and information about what personal data it is given for, as well as to which controller and for what period. The processor must be able to demonstrate the existence of consent throughout the processing of the personal data.

The user’s consent is commonly obtained for the dissemination of commercial communications (sending newsletters), telemarketing, transferring personal data to other entities (e.g. sharing client databases), etc. Although there is a not very broad exception in the law for these purposes as well, and it is therefore possible to do without the user’s consent in certain circumstances, it is certainly always better and legally safer for the e-shop operator to obtain consent from the user.

If an e-shop operator obtains a customer’s contact details by, for example, providing a service to the customer in the past or obtaining them from a public list, it may send the customer a newsletter by email without the consent of that user to the processing of the data. However, the operator must allow the user to easily unsubscribe from receiving the email.

Solutions Tailored for You

Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.

If the operator decides to obtain the user’s consent, it is advisable to obtain it by an active step on the part of the user. For example, by clicking on a website button or by ticking the appropriate box. This functionality can then be linked to a database, which will directly include those users who have given their consent and with whom the e-shop operator will be able to continue marketing.

Information obligation

Consent to the processing of personal data must also be accompanied by appropriate information on the purpose and method of such processing.

The instruction must include the following information: (i) the scope and purpose of the processing of the personal data, (ii) who will process the personal data and how, and (iii) to whom the personal data may be disclosed. The user must also be informed of the right of access to the personal data, the right to rectification and other rights granted by the Data Protection Act.

It is strongly recommended that the required information is clearly listed in one place or linked (e.g. by a link) to the text of the consent to the processing of personal data.

Registration with the DPOA

If an e-shop operator intends to use the personal data collected from users beyond the mere performance of a contract with a client, it must register as a data controller with the Data Protection Authority. It must register before it starts processing personal data. Registration can be done online using the form available on the website of the Authority. There are a few exceptions to the registration obligation, as with consent. However, even with registration, it is better to carry it out and not rely on exceptions. This is doubly true in the case of large or dynamic e-shops that collect large amounts of personal data.


Do you intend to use cookies? A cookie is a small piece of data that is stored on your computer, tablet or mobile device after you visit a website. “Cookies” are used, among other things, to distinguish user preferences and to help the website remember certain information about you the next time you visit. If you intend to use cookies on your website, you should put special measures in place for them. These measures include a typical bar that alerts the user to the use of cookies and obtains consent from the user. It will also link to information where the user can read how your website works with cookies and what it uses them for.

Technical and organisational measures

Last but not least, the e-shop operator should think about technical and organisational measures when managing personal data. These measures include in particular: (i) securing users’ personal data (physically – e.g. bars, software – firewall), (ii) developing security guidelines, (iii) using backup technologies and many others.

Are you solving a similar problem?

Dostupný advokát team of online lawyers will solve it for you.

Solutions Tailored for You

Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.

Preset Prices
All services pre-priced for no surprises.
We Do Everything Online
Save time, money and the hassle of travel.
We Work Fast
90 % of issues get solved by the following day.
Experienced Team
We have specialists for every field of law.

Has this content helped you? Give it a rating

No rating yet. Be first to rate and help others.

Author of the article

JUDr. Ondřej Preuss, Ph.D.

Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.

  • Law, Ph.D, Pf UK in Prague
  • Law, L’université Nancy-II, Nancy
  • Law, Master’s degree (Mgr.), Pf UK in Prague
  • International Territorial Studies (Bc.), FSV UK in Prague

Reviews of the Dostupný advokát service

Recenze služby

Jitka Salačová, Praha 6 – Řepy

before 4 years

In 2016 our Homeowner Association faced an unexpected event which led to the need for legal help. We reviewed many professional legal services, and chose Dostupný advokát because they remain available for contact practically anytime, without charging extra for being outside work hours. In addition, Mr. Preuss is available to speak with by phone, email (zobrazit více) and Skype, and he never fails to be respectable and discrete. We can confidently confirm the excellent quality of his service, loyalty and availability online.

Recenze služby

Štěpán Mičunek, Vsetín district

before 4 years

I contacted Dostupný advokát because I needed help with a non-payer. Dostupný advokát gave me advice on how to proceed. The dispute became a court issue, where I was represented by Dostupný advokát. I won the court case and I can fully recommend their service.

Recenze služby

Monika Holcátová, Prague

before 3 years

Your reputation is well deserved. All our contracts were done quickly and accurately. In addition, Dostupný advokát explained the legal regulations for our property easement, which I found critical to our success because as a layman I had no idea what problems that could cause us. I have no suggestions for improving your service, because (zobrazit více) I am completely satisfied.

View All Testimonials

You could also be interested in

About us in public media
Logo Česká advokátní komora Logo Advokátní kancelář roku 2023 a 2024
Follow the news
Facebook Dostupný advokát Twitter / X Dostupný advokát