Imagine that every click, every email, every web registration leaves a digital footprint. Now imagine that someone can freely trade or misuse that data. That’s why the GDPR was created – a revolutionary regulation that, starting in 2018, has changed the rules of the game not only for companies, but also for us, ordinary internet users. How has it changed since its introduction and how does it affect the daily lives of businesses?
More or less all of us leave some kind of footprint in the digital world almost all the time – when we order goods online, when we subscribe to a newsletter or when we post a photo on a social network. Every such activity touches personal data in some way. That’s why rules have been created to ensure that our data doesn’t fall into the wrong hands. The most important of these is GDPR, the General Data Protection Regulation.
TheGDPR acronym comes from the English General Data Protection Regulation, so we translate it as the General Data Protection Regulation. The GDPR applies in all member states of the European Union and as such takes precedence over national laws. In the Czech Republic, it is supplemented by Act No. 110/2019 Coll., on the processing of personal data, often referred to as the GDPR Act or the Personal Data Protection Act.
The legal framework for the protection of personal data already existed before the GDPR. In the Czech Republic, we were governed by the Personal Data Protection Act. This law was based on Directive 95/46/EC, which came into force in 1995. However, the problem was that each country in the European Union interpreted this directive a little differently. The result was a fragmented legal environment, with companies in each country having to follow different rules. This needed to be adjusted with increasing globalisation and the expanding digital world.
The technology boom started in the 1990s. The 1990s guidelines failed to respond adequately to phenomena such as social networks, e-shops, cloud storage or mobile applications. People became increasingly concerned about how easily their personal data could be misused and that they had no control over what happened to their information. Thus, it was not only necessary but also desirable to start protecting data better.
Use our GDPR audit service to see if all your company’s processes are set up to comply with the law. An in-depth audit may reveal areas that need work. Do so before you pay the price for your ignorance.
The main objectives the GDPR was intended to achieve are:
The European Commission prepared a proposal for the GDPR back in 2012. However, after several years of negotiations, the GDPR regulation was finally approved only in 2016, with a two-year transition period. As of 25 May 2018, it is now directly applicable in all EU Member States without the need for a national law – this is different from the previous directive.
The introduction of the General Data Protection Regulation already caused a great wave of uncertainty before 2018. Companies, institutions and authorities prepared hastily, often fearing huge fines. At the time, many myths were created (for example, that you can’t even save an email in your address book without consent) and hundreds of questions from parents poured into schools.
However, over time, the whole situation has calmed down. Larger companies began to systematically introduce and set up internal processes. Smaller businesses and sole traders have much lower requirements to meet, but they have also had to learn how to, for example, inform clients about how their data is being handled.
The positive benefit was that clients began to have more confidence in how their data was being handled by firms. At the same time, they all gained a better understanding of where and how their personal data was being stored. Practical changes have translated into, for example, more information about data protection on websites, more checkboxes during registrations, which can now do without consent, or increased caution when communicating with third party data.
Although the GDPR itself has not yet undergone any substantial amendments since 2018, there are interpretations, additions and impacts of the decision-making practice of courts and supervisory authorities. For example, the CJEU has clarified that even an IP address can be personal data. New case law is emerging that addresses CCTV and audio recording. The rules on cookies have tightened and a standard of so-called cookie bars has been introduced where any user has the possibility to refuse tracking. With the boom in artificial intelligence, there is also increasing talk of a possible update of the GDPR law with regard to international data transfers.
Tip: In recent years, there has been a growing popularity of services that offer the possibility to find your ancestors using DNA. This area is also closely related to GDPR. Read more about it in our article.
To help you better understand how the GDPR works, we’ll summarise some of the key terms that make up the gist of the GDPR.
The GDPR then builds on seven basic principles:
1. Legality, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitations
6. Integrity and confidentiality
7. Responsibility of the controller
This means that if someone runs a fitness centre, for example, then they cannot ask their customers for their birth number. This is because it is not necessary for the operation of the service. The fitness centre has to make do with a name, email and possibly a phone number.
The GDPR law has brought individuals a number of rights that protect their interests. Some of the most important ones include:
Data controllers are obliged to respect these rights. They must also keep records of processing, inform data subjects or report serious incidents. In the Czech Republic, compliance with the GDPR is overseen by the Office for Personal Data Protection (OPDP), to which a data subject can address a complaint.
Tip: Do you have cameras installed in the corridors of your house so that you know what’s going on and can prevent potential risks? You may very well be breaking the law. Learn when hallway cameras are a problem.
Although the GDPR regulation may seem complex, in practice it is about ensuring that companies do not process more data than is strictly necessary, that they are in control of the data they handle and that they respect people’s rights when doing so.
For example, every small e-shop should have consent to data processing at the point of order, a clearly written data processing policy, secure data storage and should also offer its customers the option to unsubscribe from the newsletter.
The GDPR thus represents something of a milestone in our digital privacy. Although it raised a huge wave of concerns when it was introduced, it has now become a very natural part of the legal culture across the European Union. It has brought greater protection for everyone’s personal data, introduced greater accountability in companies and, above all, made people more aware of what is happening to their data.
Since its introduction in 2018, the GDPR has been a fundamental legal framework for data protection across the EU. It has changed the way companies and institutions handle data and strengthened individuals’ rights – from the right to access data to the ‘right to be forgotten’. While the introduction of the Regulation required initial efforts and raised many questions, it has now become a natural part of everyday practice. It has contributed to the harmonisation of rules, greater public trust and greater corporate accountability in data processing. In the digital age, where every interaction can leave a data trail, the GDPR plays a key role in protecting our privacy.
Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.
Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.
In person and online. Just choose the appropriate service or opt for an independent consultation when you are unsure.
