Many questions left unanswered, as Czech firms and institutions scramble to meet GDPR norms

Photo: Dooffy / Pixabay, CC0

With the EU’s General Data Protection Regulation due to come into force on May 25th individual member states are scrambling to comply with the new directive. The Czech Republic has a lot of catching up to do – national data protection laws supplementing the GDPR are still not in place and a flash poll has revealed that a fifth of Czech firms are unaware of the existence of the new EU data protection rules.

Photo: Dooffy / Pixabay,  CC0
As the date of the new regulation nears Czech firms, banks, hospitals, schools and state institutions have been in overdrive about the new EU directive and citizens are bombarded with last-minute requests for data processing consent. The lack of information made available to the general public about what GDPR is and how it will affect them has resulted in scaremongering and rumours about alleged bans and excessively high fines. Schools were told they could no longer display photos from school trips on noticeboards and small entrepreneurs feared they might get a fine of up to half a billion crowns for failing to comply with regulations they had never heard of.

A flash poll among 3,400 companies, conducted by the agency EOS, revealed that 21 percent of them were unaware of the existence of the new EU data protection rules, others were not sure what requirements needed to be met and many were in the early stages of securing compliance.

Many of those at the other end of the scale – whom the new regulation is to protect – are equally baffled. EU Commissioner Věra Jourová recently complained about the widespread disinterest she saw in the country, telling Czech Television that while citizens from other EU member states appreciated the fact that they would now have more control over how their personal data was used, Czechs simply did not care.

Věra Jourová,  photo: Šárka Ševčíková
She also criticized the government for failing to pass national data protection laws supplementing the GDPR which would help clarify the new requirements for the millions of people this concerns.

Josef Prokeš, head of the Prague-based Institute for the Protection of Personal Data told Czech Radio that the Czech Republic was paying the price for its passive and lenient approach to data protection over the past ten to fifteen years.

“The fact is that the Czech Republic, like all other EU members, had the chance to participate in moulding this EU regulation and we must ask ourselves whether we were active enough in doing so and how much effort was made, these past two years, to ready the country for this regulation. Because it is only now that we are taking stock of how various spheres adhered to data protection under the old national laws and how these laws should be revised to meet the new EU norms.”

Lawyer Eva Škorničková, who has an online counselling service on the new GDPR regulation, says that in many areas the old national data-protection norms would require only cosmetic changes, but ads that in practice the changes will not be cosmetic, since the norms were often disregarded.

Josef Prokeš,  photo: Jana Přinosilová
Among the novelties that the GDPR will bring are more stringent requirements on reporting data breaches, a requirement to have a data protection officer at businesses that handle large volumes of personal data, and easier access for consumers and citizens to the personal information organisations hold on them.

As businesses and institutions scramble to comply with the legislation and citizens try to figure out what the new rules protecting them will mean in practice the man whose task it is to supervise the process of GDPR implementation Interior Minister Lubomír Metnar has moved to quell fears and rumours, saying that those who comply with the existing national laws have nothing to worry about. This is not a “revolution”, merely an “evolution” in data protection, the minister explained.