{"id":2201,"date":"2023-12-27T09:44:02","date_gmt":"2023-12-27T09:44:02","guid":{"rendered":"https:\/\/haven-advisory.cz\/?p=2201"},"modified":"2024-02-26T10:55:38","modified_gmt":"2024-02-26T10:55:38","slug":"prehled-k-problematice-ochrany-osobnich-udaju-2","status":"publish","type":"post","link":"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/","title":{"rendered":"Problematika ochrany osobn\u00edch \u00fadaj\u016f 02\/23"},"content":{"rendered":"\n<p>V n\u00e1sleduj\u00edc\u00edm p\u0159ehledu v\u00e1s sezn\u00e1m\u00edme s&nbsp;ned\u00e1vn\u00fdmi <strong>rozhodnut\u00edmi \u00da\u0159adu pro ochranu osobn\u00edch \u00fadaj\u016f (\u00daOO\u00da)<\/strong>, z\u00e1v\u011bry proveden\u00fdch kontrol a s&nbsp;dal\u0161\u00edmi novinkami v&nbsp;oblasti ochrany osobn\u00edch \u00fadaj\u016f.<\/p>\n\n\n\n<p>O dal\u0161\u00edch informac\u00edch z&nbsp;oblasti pr\u00e1vn\u00ed ochrany osobn\u00edch \u00fadaj\u016f budeme informovat v&nbsp;dal\u0161\u00edm vyd\u00e1n\u00ed tohoto p\u0159ehledu, nebo v pr\u00e1vn\u00edch aktualit\u00e1ch, kter\u00e9 pravideln\u011b vyd\u00e1v\u00e1me.<\/p>\n\n\n\n<p class=\"has-text-color has-link-color has-medium-font-size wp-elements-c783b73e4a30629113b63287f81eb9ea\" style=\"color:#006233\"><strong>Z&nbsp;kontroln\u00ed \u010dinnosti \u00daOO\u00da<\/strong><\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color has-medium-font-size wp-elements-738c35a493e95a80a7748a1fe21d65d3\"><strong>\ud83d\udfe3Nevy\u017e\u00e1dan\u00e1 obchodn\u00ed sd\u011blen\u00ed<\/strong><\/p>\n\n\n\n<p>Za obdob\u00ed roku 2022 \u0159e\u0161il \u00da\u0159ad pro ochranu osobn\u00edch \u00fadaj\u016f (d\u00e1le jen \u201e<strong>\u00da\u0159ad<\/strong>\u201c) <strong>v\u00edce ne\u017e 900 st\u00ed\u017enost\u00ed podan\u00fdch v&nbsp;souvislosti se zas\u00edl\u00e1n\u00edm obchodn\u00edch sd\u011blen\u00ed<\/strong>. V&nbsp;n\u00e1sleduj\u00edc\u00edm shrnut\u00ed uv\u00e1d\u00edme n\u011bkolik podstatn\u00fdch z\u00e1v\u011br\u016f z&nbsp;prob\u011bhl\u00fdch kontrol:<\/p>\n\n\n\n<ul>\n<li>\u010cast\u00fdm pochyben\u00edm u zas\u00edl\u00e1n\u00ed obchodn\u00edch sd\u011blen\u00ed b\u00fdv\u00e1 <strong>absence platn\u00e9ho souhlasu<\/strong> <strong>se zas\u00edl\u00e1n\u00edm obchodn\u00edch sd\u011blen\u00ed registrovan\u00fdch u\u017eivatel\u016f<\/strong> (jedn\u00e1-li se o webov\u00fd port\u00e1l). Neplatnost souhlasu je zejm\u00e9na v&nbsp;tom, \u017ee takov\u00fd souhlas je \u201e<em>vynucen\u00fd<\/em>\u201c, kdy se bez jeho ud\u011blen\u00ed nen\u00ed mo\u017en\u00e9 do webov\u00e9ho port\u00e1lu registrovat. Souhlasy b\u00fdvaj\u00ed \u010dasto vymezeny jako \u201e<em>neomezen\u00fd souhlas<\/em>\u201c se zas\u00edl\u00e1n\u00edm obchodn\u00edch sd\u011blen\u00ed.<\/li>\n<\/ul>\n\n\n\n<p>Obdobn\u00e9 plat\u00ed v&nbsp;p\u0159\u00edpad\u011b, pokud je souhlas za\u010dlen\u011bn\u00fd nap\u0159. v&nbsp;obchodn\u00edch podm\u00ednk\u00e1ch. Zakoupen\u00ed ur\u010dit\u00e9 slu\u017eby z\u00e1kazn\u00edkem je v&nbsp;tomto p\u0159\u00edpad\u011b podm\u00edn\u011bn\u00e9 souhlasem s obchodn\u00edmi podm\u00ednkami. Z&nbsp;pohledu obecn\u00e9ho na\u0159\u00edzen\u00ed (GDPR) se v&nbsp;tomto p\u0159\u00edpad\u011b nejedn\u00e1 o svobodn\u011b ud\u011blen\u00fd souhlas a je neplatn\u00fd.<\/p>\n\n\n\n<p><strong>Jednoduch\u00fdm \u0159e\u0161en\u00edm pro z\u00edsk\u00e1n\u00ed platn\u00e9ho souhlasu m\u016f\u017ee b\u00fdt spr\u00e1vn\u00e1 aplikace za\u0161krt\u00e1vac\u00edho pol\u00ed\u010dka s&nbsp;mo\u017enost\u00ed (ne)ud\u011blen\u00ed souhlasu se zas\u00edl\u00e1n\u00edm obchodn\u00edch sd\u011blen\u00ed p\u0159i realizaci n\u00e1kupu slu\u017eby z\u00e1kazn\u00edkem.<\/strong><\/p>\n\n\n\n<ul>\n<li>Nem\u00e9n\u011b \u010dast\u00fdm pochyben\u00edm b\u00fdv\u00e1 <strong>poru\u0161en\u00ed tzv. n\u00e1le\u017eitost\u00ed obchodn\u00edch sd\u011blen\u00ed<\/strong> p\u0159i elektronick\u00e9m \u0161\u00ed\u0159en\u00ed po\u0161tou. Mezi tyto n\u00e1le\u017eitosti pat\u0159\u00ed zejm\u00e9na: 1) <strong>z\u0159eteln\u00e9 a jasn\u00e9 ozna\u010den\u00ed, \u017ee se jedn\u00e1 o obchodn\u00ed sd\u011blen\u00ed<\/strong>; 2) <strong>ozna\u010den\u00ed toto\u017enosti odes\u00edlatele<\/strong>, jeho\u017e jm\u00e9nem se komunikuje a 3) z<strong>as\u00edl\u00e1n\u00ed obchodn\u00edch sd\u011blen\u00ed platnou adresou<\/strong>, na kterou m\u016f\u017ee adres\u00e1t obratem sd\u011blit, \u017ee si nad\u00e1le nep\u0159eje, aby mu byla obchodn\u00ed sd\u011blen\u00ed zas\u00edlan\u00e1.<\/li>\n\n\n\n<li>V&nbsp;jin\u00e9m konkr\u00e9tn\u00edm p\u0159\u00edpad\u011b byla kontrolovan\u00e9 osob\u011b (odes\u00edlateli obchodn\u00edch sd\u011blen\u00ed) ulo\u017een\u00e1 sankce za rozes\u00edl\u00e1n\u00ed nevy\u017e\u00e1dan\u00fdch obchodn\u00edch sd\u011blen\u00ed st\u011b\u017eovatel\u016fm, kte\u0159\u00ed s&nbsp;takov\u00fdm zas\u00edl\u00e1n\u00edm neposkytli souhlas a na webov\u00fdch str\u00e1nk\u00e1ch odes\u00edlatele se neregistrovali.<\/li>\n<\/ul>\n\n\n\n<p>Odes\u00edlatel tvrdil, \u017ee e-mailov\u00e9 adresy z\u00edskal z&nbsp;ve\u0159ejn\u00fdch zdroj\u016f a st\u011b\u017eovatel\u00e9 tak nejsou jeho z\u00e1kazn\u00edky \u2013 proto od nich souhlas k&nbsp;zas\u00edl\u00e1n\u00ed obchodn\u00edch sd\u011blen\u00ed nemohl nez\u00edskat.<br>I v&nbsp;tomto p\u0159\u00edpad\u011b se v\u0161ak dle z\u00e1v\u011bru \u00da\u0159adu jedn\u00e1 o <strong>poru\u0161en\u00ed z\u00e1konn\u00e9 povinnosti m\u00edt prokazateln\u011b k&nbsp;dispozici p\u0159edchoz\u00ed souhlas u\u017eivatel\u016f<\/strong> a jejich elektronick\u00fd kontakt (by\u0165 z\u00edsk\u00e1n z&nbsp;ve\u0159ejn\u00fdch zdroj\u016f) vyu\u017eili za \u00fa\u010delem \u0161\u00ed\u0159en\u00ed obchodn\u00edch sd\u011blen\u00ed.<\/p>\n\n\n\n<ul>\n<li>\u00da\u0159ad d\u00e1le v&nbsp;souvislosti s&nbsp;<strong>v\u00fdjimkou osloven\u00ed s&nbsp;nab\u00eddkou bez souhlasu<\/strong>, kter\u00e1 se vztahuje na z\u00e1kazn\u00edky obchodn\u00ed spole\u010dnosti (\u00a7 7 odst. 3 z\u00e1kona \u010d. 480\/2004 Sb., o n\u011bkter\u00fdch slu\u017eb\u00e1ch informa\u010dn\u00ed spole\u010dnosti), p\u0159ipom\u00edn\u00e1, \u017ee tato v\u00fdjimka se vztahuje pouze na z\u00e1kazn\u00edky dan\u00e9 spole\u010dnosti, kter\u00e1 z\u00edskala jejich \u00fadaje v&nbsp;souvislosti s&nbsp;prodejem zbo\u017e\u00ed \u010di slu\u017eeb a nab\u00edzela skrze obchodn\u00ed sd\u011blen\u00ed vlastn\u00ed \u010di obdobn\u00e9 v\u00fdrobky \u010di slu\u017eby.<\/li>\n<\/ul>\n\n\n\n<p>V\u00fdjimka se v\u0161ak nevztahuje na z\u00e1kazn\u00edky jin\u00e9 spole\u010dnosti, a to ani v&nbsp;p\u0159\u00edpad\u011b, kdy spolu tyto spole\u010dnosti sd\u00edl\u00ed spole\u010dnou marketingovou datab\u00e1zi a jednatel\u00e9 t\u011bchto spole\u010dnost\u00ed jsou rodinn\u00fdmi p\u0159\u00edslu\u0161n\u00edky. <strong>\u00dadaje mus\u00ed spole\u010dnosti z\u00edskat p\u0159\u00edmo od sv\u00fdch z\u00e1kazn\u00edk\u016f, nikoli z&nbsp;ve\u0159ejn\u011b dostupn\u00fdch zdroj\u016f (nap\u0159. rejst\u0159\u00edk\u016f).<\/strong><\/p>\n\n\n\n<p>Z\u00e1kaznick\u00e1 data pro \u00fa\u010dely marketingov\u00e9ho osloven\u00ed nemohou sd\u00edlet mezi v\u00edce spole\u010dnostmi, pokud k&nbsp;tomu z\u00e1kazn\u00edci dan\u00fdch spole\u010dnost\u00ed neud\u011blili v\u00fdslovn\u00fd souhlas.<br><strong>I pro tuto v\u00fdjimku plat\u00ed p\u0159edpoklad, \u017ee z\u00e1kazn\u00edk mus\u00ed m\u00edt v\u017edy mo\u017enost jednoduch\u00fdm zp\u016fsobem, zdarma nebo na \u00fa\u010det t\u00e9to obchodn\u00ed spole\u010dnosti souhlas s&nbsp;vyu\u017eit\u00edm sv\u00e9ho elektronick\u00e9ho kontaktu pro \u00fa\u010dely zas\u00edl\u00e1n\u00ed obdobn\u00fdch nab\u00eddek odm\u00edtnout.<\/strong><\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color has-medium-font-size wp-elements-9c6e829ce44fd87e50407356f207a70c\">\ud83d\udfe3<strong>Zpracov\u00e1n\u00ed katastr\u00e1ln\u00edch dat<\/strong><\/p>\n\n\n\n<p><strong>\u00da\u0159ad provedl spole\u010dn\u011b s&nbsp;\u010cesk\u00fdm \u00fa\u0159adem zem\u011bm\u011b\u0159i\u010dsk\u00fdm a katastr\u00e1ln\u00edm (\u010c\u00daZK) kontrolu zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f u osoby, kter\u00e1 poskytovala slu\u017eby mj. zalo\u017een\u00e9 na zpracov\u00e1n\u00ed katastr\u00e1ln\u00edch dat.<\/strong><\/p>\n\n\n\n<p>P\u0159esto\u017ee kontrolovan\u00e1 osoba odm\u00edtla, \u017ee by byla v&nbsp;postaven\u00ed spr\u00e1vce \u2013 ze sv\u00fdch server\u016f vymazala software, kter\u00fd zaji\u0161\u0165oval provoz slu\u017eeb, kter\u00e9 byly p\u0159edm\u011btem kontroly a v\u0161echna s&nbsp;n\u00edm souvisej\u00edc\u00ed data, \u00da\u0159adu se v&nbsp;datech extrahovan\u00fdch od poskytovatele softwaru poda\u0159ilo nal\u00e9zt 427&nbsp;300 rodn\u00fdch \u010d\u00edsel.<\/p>\n\n\n\n<p>\u00da\u0159ad tak\u00e9 vyhodnotil postaven\u00ed kontrolovan\u00e9 osoby jako spr\u00e1vce, proto\u017ee zjistil, \u017ee kontrolovan\u00e1 osoba nevyu\u017e\u00edvala osobn\u00ed \u00fadaje dostupn\u00e9 skrze ofici\u00e1ln\u00ed d\u00e1lkov\u00fd p\u0159\u00edstup do katastru nemovitost\u00ed, ale \u00fadaje z&nbsp;vlastn\u00ed datab\u00e1ze, ze kter\u00fdch z\u00edsk\u00e1vala data pro sv\u00e9 klienty, kte\u0159\u00ed vyu\u017e\u00edvali jej\u00edch slu\u017eeb.<\/p>\n\n\n\n<p>\u00da\u0159ad zjistil v&nbsp;dan\u00e9 v\u011bci <strong>\u010detn\u00e1 poru\u0161en\u00ed obecn\u00e9ho na\u0159\u00edzen\u00ed o ochran\u011b osobn\u00edch \u00fadaj\u016f<\/strong> (GDPR), jmenovit\u011b informa\u010dn\u00ed povinnosti ve vztahu k&nbsp;subjekt\u016fm, \u00fadaj\u016f o podm\u00ednk\u00e1ch zpracov\u00e1v\u00e1n\u00ed jejich osobn\u00edch \u00fadaj\u016f, povinnosti p\u0159edlo\u017eit podklady dokl\u00e1daj\u00edc\u00ed pln\u011bn\u00ed opat\u0159en\u00ed p\u0159ijat\u00e1 v&nbsp;souvislosti s&nbsp;provozem datab\u00e1ze a povinnosti v\u00e9st z\u00e1znamy o \u010dinnostech zpracov\u00e1n\u00ed.<\/p>\n\n\n\n<p>\u00daOO\u00da v&nbsp;t\u00e9to souvislosti d\u00e1le poukazuje na to, \u017ee <strong>smaz\u00e1n\u00edm softwaru a v&nbsp;n\u011bm obsa\u017een\u00fdch osobn\u00edch \u00fadaj\u016f nezprost\u00ed spr\u00e1vce odpov\u011bdnosti<\/strong>. Spr\u00e1vce je toti\u017e i pot\u00e9 odpov\u011bdn\u00fd za to, aby dolo\u017eil soulad prov\u00e1d\u011bn\u00e9ho zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f s&nbsp;GDPR. Nedolo\u017e\u00ed-li ho, dopust\u00ed se poru\u0161en\u00ed GDPR, za co\u017e mu hroz\u00ed pokuta.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color has-medium-font-size wp-elements-2af3fd184fd48ede2e5f9846f4373b68\"><strong>\ud83d\udfe3Bezpe\u010dnostn\u00ed incident<\/strong><\/p>\n\n\n\n<p>\u00daOO\u00da provedl kontrolu u obecn\u011b prosp\u011b\u0161n\u00e9 spole\u010dnosti poskytuj\u00edc\u00ed soci\u00e1ln\u00ed slu\u017eby, u kter\u00e9 do\u0161lo k&nbsp;neopr\u00e1vn\u011bn\u00e9mu vstupu do prostor nezabezpe\u010den\u00fdch kamerov\u00fdmi syst\u00e9my ani syst\u00e9mem detekce pohybu, kde byly um\u00edst\u011bn\u00e9 bu\u0148ky, ze kter\u00fdch byly odcizen\u00e9 po\u010d\u00edta\u010de pou\u017e\u00edvan\u00e9 k&nbsp;registraci klient\u016f kontrolovan\u00e9 osoby.<\/p>\n\n\n\n<p>Z&nbsp;vedlej\u0161\u00ed m\u00edstnosti (serverovny) pak byl odcizen serverov\u00fd po\u010d\u00edta\u010d. Jeden z odcizen\u00fdch notebook\u016f obsahoval hardware s instalovan\u00fdm p\u0159ihla\u0161ovac\u00edm rozhran\u00edm do vzd\u00e1len\u00fdch datab\u00e1z\u00ed.<\/p>\n\n\n\n<p><strong>Po zji\u0161t\u011bn\u00e9m bezpe\u010dnostn\u00edm incidentu p\u0159ijala spole\u010dnost opat\u0159en\u00ed v podob\u011b blokace p\u0159ihla\u0161ovac\u00edho protokolu do vzd\u00e1len\u00e9 datab\u00e1ze. <\/strong>Incident byl spole\u010dnost\u00ed ohl\u00e1\u0161en na policii. P\u0159i \u0161et\u0159en\u00ed polici\u00ed byly odcizen\u00e9 notebooky nalezeny. \u00daOO\u00da pot\u00e9 provedl anal\u00fdzu nalezen\u00fdch po\u010d\u00edta\u010d\u016f. Dva notebooky nesly znaky reinstalace a nebyly v nich identifikovan\u00e9 soubory s osobn\u00edmi \u00fadaji. Ve t\u0159et\u00edm notebooku v\u0161ak bylo velk\u00e9 mno\u017estv\u00ed osobn\u00edch \u00fadaj\u016f klient\u016f. \u00dadaje bylo mo\u017en\u00e9 z\u00edskat z aktu\u00e1ln\u00ed datab\u00e1ze i ulo\u017een\u00fdch z\u00e1loh datab\u00e1ze informa\u010dn\u00edho syst\u00e9mu.<\/p>\n\n\n\n<p>\u00da\u0159ad tak\u00e9 zjistil, \u017ee k soubor\u016fm, kter\u00e9 byly v odcizen\u00e9m po\u010d\u00edta\u010di, nebylo vy\u017eadov\u00e1no ov\u011b\u0159en\u00ed u\u017eivatele a sou\u010dasn\u011b nebyly \u0161ifrovan\u00e9. Bylo konstatov\u00e1no, \u017ee p\u0159\u00edstup k osobn\u00edm \u00fadaj\u016fm mohl z\u00edskat ka\u017ed\u00fd, kdo m\u011bl po odcizen\u00ed po\u010d\u00edta\u010d\u016f k za\u0159\u00edzen\u00ed p\u0159\u00edstup.<\/p>\n\n\n\n<p>\u00daOO\u00da v&nbsp;dan\u00e9m p\u0159\u00edpad\u011b zjistil, \u017ee <strong>nebyla p\u0159ijat\u00e1 vhodn\u00e1 technick\u00e1 a organiza\u010dn\u00ed opat\u0159en\u00ed k zabezpe\u010den\u00ed osobn\u00edch \u00fadaj\u016f, d\u00e1le ve lh\u016ft\u011b nebylo nahl\u00e1\u0161en\u00e9 poru\u0161en\u00ed zabezpe\u010den\u00ed osobn\u00edch \u00fadaj\u016f a nebyl uveden d\u016fvod opo\u017ed\u011bn\u00e9ho ohl\u00e1\u0161en\u00ed<\/strong>. Tak\u00e9 nedo\u0161lo k ohl\u00e1\u0161en\u00ed poru\u0161en\u00ed zabezpe\u010den\u00ed dot\u010den\u00fdm subjekt\u016fm \u00fadaj\u016f a ani nebyl jmenov\u00e1n pov\u011b\u0159enec pro ochranu osobn\u00edch \u00fadaj\u016f, i kdy\u017e doch\u00e1zelo ke zpracov\u00e1n\u00ed zvl\u00e1\u0161tn\u00ed kategorie osobn\u00edch \u00fadaj\u016f a zpracov\u00e1n\u00ed bylo rozs\u00e1hl\u00e9.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color has-medium-font-size wp-elements-dbe1e459795e4532e1bf14c55c7422a5\"><strong>\ud83d\udfe3Hackersk\u00fd \u00fatok na zdravotnick\u00e9 za\u0159\u00edzen\u00ed<\/strong><\/p>\n\n\n\n<p><strong>\u00daOO\u00da zah\u00e1jil kontrolu zdravotnick\u00e9ho za\u0159\u00edzen\u00ed na z\u00e1klad\u011b obdr\u017een\u00e9 st\u00ed\u017enosti obsahuj\u00edc\u00ed podez\u0159en\u00ed na poru\u0161en\u00ed zabezpe\u010den\u00ed osobn\u00edch \u00fadaj\u016f v&nbsp;souvislosti s&nbsp;hackersk\u00fdm \u00fatokem. C\u00edlem m\u011blo b\u00fdt za\u0161ifrov\u00e1n\u00ed dat s&nbsp;n\u00e1sledn\u00fdm vym\u00e1h\u00e1n\u00edm finan\u010dn\u00ed \u010d\u00e1stky<\/strong>.<\/p>\n\n\n\n<p>\u00daOO\u00da po proveden\u00ed kontroly zjistil, \u017ee kontrolovan\u00e1 osoba poru\u0161ila \u010dl. 33 odst. 1 GDPR, kdy\u017e bez zbyte\u010dn\u00e9ho dokladu, kdy se dozv\u011bd\u011bla o poru\u0161en\u00ed zabezpe\u010den\u00ed osobn\u00edch \u00fadaj\u016f, neohl\u00e1sila poru\u0161en\u00ed \u00daOO\u00da.<\/p>\n\n\n\n<p>Kontrolovan\u00e1 osoba z\u00e1rove\u0148 nedolo\u017eila, \u017ee by vhodn\u00fdm zp\u016fsobem ozn\u00e1mila poru\u0161en\u00ed zabezpe\u010den\u00ed osobn\u00edch \u00fadaj\u016f subjekt\u016fm \u00fadaj\u016f a jej\u00ed dokumentace o cel\u00e9m incidentu neobsahovala \u00fa\u010dinky dan\u00e9ho poru\u0161en\u00ed.<\/p>\n\n\n\n<p>Kontrolovan\u00e1 osoba podala proti kontroln\u00edm zji\u0161t\u011bn\u00edm n\u00e1mitky, ve kter\u00fdch pouk\u00e1zala na to, \u017ee k&nbsp;hackersk\u00e9mu \u00fatoku do\u0161lo vlivem nedostate\u010dn\u00e9ho nastaven\u00ed ochrany osobn\u00edch \u00fadaj\u016f zpracovatelem, a sou\u010dasn\u011b byl v&nbsp;mezidob\u00ed nainstalov\u00e1n nov\u00fd software.<\/p>\n\n\n\n<p><strong>\u00daOO\u00da v\u0161ak ve vy\u0159\u00edzen\u00ed n\u00e1mitek uvedl, \u017ee instalace opravy serverov\u00e9ho softwaru nevy\u0159e\u0161\u00ed situace, kdy server ji\u017e byl kompromitov\u00e1n.<\/strong><\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color has-medium-font-size wp-elements-614dba11a0e134ccb04e9153244899cc\"><strong>\ud83d\udfe3Vadn\u00e1 funkcionalita<\/strong><\/p>\n\n\n\n<p><strong>\u00daOO\u00da provedl kontrolu dodavatele online rezerva\u010dn\u00edho syst\u00e9mu o\u010dkov\u00e1n\u00ed \u2013 p\u0159edm\u011btem bylo poru\u0161en\u00ed zabezpe\u010den\u00ed osobn\u00edch \u00fadaj\u016f<\/strong>, kter\u00e9 spo\u010d\u00edvalo v&nbsp;chyb\u011b funkcionality webov\u00fdch str\u00e1nek kontrolovan\u00e9 osoby, kter\u00e1 umo\u017enila zobrazen\u00ed \u010d\u00edsla poji\u0161t\u011bnce (a tak\u00e9 rodn\u00e9ho \u010d\u00edsla) a jeho n\u00e1sledn\u00fd p\u0159enos do USA prost\u0159ednictv\u00edm n\u00e1stroje pro z\u00edsk\u00e1v\u00e1n\u00ed statistick\u00fdch dat Google Analytics.<\/p>\n\n\n\n<p>\u00daOO\u00da po proveden\u00e9 kontrole uzav\u0159el, \u017ee kontrolovan\u00e1 osoba jako odborn\u00edk neupozornila spr\u00e1vce na nevhodnost pokynu k vytvo\u0159en\u00ed syst\u00e9mu, v r\u00e1mci kter\u00e9ho URL adresa obsahovala \u010d\u00edslo poji\u0161tence (rodn\u00e9 \u010d\u00edslo) a tuto zpracov\u00e1vala za sou\u010dasn\u00e9ho pou\u017eit\u00ed slu\u017eby Google Analytics. Do\u0161lo k \u00faniku URL adres v\u010detn\u011b \u010d\u00edsel poji\u0161tenc\u016f v rozsahu cca 80 tis\u00edc subjekt\u016f \u00fadaj\u016f.<\/p>\n\n\n\n<p>Ve vymezen\u00e9m obdob\u00ed nebylo zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f kontrolovanou osobou platn\u00e9 v souladu s GDPR, kdy\u017e se zpracov\u00e1n\u00ed \u0159\u00eddilo smlouvou, ani\u017e by napl\u0148ovala atributy \u010dl. 28 odst. 3 GDPR. D\u00e1le kontrolovan\u00e1 osoba poru\u0161ovala \u010dl. 37 odst. 1 GDPR, kdy pro zpracov\u00e1n\u00ed nejmenovala pov\u011b\u0159ence pro ochranu osobn\u00edch \u00fadaj\u016f.<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>\ud83d\udfe3Kontrola aplikac\u00ed Te\u010dka\/\u010dTe\u010dka<\/strong><\/p>\n\n\n\n<p><strong>\u00daOO\u00da se ve sv\u00e9 kontroln\u00ed \u010dinnosti zam\u011b\u0159il tak\u00e9 na zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f subjektu \u00fadaj\u016f v souvislosti s elektronick\u00fdm certifik\u00e1tem EU COVID-19<\/strong>, zp\u0159\u00edstupn\u011bn\u00e9m na o\u010dkovac\u00edm port\u00e1lu <a href=\"https:\/\/ocko.uzis.cz\/\">https:\/\/ocko.uzis.cz\/<\/a>, v\u010detn\u011b aplikac\u00ed \u201e<em>Te\u010dka<\/em>\u201c a \u201e<em>\u010dTe\u010dka<\/em>\u201c.<\/p>\n\n\n\n<p>Zjistil, \u017ee ministerstvo zdravotnictv\u00ed jako kontrolovan\u00e1 osoba poru\u0161ilo GDPR, kdy\u017e v souvislosti s vyd\u00e1v\u00e1n\u00edm p\u016fvodn\u00edch certifik\u00e1t\u016f doch\u00e1zelo p\u0159i na\u010dten\u00ed QR k\u00f3du \u010dte\u010dkou v mobiln\u00edm za\u0159\u00edzen\u00ed ke zp\u0159\u00edstupn\u011bn\u00ed \u00fadaje o \u010d\u00edslu poji\u0161t\u011bnce dr\u017eitele certifik\u00e1tu a v aplikaci \u010dTe\u010dka nebylo znemo\u017en\u011bn\u00e9 po\u0159izov\u00e1n\u00ed screenshotu displeje. Tato skute\u010dnost je v rozporu se smyslem aplikace, tedy ov\u011b\u0159en\u00ed platnosti certifik\u00e1t\u016f, bez zanech\u00e1n\u00ed elektronick\u00e9 stopy s osobn\u00edmi \u00fadaji o ov\u011b\u0159en\u00ed.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>Potvrzen\u00e1 mili\u00f3nov\u00e1 pokuta pro ministerstvo vnitra<\/strong><\/p>\n\n\n\n<p><strong>Ministerstvu vnitra byla ulo\u017eena pokuta za plo\u0161n\u00e9 zpracov\u00e1n\u00ed \u00fadaj\u016f o p\u0159ibli\u017en\u011b 2&nbsp;000&nbsp;000 osob\u00e1ch s onemocn\u011bn\u00edm COVID-19, kter\u00e9 se nakazily v&nbsp;obdob\u00ed od 1. 4. 2021 do 8. 3. 2022, a kter\u00fdm byla na\u0159\u00edzena izolace.<\/strong><\/p>\n\n\n\n<p><strong>Z\u00e1kon o policii \u010cR neumo\u017e\u0148uje plo\u0161n\u00e9 shroma\u017e\u010fov\u00e1n\u00ed takzvan\u00fdch citliv\u00fdch osobn\u00edch \u00fadaj\u016f, ke kter\u00fdm pat\u0159\u00ed tak\u00e9 informace o zdravotn\u00edm stavu<\/strong>. Plo\u0161n\u00e9 zpracov\u00e1n\u00ed takov\u00fdch informac\u00ed s sebou nese velmi z\u00e1va\u017en\u00e1 rizika. Policie t\u00edm, \u017ee shroma\u017e\u010fovala citliv\u00e1 data plo\u0161n\u011b a bez vazby na konkr\u00e9tn\u00ed pro\u0161et\u0159ovan\u00fd p\u0159\u00edpad, p\u0159ekro\u010dila pravomoci, kter\u00e9 j\u00ed ukl\u00e1d\u00e1 z\u00e1kon. Shroma\u017e\u010fov\u00e1n\u00ed dat prob\u00edhalo nav\u00edc bez adekv\u00e1tn\u00edho informov\u00e1n\u00ed dot\u010den\u00fdch osob, kter\u00e9 je nezbytn\u00e9 proto, aby se dan\u00e9 osoby mohly proti neopr\u00e1vn\u011bn\u00e9mu shroma\u017e\u010fov\u00e1n\u00ed br\u00e1nit.<\/p>\n\n\n\n<p>Policie m\u011bla p\u0159ed zah\u00e1jen\u00edm sb\u011bru osobn\u00edch dat prov\u00e9st posouzen\u00ed vlivu na ochranu osobn\u00edch \u00fadaj\u016f a d\u00e1le zam\u00fd\u0161len\u00fd zp\u016fsob shroma\u017e\u010fov\u00e1n\u00ed a zpracov\u00e1n\u00ed \u00fadaj\u016f projednat s&nbsp;\u00daOO\u00da. Oba povinn\u00e9 kroky v\u0161ak neprovedla. Dle z\u00e1v\u011bru \u00da\u0159adu takov\u00e9 zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f nen\u00ed mo\u017en\u00e9.<\/p>\n\n\n\n<p><strong>Pokutu za p\u0159estupek bylo ministerstvu jako org\u00e1nu ve\u0159ejn\u00e9 moci mo\u017en\u00e9 ud\u011blit na z\u00e1klad\u011b hlavy III. z\u00e1kona o zpracov\u00e1v\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f, kter\u00e1 spad\u00e1 do re\u017eimu trestn\u011b pr\u00e1vn\u00ed sm\u011brnice<\/strong> (Sm\u011brnice Evropsk\u00e9ho parlamentu a Rady (EU) 2016\/680 ze dne 27. dubna 2016) a ukl\u00e1d\u00e1n\u00ed trest\u016f ve\u0159ejnopr\u00e1vn\u00edm subjekt\u016fm nevylu\u010duje. Za poru\u0161en\u00ed povinnosti spravuj\u00edc\u00edho org\u00e1nu je pak mo\u017en\u00e9 ulo\u017eit pokutu a\u017e do v\u00fd\u0161e 10 milion\u016f korun.<\/p>\n\n\n\n<p><strong>Vzhledem k&nbsp;z\u00e1va\u017enosti p\u0159estupku a dal\u0161\u00edm okolnostem byla ministerstvu vym\u011b\u0159ena adekv\u00e1tn\u00ed \u010d\u00e1stka ve v\u00fd\u0161i 975&nbsp;000 K\u010d.<\/strong><\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>Pokuty za zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f prost\u0159ednictv\u00edm soubor\u016f cookies<\/strong><\/p>\n\n\n\n<p>T\u00e9m\u011b\u0159 dva roky plat\u00ed nov\u00e1 \u00faprava z\u00e1kona o elektronick\u00fdch komunikac\u00ed v&nbsp;souladu s&nbsp;evropskou \u00fapravou zav\u00e1d\u011bj\u00edc\u00ed tzv. <em>princip opt-in<\/em>, tj. <strong>povinnost pro provozovatele internetov\u00fdch platforem z\u00edskat v\u00fdslovn\u00fd souhlas u\u017eivatele s&nbsp;vyu\u017e\u00edv\u00e1n\u00edm cookies pro zpracov\u00e1n\u00ed jejich osobn\u00edch \u00fadaj\u016f<\/strong> (cookies jsou textov\u00e9 soubory, kter\u00e9 se na n\u00e1mi nav\u0161t\u00edven\u00e9 internetov\u00e9 str\u00e1nce ukl\u00e1daj\u00ed do na\u0161eho za\u0159\u00edzen\u00ed).<\/p>\n\n\n\n<p><strong>\u00da\u0159ad v&nbsp;uplynul\u00e9m roce monitoroval zejm\u00e9na to, zda provozovatel\u00e9 internetov\u00fdch platforem uvedli zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f prost\u0159ednictv\u00edm soubor\u016f cookies do souladu s&nbsp;GDPR<\/strong>, nebo\u0165 t\u00edm doch\u00e1z\u00ed ke zpracov\u00e1n\u00ed velk\u00e9ho mno\u017estv\u00ed osobn\u00edch \u00fadaj\u016f osob. V mnoha p\u0159\u00edpadech o tomto zpracov\u00e1n\u00ed dan\u00fd n\u00e1v\u0161t\u011bvn\u00edk webu nemus\u00ed v\u016fbec v\u011bd\u011bt. Vypov\u00eddaj\u00edc\u00edm v\u00fdsledkem t\u011bchto kontrol bylo ulo\u017een\u00ed pokut t\u00e9m\u011b\u0159 ve v\u00fd\u0161i 4,5 mil K\u010d v&nbsp;souhrnu.<\/p>\n\n\n\n<p><strong>Jak\u00e1 nej\u010dast\u011bj\u0161\u00ed poru\u0161en\u00ed \u00da\u0159ad v&nbsp;r\u00e1mci t\u011bchto kontrol zjistil?<\/strong><\/p>\n\n\n\n<ul>\n<li><strong>nej\u010dast\u011bj\u0161\u00edm poru\u0161en\u00edm navzdory nov\u00e9 pr\u00e1vn\u00ed \u00faprav\u011b bylo pr\u00e1v\u011b pou\u017e\u00edv\u00e1n\u00ed soubor\u016f cookies bez souhlas\u016f n\u00e1v\u0161t\u011bvn\u00edk\u016f internetov\u00fdch platforem<\/strong> \u2013 tj. bez jejich souhlasu se soubory cookies nahr\u00e1valy do jejich za\u0159\u00edzen\u00ed,<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>\u010dast\u00fdm pochyben\u00edm d\u00e1le b\u00fdvaj\u00ed nedostatky souhlasu se zpracov\u00e1n\u00edm osobn\u00edch \u00fadaj\u016f, kter\u00fd by m\u011bl <strong>v&nbsp;souladu s&nbsp;GDPR b\u00fdt:<\/strong> <strong><em>p\u0159edem ud\u011blen\u00fd, svobodn\u00fd, informovan\u00fd, jednodu\u0161e ud\u011bliteln\u00fd a odvolateln\u00fd, prokazateln\u00fd a konkr\u00e9tn\u00ed<\/em><\/strong> (u\u017eivatel mus\u00ed m\u00edt mo\u017enost (ne)ud\u011blit souhlas pro ka\u017ed\u00fd z&nbsp;\u00fa\u010del\u016f pou\u017eit\u00ed cookies),<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>pochyben\u00ed \u00da\u0159ad tak\u00e9 spat\u0159uje v&nbsp;<strong>nedostate\u010dn\u00e9m pln\u011bn\u00ed informa\u010dn\u00ed povinnosti, nemo\u017enosti souhlas odvolat, nespr\u00e1vn\u00e9m um\u00edst\u011bn\u00ed tla\u010d\u00edtek \u201esouhlas\u201c a \u201enesouhlas\u201c v&nbsp;cookies li\u0161t\u011b<\/strong> (tla\u010d\u00edtka by m\u011bla b\u00fdt ve stejn\u00e9 vrstv\u011b v&nbsp;r\u00e1mci cookies li\u0161ty a v\u00fdrazn\u011b se neodli\u0161ovat, aby nedoch\u00e1zelo k&nbsp;ovliv\u0148ov\u00e1n\u00ed u\u017eivatele p\u0159i ud\u011blov\u00e1n\u00ed (ne)souhlasu),<br>a d\u00e1le i nedostate\u010dn\u00e9 reagov\u00e1n\u00ed cookies li\u0161ty na individu\u00e1ln\u00ed nastaven\u00ed zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f nebo neumo\u017en\u011bn\u00ed \u010di znesnadn\u011bn\u00ed \u010dten\u00ed webov\u00e9 str\u00e1nky.<\/li>\n<\/ul>\n\n\n\n<p class=\"has-text-color has-link-color has-medium-font-size wp-elements-68a03ee3a6b3af28cf459c02ff3d32cb\" style=\"color:#006233\"><strong>Dal\u0161\u00ed novinky z&nbsp;oblasti ochrany osobn\u00edch \u00fadaj\u016f<\/strong><\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>R\u00e1mec ochrany soukrom\u00ed (Data Privacy Framework)<\/strong><\/p>\n\n\n\n<p>K&nbsp;10. 7. 2023 p\u0159ijala Evropsk\u00e1 komise rozhodnut\u00ed o odpov\u00eddaj\u00edc\u00ed \u00farovni ochrany osobn\u00edch \u00fadaj\u016f, kter\u00fdm potvrzuje nov\u00fd <strong>R\u00e1mec ochrany soukrom\u00ed (Data Privacy Framework)<\/strong> mezi EU a USA.<\/p>\n\n\n\n<p>Ten nahrazuje sv\u00e9ho p\u0159edch\u016fdce \u201e<em>\u0161t\u00edt na ochranu soukrom\u00ed<\/em>\u201c (Privacy Shield), kter\u00fd umo\u017e\u0148oval p\u0159ed\u00e1v\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f do USA. Pro nedostate\u010dnou \u00fapravu ochrany proti z\u00e1sah\u016fm do p\u0159ed\u00e1van\u00fdch osobn\u00edch \u00fadaj\u016f ze strany USA, byl v\u0161ak v&nbsp;roce 2020 Soudn\u00edm dvorem Evropsk\u00e9 unie zru\u0161en\u00fd. Po n\u011bkolikalet\u00e9m jedn\u00e1n\u00ed o nov\u00e9m \u0161t\u00edtu na ochranu soukrom\u00ed, vstoupil od \u010dervence 2023 v&nbsp;platnost r\u00e1mec nov\u00fd.<\/p>\n\n\n\n<p><strong>Jak bude nyn\u00ed p\u0159ed\u00e1v\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f do USA vypadat v&nbsp;praxi?<\/strong><\/p>\n\n\n\n<p>Evropsk\u00e1 komise t\u00edmto rozhodnut\u00edm ve smyslu \u010dl. 45 odst. 3 obecn\u00e9ho na\u0159\u00edzen\u00ed o ochran\u011b osobn\u00edch \u00fadaj\u016f (d\u00e1le jen \u201e<strong>GDPR<\/strong>\u201c) potvrzuje, \u017ee USA zaji\u0161\u0165uj\u00ed odpov\u00eddaj\u00edc\u00ed \u00farove\u0148 ochrany pro p\u0159ed\u00e1v\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f mezi EU a spole\u010dnostmi USA, kter\u00e1 je srovnateln\u00e1 s&nbsp;\u00farovn\u00ed ochrany v EU. Pro dovozce osobn\u00edch \u00fadaj\u016f to znamen\u00e1, \u017ee pokud se dan\u00e1 americk\u00e1 spole\u010dnost \u00fa\u010dastn\u00ed programu R\u00e1mce ochrany soukrom\u00ed (tj. prok\u00e1zala soulad s&nbsp;po\u017eadavky na ochranu \u00fadaj\u016f, a zapsala se na ofici\u00e1ln\u00ed seznam certifikovan\u00fdch spole\u010dnost\u00ed dle nov\u00e9ho programu \u2013 <a href=\"https:\/\/www.dataprivacyframework.gov\/s\/\">https:\/\/www.dataprivacyframework.gov\/s\/<\/a>), mohou realizovat p\u0159ed\u00e1v\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f do USA za stejn\u00fdch podm\u00ednek jako v&nbsp;r\u00e1mci Evropsk\u00e9 unie (resp. Evropsk\u00e9ho hospod\u00e1\u0159sk\u00e9ho prostoru). Tedy bez nutnosti jin\u00fdch dopl\u0148uj\u00edc\u00edch opat\u0159en\u00ed (zejm\u00e9na pou\u017eit\u00ed n\u00e1stroj\u016f pro p\u0159ed\u00e1v\u00e1n\u00ed dle \u010dl. 46 GDPR).<\/p>\n\n\n\n<p><strong>Zjednodu\u0161en\u011b lze \u0159\u00edci, \u017ee pokud se americk\u00e1 spole\u010dnost \u00fa\u010dastn\u00ed nov\u00e9ho R\u00e1mce ochrany soukrom\u00ed, je pro \u00fa\u010dely p\u0159ed\u00e1v\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f subjekt\u016f EU pova\u017eovan\u00e1 za bezpe\u010dnou.<\/strong><\/p>\n\n\n\n<p>V&nbsp;p\u0159\u00edpad\u011b, \u017ee spole\u010dnosti z&nbsp;USA v&nbsp;programu R\u00e1mce ochrany soukrom\u00ed zapsan\u00e9 nejsou, je mo\u017en\u00e9 jim p\u0159ed\u00e1vat osobn\u00ed \u00fadaje pouze za pou\u017eit\u00ed n\u011bkter\u00e9ho z&nbsp;n\u00e1stroj\u016f dle \u010dl. 46 GDPR, mezi kter\u00e9 pat\u0159\u00ed nap\u0159. standardn\u00ed smluvn\u00ed dolo\u017eky o ochran\u011b osobn\u00edch \u00fadaj\u016f \u010di z\u00e1vazn\u00e1 podnikov\u00e1 pravidla, p\u0159i\u010dem\u017e v\u00fdvozce bude nad\u00e1le povinn\u00fd prov\u00e9st vyhodnocen\u00ed, zda dan\u00fd n\u00e1stroj skute\u010dn\u011b poskytuje vhodn\u00e9 z\u00e1ruky ochrany pro p\u0159edan\u00e9 \u00fadaje (tzv. Transfer Impact Assessment).<\/p>\n\n\n\n<p>Evropsk\u00e1 komise d\u00e1le v&nbsp;proveden\u00e9m posouzen\u00ed do\u0161la u problematick\u00e9 ot\u00e1zky p\u0159\u00edstupu americk\u00fdch org\u00e1n\u016f ve\u0159ejn\u00e9 moci k&nbsp;p\u0159edan\u00fdm osobn\u00edm \u00fadaj\u016fm k&nbsp;z\u00e1v\u011bru, \u017ee tento p\u0159\u00edstup nen\u00ed v&nbsp;takov\u00e9m rozsahu, kter\u00fd by \u0161el nad nezbytn\u00fd a p\u0159im\u011b\u0159en\u00fd r\u00e1mec toho, co je v demokratick\u00e9 spole\u010dnosti obecn\u011b uzn\u00e1van\u00e9. I p\u0159es to je subjekt\u016fm osobn\u00edch \u00fadaj\u016f z&nbsp;EU dan\u00e1 mo\u017enost vyu\u017e\u00edt n\u011bkolik mechanism\u016f n\u00e1pravy jako je uplatn\u011bn\u00ed st\u00ed\u017enosti u p\u0159\u00edslu\u0161n\u00e9 organizace v&nbsp;USA, p\u0159\u00edpadn\u011b u sv\u00e9ho n\u00e1rodn\u00edho \u00fa\u0159adu pro ochranu osobn\u00edch \u00fadaj\u016f. Pokud jsou d\u00e1le jejich \u00fadaje shroma\u017e\u010fovan\u00e9 a vyu\u017e\u00edvan\u00e9 zpravodajsk\u00fdmi slu\u017ebami USA, mohou se subjekty \u00fadaj\u016f z&nbsp;EU obr\u00e1tit i na nov\u011b z\u0159\u00edzen\u00fd Soud pro p\u0159ezkum ochrany \u00fadaj\u016f.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>P\u0159ehled z\u00e1kladn\u00edch ot\u00e1zek a odpov\u011bd\u00ed vztahuj\u00edc\u00edch se k\u00a0Data Privacy Framework (\u201eDPF\u201c)<\/strong><\/p>\n\n\n\n<p><strong>Jak lze na z\u00e1klad\u011b DPF p\u0159ed\u00e1vat osobn\u00ed \u00fadaje do USA?<\/strong><\/p>\n\n\n\n<p>Od 10. 7. 2023 <strong>mohou b\u00fdt osobn\u00ed \u00fadaje p\u0159ed\u00e1van\u00e9 z&nbsp;EU organizac\u00edm USA bez nutnosti pou\u017eit\u00ed n\u00e1stroj\u016f pro p\u0159ed\u00e1v\u00e1n\u00ed<\/strong> (jako nap\u0159. standardn\u00edch dolo\u017eek o ochran\u011b osobn\u00edch \u00fadaj\u016f, pr\u00e1vn\u011b z\u00e1vazn\u00e9ho a vymahateln\u00e9ho n\u00e1stroje mezi subjekty a dal\u0161\u00ed, kter\u00e9 jsou zakotveny v&nbsp;\u010dl. 46 GDPR), a to za podm\u00ednky, \u017ee tyto americk\u00e9 organizace jsou zapsan\u00e9 v&nbsp;Seznamu r\u00e1mce ochrany soukrom\u00ed, kter\u00fd lze naleznout pod t\u00edmto odkazem <a href=\"https:\/\/www.dataprivacyframework.gov\/s\/participant-search\">Participant Search (dataprivacyframework.gov)<\/a>.<\/p>\n\n\n\n<p><strong>Jak p\u0159ed\u00e1vat osobn\u00ed \u00fadaje do USA, pokud dovozce dat nen\u00ed na Seznamu r\u00e1mce ochrany soukrom\u00ed?<\/strong><\/p>\n\n\n\n<p>P\u0159ed\u00e1v\u00e1n\u00ed je mo\u017en\u00e9, ale pouze za spln\u011bn\u00ed n\u011bkolika podm\u00ednek. Jeliko\u017e se na takov\u00e9 p\u0159ed\u00e1v\u00e1n\u00ed Rozhodnut\u00ed o odpov\u00eddaj\u00edc\u00ed ochran\u011b nevztahuje, vy\u017eaduje se pro jeho uskute\u010dn\u011bn\u00ed dodr\u017eov\u00e1n\u00ed vhodn\u00fdch z\u00e1ruk ochrany osobn\u00edch \u00fadaj\u016f, vymahateln\u00e1 pr\u00e1va a \u00fa\u010dinn\u00e1 pr\u00e1vn\u00ed ochrana subjekt\u016f \u00fadaj\u016f \u2013 tedy soulad s&nbsp;\u010dl\u00e1nkem 46 GDPR, kter\u00fd zakotvuje tyto vhodn\u00e9 z\u00e1ruky:<\/p>\n\n\n\n<ol style=\"list-style-type:lower-alpha\">\n<li>stanoven\u00ed pr\u00e1vn\u011b z\u00e1vazn\u00e9ho a vymahateln\u00e9ho n\u00e1stroje mezi org\u00e1ny nebo subjekty ve\u0159ejn\u00e9 moci;<\/li>\n\n\n\n<li>stanoven\u00ed z\u00e1vazn\u00fdch podnikov\u00fdch pravidel;<\/li>\n\n\n\n<li>uplatn\u011bn\u00ed standardn\u00edch dolo\u017eek o ochran\u011b osobn\u00edch \u00fadaj\u016f;<\/li>\n\n\n\n<li>schv\u00e1len\u00ed kodexu chov\u00e1n\u00ed spolu se z\u00e1vazn\u00fdmi a vymahateln\u00fdmi z\u00e1vazky spr\u00e1vce nebo zpracovatele;<\/li>\n\n\n\n<li>schv\u00e1len\u00ed mechanismu pro vyd\u00e1n\u00ed osv\u011bd\u010den\u00ed o ochran\u011b \u00fadaj\u016f;<\/li>\n\n\n\n<li>d\u00e1le tak\u00e9 stanoven\u00ed smluvn\u00edch dolo\u017eek mezi smluvn\u00edmi stranami;<\/li>\n\n\n\n<li>zaveden\u00ed ustanoven\u00ed ur\u010den\u00fdch k&nbsp;vlo\u017een\u00ed do spr\u00e1vn\u00edch ujedn\u00e1n\u00ed mezi org\u00e1ny nebo subjekty ve\u0159ejn\u00e9 moci, kter\u00e1 zahrnuj\u00ed vymahateln\u00e1 a \u00fa\u010dinn\u00e1 pr\u00e1va subjekt\u016f \u00fadaj\u016f.<\/li>\n<\/ol>\n\n\n\n<p>Plat\u00ed, \u017ee ve\u0161ker\u00e9 z\u00e1ruky zaveden\u00e9 vl\u00e1dou USA v&nbsp;oblasti n\u00e1rodn\u00ed bezpe\u010dnosti, se vztahuj\u00ed na v\u0161echny \u00fadaje p\u0159ed\u00e1van\u00e9 do US bez ohledu na pou\u017eit\u00fd n\u00e1stroj pro p\u0159ed\u00e1v\u00e1n\u00ed.<\/p>\n\n\n\n<p><strong>Jak\u00fdm zp\u016fsobem mohou subjekty \u00fadaj\u016f v&nbsp;EU pod\u00e1vat st\u00ed\u017enosti?<\/strong><\/p>\n\n\n\n<p><em>Odvol\u00e1n\u00ed<\/em> fyzick\u00fdch osob, kter\u00e9 byly dot\u010deny nedodr\u017een\u00edm z\u00e1sad ochrany soukrom\u00ed a <em>sankce<\/em> pro organizace, kter\u00e9 se t\u011bmito z\u00e1sadami ne\u0159\u00edd\u00ed, jsou n\u00e1pravn\u00e9 mechanismy zaji\u0161\u0165uj\u00edc\u00ed dodr\u017eov\u00e1n\u00ed t\u011bchto z\u00e1sad.<\/p>\n\n\n\n<p>V&nbsp;r\u00e1mci nich pak rozhoduj\u00ed nez\u00e1visl\u00e9 odvolac\u00ed mechanismy, a to bezplatn\u011b s&nbsp;mo\u017enost\u00ed p\u0159izn\u00e1n\u00ed n\u00e1hrady \u0161kody. Odvolac\u00ed mechanismy mus\u00ed spl\u0148ovat po\u017eadavky z\u00e1sady odvolac\u00ed, prosazovac\u00ed a odpov\u011bdnosti. Mimo jin\u00e9 mus\u00ed bez zbyte\u010dn\u00e9ho odkladu reagovat na st\u00ed\u017enosti na dodr\u017eov\u00e1n\u00ed z\u00e1sad, kter\u00e9 jim byly postoupen\u00e9 skrze ministerstvo jednotliv\u00fdmi \u00fa\u0159ady \u010dlensk\u00fdch st\u00e1t\u016f EU.<\/p>\n\n\n\n<p>Odpov\u011b\u010f na st\u00ed\u017enost by m\u011bla uv\u00e1d\u011bt, zda je st\u00ed\u017enost opodstatn\u011bn\u00e1, a jak organizace dan\u00fd probl\u00e9m naprav\u00ed. Opravn\u00e9 prost\u0159edky mus\u00ed b\u00fdt pro fyzick\u00e9 osoby snadno dostupn\u00e9 a bezplatn\u00e9 a informovat je o dal\u0161\u00edm postupu p\u0159i \u0159e\u0161en\u00ed sporu. V&nbsp;r\u00e1mci odvolac\u00edho \u0159\u00edzen\u00ed m\u016f\u017ee doj\u00edt k&nbsp;vyu\u017eit\u00ed opravn\u00fdch prost\u0159edk\u016f a sankc\u00ed spo\u010d\u00edvaj\u00edc\u00edch v odstran\u011bn\u00ed nebo n\u00e1prav\u011b vadn\u00e9ho stavu a zaji\u0161t\u011bn\u00ed budouc\u00edho&nbsp;souladu zpracov\u00e1n\u00ed s&nbsp;t\u011bmito z\u00e1sadami. P\u0159\u00edpadn\u011b m\u016f\u017ee doj\u00edt tak\u00e9 k ukon\u010den\u00ed zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f st\u011b\u017eovatele.<\/p>\n\n\n\n<p><strong>Jak vyu\u017e\u00edt nov\u00fd mechanismus n\u00e1pravy v&nbsp;oblasti n\u00e1rodn\u00ed bezpe\u010dnosti?<\/strong><\/p>\n\n\n\n<p>Subjekty \u00fadaj\u016f v&nbsp;EU mohou podat st\u00ed\u017enost ke sv\u00e9mu n\u00e1rodn\u00edmu \u00fa\u0159adu pro ochranu osobn\u00edch \u00fadaj\u016f (\u00daOO\u00da). Ten zajist\u00ed postoupen\u00ed st\u00ed\u017enosti EDPB (Evropsk\u00fd sbor pro ochranu osobn\u00edch \u00fadaj\u016f), kter\u00fd ji n\u00e1sledn\u011b ode\u0161le \u00fa\u0159ad\u016fm v&nbsp;USA p\u0159\u00edslu\u0161n\u00fdm k&nbsp;vy\u0159\u00edzen\u00ed st\u00ed\u017enosti. Subjekt by m\u011bl obdr\u017eet informaci o dal\u0161\u00edm postupu vy\u0159izov\u00e1n\u00ed st\u00ed\u017enosti, a to v\u010detn\u011b v\u00fdsledk\u016f vy\u0159\u00edzen\u00ed podan\u00e9 st\u00ed\u017enosti. Podm\u00ednkou p\u0159\u00edpustnosti st\u00ed\u017enost\u00ed nen\u00ed povinnost dolo\u017eit, \u017ee \u00fadaje st\u011b\u017eovatele byly shroma\u017e\u010fov\u00e1ny zpravodajsk\u00fdmi slu\u017ebami USA<strong>.<\/strong><\/p>\n\n\n\n<p><strong>Uskute\u010dn\u00ed se v&nbsp;budoucnu p\u0159ezkum Rozhodnut\u00ed o odpov\u00eddaj\u00edc\u00ed ochran\u011b?<\/strong><\/p>\n\n\n\n<p>Ano, prvn\u00ed p\u0159ezkum Rozhodnut\u00ed o odpov\u00eddaj\u00edc\u00ed ochran\u011b prob\u011bhne rok po vstupu tohoto rozhodnut\u00ed v&nbsp;platnost. D\u00e1le se p\u0159edpokl\u00e1d\u00e1, \u017ee se n\u00e1sledn\u00e9 p\u0159ezkumy uskute\u010dn\u00ed nejm\u00e9n\u011b jednou za \u010dty\u0159i roky.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>Sm\u011brnice Evropsk\u00e9ho parlamentu a Rady o opat\u0159en\u00edch k\u00a0zaji\u0161t\u011bn\u00ed vysok\u00e9 spole\u010densk\u00e9 \u00farovn\u011b kybernetick\u00e9 bezpe\u010dnosti v\u00a0Unii (NIS2)<\/strong><\/p>\n\n\n\n<p><strong>N\u00e1vrh nov\u00e9ho z\u00e1kona o kybernetick\u00e9 bezpe\u010dnosti a jeho vyhl\u00e1\u0161ky transponuj\u00ed do \u010desk\u00e9ho pr\u00e1vn\u00edho \u0159\u00e1du sm\u011brnici NIS2, kter\u00e1 p\u0159in\u00e1\u0161\u00ed z\u00e1sadn\u00ed zm\u011bny v&nbsp;oblasti kyberbezpe\u010dnosti.<\/strong> Nyn\u00ed m\u00e1me k&nbsp;dispozici verzi n\u00e1vrhu z\u00e1kona, kter\u00fd byl p\u0159edlo\u017een do mezirezortn\u00edho p\u0159ipom\u00ednkov\u00e9ho \u0159\u00edzen\u00ed. Lze tedy o\u010dek\u00e1vat, \u017ee v&nbsp;r\u00e1mci legislativn\u00edho procesu dojde je\u0161t\u011b k&nbsp;dal\u0161\u00edm zm\u011bn\u00e1m.<\/p>\n\n\n\n<p>Transpozi\u010dn\u00ed lh\u016fta sm\u011brnice po\u017eaduje \u00fa\u010dinnost z\u00e1kona k&nbsp;18. \u0159\u00edjnu 2024. Dle pr\u016fb\u011bhu legislativn\u00edho procesu p\u0159edpokl\u00e1d\u00e1me \u00fa\u010dinnost z\u00e1kona koncem roku 2024.<\/p>\n\n\n\n<p><strong>Na koho dopadne nov\u00fd z\u00e1kon o kybernetick\u00e9 bezpe\u010dnosti?<\/strong><\/p>\n\n\n\n<p>Z\u00e1kon dopadne na poskytovatele regulovan\u00fdch slu\u017eeb. Jejich v\u00fd\u010det je mo\u017en\u00e9 nal\u00e9zt ve vyhl\u00e1\u0161ce o regulovan\u00fdch slu\u017eb\u00e1ch. U regulovan\u00fdch slu\u017eeb se d\u00e1le ur\u010duje re\u017eim ni\u017e\u0161\u00edch \u010di vy\u0161\u0161\u00edch povinnost\u00ed.<\/p>\n\n\n\n<p><strong>Jak\u00e9 hlavn\u00ed povinnosti ze z\u00e1kona plynou?<\/strong><\/p>\n\n\n\n<ol style=\"list-style-type:lower-alpha\">\n<li>Do 30 dn\u016f, kdy subjekt zjist\u00ed, \u017ee naplnil krit\u00e9ria pro identifikaci regulovan\u00e9 slu\u017eby, je povinen se registrovat prost\u0159ednictv\u00edm Port\u00e1lu N\u00daKIB. N\u00daKIB n\u00e1sledn\u011b po\u0161le subjektu vyrozum\u011bn\u00ed o z\u00e1pisu regulovan\u00e9 slu\u017eby,<\/li>\n\n\n\n<li>Do 30 dn\u016f od doru\u010den\u00ed vyrozum\u011bn\u00ed o z\u00e1pisu regulovan\u00e9 slu\u017eby mus\u00ed subjekt nahl\u00e1sit kontaktn\u00ed \u00fadaje prost\u0159ednictv\u00edm Port\u00e1lu N\u00daKIB,<\/li>\n\n\n\n<li>Subjekt definuje rozsah \u0159\u00edzen\u00ed kybernetick\u00e9 bezpe\u010dnosti v&nbsp;organizaci. Pokud subjekt nestanov\u00ed rozsah, m\u00e1 se za to, \u017ee v&nbsp;rozsahu je cel\u00e1 slu\u017eba,<\/li>\n\n\n\n<li>Subjekt je povinen nejpozd\u011bji do 1 roku od doru\u010den\u00ed vyrozum\u011bn\u00ed o z\u00e1pisu regulovan\u00e9 slu\u017eby od N\u00daKIB zav\u00e9st bezpe\u010dnostn\u00ed opat\u0159en\u00ed. Opat\u0159en\u00ed maj\u00ed b\u00fdt zavedena podle re\u017eimu, ve kter\u00e9m je slu\u017eba ur\u010dena,<\/li>\n\n\n\n<li>Subjekt hl\u00e1s\u00ed kybernetick\u00e9 bezpe\u010dnostn\u00ed incidenty prost\u0159ednictv\u00edm Port\u00e1lu N\u00daKIB podle re\u017eimu, ve kter\u00e9m je slu\u017eba ur\u010dena,<\/li>\n\n\n\n<li>Subjekt m\u00e1 informovat z\u00e1kazn\u00edky o incidentech a hrozb\u00e1ch,<\/li>\n\n\n\n<li>Subjekt je povinen prov\u00e1d\u011bt \u00fakony uveden\u00e9 v&nbsp;protiopat\u0159en\u00ed vydan\u00fdch N\u00daKIB a ozn\u00e1mit N\u00daKIB v\u00fdsledek,<\/li>\n\n\n\n<li>Vybran\u00e9 strategicky v\u00fdznamn\u00e9 slu\u017eby mus\u00ed plnit povinnosti z&nbsp;mechanismu bezpe\u010dnosti dodavatelsk\u00e9ho \u0159et\u011bzce, jako je zji\u0161\u0165ovat a evidovat informace o dodavatel\u00edch bezpe\u010dnostn\u011b v\u00fdznamn\u00fdch dod\u00e1vek,<\/li>\n\n\n\n<li>Strategicky v\u00fdznamn\u00e9 slu\u017eby mus\u00ed zajistit dostupnost v&nbsp;nezbytn\u00e9m rozsahu, ve stanoven\u00e9m \u010dase a kvalit\u011b z&nbsp;\u00fazem\u00ed \u010cesk\u00e9 republiky.<\/li>\n<\/ol>\n\n\n\n<p><strong>Jak bude vypadat proces hl\u00e1\u0161en\u00ed kybernetick\u00fdch bezpe\u010dnostn\u00edch incident\u016f?<\/strong><\/p>\n\n\n\n<p><strong><em>Poskytovatel\u00e9 regulovan\u00fdch slu\u017eeb maj\u00ed 1 rok od registrace p\u0159es Port\u00e1l N\u00daKIB na to, aby za\u010dali hl\u00e1sit incidenty.<\/em><\/strong> Proces hl\u00e1\u0161en\u00ed incident\u016f potom z\u00e1le\u017e\u00ed na druhu re\u017eimu, do kter\u00e9ho slu\u017eba spad\u00e1.<\/p>\n\n\n\n<p><strong>Povinn\u00e1 osoba ve vy\u0161\u0161\u00edm re\u017eimu mus\u00ed hl\u00e1sit N\u00daKIB v\u0161echny incidenty, kter\u00e9 maj\u00ed p\u016fvod v&nbsp;kybernetick\u00e9m prostoru a z\u00e1rove\u0148 u nich nelze vylou\u010dit \u00famysln\u00e9 zavin\u011bn\u00ed.<\/strong> V&nbsp;ni\u017e\u0161\u00edm re\u017eimu je nutn\u00e9 hl\u00e1sit N\u00e1rodn\u00edmu CERT v\u0161echny incidenty, kter\u00e9 maj\u00ed p\u016fvod v&nbsp;kybernetick\u00e9m prostoru, maj\u00ed v\u00fdznamn\u00fd dopad a z\u00e1rove\u0148 u nich nelze vylou\u010dit \u00famysln\u00e9 zavin\u011bn\u00ed.<\/p>\n\n\n\n<p><strong>Prvn\u00edm krokem po zji\u0161t\u011bn\u00ed incidentu by m\u011blo b\u00fdt takzvan\u00e9 prvotn\u00ed hl\u00e1\u0161en\u00ed. To by m\u011bl ud\u011blat subjekt do 24 hodin po zji\u0161t\u011bn\u00ed incidentu.<\/strong> Hl\u00e1\u0161en\u00ed by m\u011blo obsahovat identifika\u010dn\u00ed \u00fadaje organizace, z\u00e1kladn\u00ed \u00fadaje o incidentu, zda byl zp\u016fsoben nez\u00e1konn\u00fdm z\u00e1sahem a zda by mohl m\u00edt p\u0159eshrani\u010dn\u00ed dopad. Na z\u00e1klad\u011b toho sd\u011bl\u00ed N\u00daKIB poskytovateli ve vy\u0161\u0161\u00edm re\u017eimu, jestli m\u00e1 incident v\u00fdznamn\u00fd dopad. Pokud nem\u00e1, tak t\u00edm proces pro ohla\u0161ovatele kon\u010d\u00ed.<\/p>\n\n\n\n<p><strong>V&nbsp;ostatn\u00edch p\u0159\u00edpadech mus\u00ed subjekt podat ozn\u00e1men\u00ed do 72 hodin po zji\u0161t\u011bn\u00ed incidentu. <\/strong>Ozn\u00e1men\u00ed by m\u011blo obsahovat prvotn\u00ed posouzen\u00ed incidentu, dopad incidentu a indik\u00e1tory kompromitace. Na v\u00fdzvu N\u00daKIB nebo N\u00e1rodn\u00edho CERT m\u00e1 subjekt povinnost vydat pr\u016fb\u011b\u017enou zpr\u00e1vu. Zpr\u00e1va mus\u00ed obsahovat informace o podstatn\u00fdch zm\u011bn\u00e1ch stavu zvl\u00e1d\u00e1n\u00ed incidentu. <strong>Nejpozd\u011bji do 30 dn\u016f od ozn\u00e1men\u00ed mus\u00ed subjekt vydat z\u00e1v\u011bre\u010dnou zpr\u00e1vu, kter\u00e1 m\u00e1 obsahovat podrobn\u00fd popis incidentu, jeho z\u00e1va\u017enosti a dopadu, druh hrozby, pravd\u011bpodobnou p\u0159\u00ed\u010dinu incidentu, u\u010din\u011bn\u00e1 a prob\u00edhaj\u00edc\u00ed opat\u0159eni ke zm\u00edrn\u011bn\u00ed n\u00e1sledk\u016f a p\u0159\u00edpadn\u00fd p\u0159eshrani\u010dn\u00ed dopad incidentu. <\/strong>Pokud incident st\u00e1le trv\u00e1, p\u0159edlo\u017e\u00ed organizace po uplynut\u00ed lh\u016fty pr\u016fb\u011b\u017enou zpr\u00e1vu o aktu\u00e1ln\u00edm stavu zvl\u00e1d\u00e1n\u00ed incidentu, a po jeho vy\u0159e\u0161en\u00ed nejpozd\u011bji do 30 dn\u016f z\u00e1v\u011bre\u010dnou zpr\u00e1vu o vy\u0159e\u0161en\u00ed incidentu.<\/p>\n\n\n\n<p><strong>Jak bude vypadat mechanismus prov\u011b\u0159ov\u00e1n\u00ed dodavatelsk\u00e9ho \u0159et\u011bzce?<\/strong><\/p>\n\n\n\n<p>Mechanismus dopadne na poskytovatele strategicky v\u00fdznamn\u00fdch slu\u017eeb, \u010d\u00e1st syst\u00e9mu, kterou si poskytovatel\u00e9 sami ur\u010d\u00ed jako kritickou, \u010d\u00e1st syst\u00e9mu, kterou \u00fa\u0159ad ur\u010d\u00ed jako nepominutelnou a bezpe\u010dnostn\u011b v\u00fdznamn\u00e9 dod\u00e1vky sm\u011b\u0159uj\u00edc\u00ed do IT.<\/p>\n\n\n\n<p>Prov\u011b\u0159en\u00ed bude zam\u011b\u0159en\u00e9 na existuj\u00edc\u00ed dodavatele a jejich poddodavatele \u010di potencion\u00e1ln\u00ed dodavatele, kte\u0159\u00ed maj\u00ed vliv na kone\u010dn\u00fd produkt. Pokud \u00da\u0159ad zjist\u00ed v\u00fdznamn\u00e9 ohro\u017een\u00ed bezpe\u010dnosti \u010cesk\u00e9 republiky nebo vnit\u0159n\u00edho \u010di ve\u0159ejn\u00e9ho po\u0159\u00e1dku, m\u016f\u017ee podle m\u00edry zji\u0161t\u011bn\u00e9ho rizika vydat varov\u00e1n\u00ed, reaktivn\u00ed protiopat\u0159en\u00ed nebo opat\u0159en\u00ed obecn\u00e9 povahy, kter\u00fdm stanov\u00ed podm\u00ednky \u010di \u00fapln\u011b zak\u00e1\u017ee vyu\u017eit\u00ed rizikov\u00e9ho dodavatele.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>Z\u00e1kon \u010d. 171\/2023 Sb., o ochran\u011b oznamovatel\u016f<\/strong><\/p>\n\n\n\n<p>Nov\u00fd z\u00e1kon o ochran\u011b oznamovatel\u016f m\u00e1 nab\u00fdt \u00fa\u010dinnosti 1. 8. 2023. <strong>Bude se vztahovat na subjekty s&nbsp;v\u00edce ne\u017e 50 zam\u011bstnanci, obce s&nbsp;v\u00edce ne\u017e 10 tis\u00edci obyvateli, ve\u0159ejn\u00e9 zadavatele, org\u00e1ny ve\u0159ejn\u00e9 moci a ve vybran\u00fdch oblastech i na n\u011bkter\u00e9 dal\u0161\u00ed subjekty.<\/strong><\/p>\n\n\n\n<p>Zam\u011bstnavatel\u00e9 uveden\u00ed v&nbsp;z\u00e1kon\u011b o ochran\u011b tzv. whistleblower\u016f jsou povinni m\u00edt od 1. 8. 2023 zprovozn\u011bn\u00fd intern\u00ed oznamovac\u00ed syst\u00e9m, jeho\u017e prost\u0159ednictv\u00edm m\u00e1 b\u00fdt mo\u017en\u00e9 oznamovat vyjmenovan\u00e1 protipr\u00e1vn\u00ed jedn\u00e1n\u00ed. Zam\u011bstnavatel\u00e9, kte\u0159\u00ed zam\u011bstn\u00e1vaj\u00ed od 50 do 249 zam\u011bstnanc\u016f, maj\u00ed lh\u016ftu na implementaci intern\u00edho oznamovac\u00edho syst\u00e9mu prodlou\u017eenou a\u017e do 15. prosince 2023.<\/p>\n\n\n\n<p><strong>Smyslem syst\u00e9mu m\u00e1 b\u00fdt ochra\u0148ovat identitu oznamovatel\u016f protipr\u00e1vn\u00edho jedn\u00e1n\u00ed, kter\u00e9 m\u00e1 znaky trestn\u00e9ho \u010dinu, p\u0159estupku, za n\u011bj\u017e lze ulo\u017eit pokutu s&nbsp;horn\u00ed hranic\u00ed alespo\u0148 100 tis\u00edc korun<\/strong>, jedn\u00e1n\u00ed poru\u0161uj\u00edc\u00edho z\u00e1kon o ochran\u011b oznamovatel\u016f anebo jin\u00fd pr\u00e1vn\u00ed p\u0159edpis EU&nbsp;ve vymezen\u00fdch oblastech. Schv\u00e1len\u00fd z\u00e1kon je tedy v&nbsp;\u0159ad\u011b oblast\u00ed p\u0159\u00edsn\u011bj\u0161\u00ed ne\u017e evropsk\u00e1 sm\u011brnice, proto\u017ee umo\u017e\u0148uje hl\u00e1\u0161en\u00ed v\u011bt\u0161\u00edho mno\u017estv\u00ed p\u0159\u00edpad\u016f.<\/p>\n\n\n\n<p>P\u0159ijet\u00ed a pro\u0161et\u0159en\u00ed d\u016fvodnosti bude m\u00edt na starosti takzvan\u00e1 <strong>p\u0159\u00edslu\u0161n\u00e1 osoba, kter\u00e1 m\u00e1 p\u016fsobit nez\u00e1visle a nestrann\u011b<\/strong>. O v\u00fdsledku \u0161et\u0159en\u00ed ozn\u00e1men\u00ed mus\u00ed pot\u00e9 p\u0159\u00edslu\u0161n\u00e1 osoba oznamovatele v&nbsp;z\u00e1konem stanoven\u00e9 lh\u016ft\u011b vyrozum\u011bt. Za nespln\u011bn\u00ed t\u011bchto povinnost\u00ed hroz\u00ed povinn\u00e9mu subjektu pokuta a\u017e 1 milion korun. Na opa\u010dn\u00e9 stran\u011b \u2013 osob\u00e1m, kter\u00e9 podaly nepravdiv\u00e9 ozn\u00e1men\u00ed, hroz\u00ed pokuta a\u017e 50 tis\u00edc korun.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>Zah\u00e1jen\u00e1 spole\u010dn\u00e1 dozorov\u00e1 akce EDPB \u2013 CEF 2023<\/strong><\/p>\n\n\n\n<p><strong>Evropsk\u00fd sbor pro ochranu osobn\u00edch \u00fadaj\u016f (EDPB) zah\u00e1jil koordinovanou dozorovou akci (CEF), do kter\u00e9 se m\u011blo zapojit 26 \u00fa\u0159ad\u016f Evropsk\u00e9ho sboru pro ochranu osobn\u00edch \u00fadaj\u016f.<\/strong><\/p>\n\n\n\n<p>Spole\u010dn\u00e1 dozorov\u00e1 akce byla zam\u011b\u0159en\u00e1 na prov\u011b\u0159en\u00ed \u00falohy a postaven\u00ed pov\u011b\u0159enc\u016f pro ochranu osobn\u00edch \u00fadaj\u016f v jednotliv\u00fdch zem\u00edch evropsk\u00e9ho hospod\u00e1\u0159sk\u00e9ho prostoru. Pov\u011b\u0159enci pro ochranu osobn\u00edch \u00fadaj\u016f sehr\u00e1vaj\u00ed d\u016fle\u017eitou roli jako prost\u0159edn\u00edci mezi \u00fa\u0159ady pro ochranu osobn\u00edch \u00fadaj\u016f, jednotlivci, obchodn\u00edmi organizacemi a ve\u0159ejnou spr\u00e1vou.<\/p>\n\n\n\n<p><strong>C\u00edlem dozorov\u00e9 akce je posouzen\u00ed odpov\u00eddaj\u00edc\u00edho postaven\u00ed pov\u011b\u0159enc\u016f v&nbsp;jejich organizac\u00edch podle \u010dl. 37 a\u017e 39 Obecn\u00e9ho na\u0159\u00edzen\u00ed GDPR a prov\u011b\u0159en\u00ed, jestli disponuj\u00ed dostate\u010dn\u00fdmi zdroji pro pln\u011bn\u00ed sv\u00fdch \u00fakol\u016f.<\/strong> Dozorov\u00e9 \u00fa\u0159ady pro ochranu osobn\u00edch \u00fadaj\u016f pot\u00e9 rozhodnou o p\u0159\u00edpadn\u00e9m dal\u0161\u00edm vnitrost\u00e1tn\u00edm dohledu a vynucovac\u00edch opat\u0159en\u00edch. Krom\u011b toho je c\u00edlem akce umo\u017enit hlub\u0161\u00ed vhled do t\u00e9matu, a umo\u017enit tak n\u00e1sledn\u00e1 c\u00edlen\u00e1 opat\u0159en\u00ed na \u00farovni EU.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>Seznamy majitel\u016f datov\u00fdch schr\u00e1nek zmiz\u00ed ze syst\u00e9mu otev\u0159en\u00fdch dat<\/strong><\/p>\n\n\n\n<p><strong>Ze syst\u00e9mu otev\u0159en\u00fdch dat budou odstran\u011bn\u00e9 seznamy nepodnikaj\u00edc\u00edch fyzick\u00fdch osob.<\/strong> Dosud bylo mo\u017en\u00e9 je dohledat na webu Datov\u00fdch schr\u00e1nek v&nbsp;N\u00e1rodn\u00edm katalogu otev\u0159en\u00fdch dat.<\/p>\n\n\n\n<p>Na t\u00e9to zm\u011bn\u011b <strong>se dohodli p\u0159edstavitel\u00e9 \u00daOO\u00da a Digit\u00e1ln\u00ed informa\u010dn\u00ed agentura<\/strong> (DIA). Seznam dr\u017eitel\u016f datov\u00fdch schr\u00e1nek byl zve\u0159ejn\u011bn\u00fd tak, \u017ee umo\u017e\u0148oval d\u00e1lkov\u00fd p\u0159\u00edstup v&nbsp;otev\u0159en\u00e9m a strojov\u011b \u010diteln\u00e9m form\u00e1tu. V&nbsp;seznamu dr\u017eitel\u016f datov\u00fdch schr\u00e1nek bylo mo\u017en\u00e9 zjistit adresu trval\u00e9ho pobytu dr\u017eitel\u016f, co\u017e \u00daOO\u00da vyhodnotil jako nadbyte\u010dn\u00e9 zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f. \u00daOO\u00da z&nbsp;t\u011bchto d\u016fvod\u016f upozornil z\u0159izovatele datov\u00fdch schr\u00e1nek Ministerstvo vnitra na to, \u017ee tento zp\u016fsob zve\u0159ej\u0148ov\u00e1n\u00ed datov\u00fdch schr\u00e1nek je s&nbsp;ohledem na z\u00e1sady zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f podle GDPR nep\u0159ijateln\u00fd.<\/p>\n\n\n\n<p><strong>Od 1. 4. 2023 p\u0159evzala agendu datov\u00fdch schr\u00e1nek DIA, kter\u00e1 okam\u017eit\u011b podstoupila kroky k&nbsp;odstran\u011bn\u00ed seznam\u016f nepodnikaj\u00edc\u00edch FO. <\/strong>Na spole\u010dn\u00e9m jedn\u00e1n\u00ed \u00daOO\u00da a DIA byla dohodnut\u00e1 spolupr\u00e1ce na p\u0159\u00edprav\u011b legislativy, kter\u00e1 by tuto problematiku \u0159e\u0161ila.<\/p>\n\n\n\n<p>Dne 3. 11. 2023 byl nov\u00fd z\u00e1kon vyhl\u00e1\u0161en ve Sb\u00edrce z\u00e1kon\u016f a 1. 2. 2024 m\u00e1 nab\u00fdt \u00fa\u010dinnosti. <strong>Nov\u00e1 \u00faprava nem\u011bn\u00ed rozsah \u00fadaj\u016f zve\u0159ej\u0148ovan\u00fdch v&nbsp;seznamu, ale nahrazuje princip opt-out principem opt-in \u2013 tedy m\u00edsto automatick\u00e9ho z\u00e1pisu na seznam s&nbsp;mo\u017enost\u00ed podat \u017e\u00e1dost o v\u00fdmaz m\u016f\u017ee fyzick\u00e1 osoba nebo podnikaj\u00edc\u00ed fyzick\u00e1 osoba po\u017e\u00e1dat o z\u00e1pis na seznam.<\/strong> D\u00e1le nov\u011b mohou podnikaj\u00edc\u00ed i fyzick\u00e9 osoby podat \u017e\u00e1dost o v\u00fdmaz ze seznamu.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>Pr\u016fvodce ochranou osobn\u00edch \u00fadaj\u016f pro mal\u00e9 podniky<\/strong><\/p>\n\n\n\n<p>Evropsk\u00fd sbor pro ochranu osobn\u00edch \u00fadaj\u016f (EDPB) na sv\u00e9m webu zve\u0159ejnil Pr\u016fvodce ochranou osobn\u00edch \u00fadaj\u016f pro mal\u00e9 podniky. <strong>Prost\u0159ednictv\u00edm pr\u016fvodce se EDPB sna\u017e\u00ed informovat men\u0161\u00ed podniky o r\u016fzn\u00fdch aspektech GDPR. Pr\u016fvodce m\u00e1 b\u00fdt snadno p\u0159\u00edstupn\u00fd, srozumiteln\u00fd a interaktivn\u00ed<\/strong> (obsahuje videa, grafiky a dal\u0161\u00ed materi\u00e1ly).<\/p>\n\n\n\n<p>V&nbsp;sou\u010dasnosti je k&nbsp;dispozici pouze v&nbsp;angli\u010dtin\u011b, \u010dasem bude p\u0159\u00edstupn\u00fd i v&nbsp;dal\u0161\u00edch jazyc\u00edch. Pr\u016fvodce naleznete pod t\u00edmto odkazem: <a href=\"https:\/\/edpb.europa.eu\/sme-data-protection-guide\/home_en\">https:\/\/edpb.europa.eu\/sme-data-protection-guide\/home_en<\/a>.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>Digital Governance Act (DGA) \u2013 Na\u0159\u00edzen\u00ed EU o spr\u00e1v\u011b dat z\u00a0pohledu osobn\u00edch \u00fadaj\u016f<\/strong><\/p>\n\n\n\n<p><strong>DGA bylo publikovan\u00e9 v&nbsp;\u00da\u0159edn\u00edm v\u011bstn\u00edku EU 3. 6. 2022 a nabude \u00fa\u010dinnosti 24. 9. 2023. Na\u0159\u00edzen\u00ed m\u00e1 usnadnit sd\u00edlen\u00ed osobn\u00edch i neosobn\u00edch dat v r\u00e1mci zem\u00ed EU, kde budou pro tento \u00fa\u010del vytvo\u0159en\u00e9 zprost\u0159edkovatelsk\u00e9 struktury.<\/strong><\/p>\n\n\n\n<p>Dopl\u0148kem DGA bude akt o datech (DA), kter\u00fd mimo jin\u00e9 zavede povinn\u00e9 sd\u00edlen\u00ed dat. Definice dat, na kter\u00e9 se DGA vztahuje, je velmi \u0161irok\u00e1 a zahrnuje i osobn\u00ed \u00fadaje. DGA stanov\u00ed pravidla pro usnadn\u011bn\u00ed op\u011btovn\u00e9ho pou\u017eit\u00ed \u00fadaj\u016f ve\u0159ejn\u00e9ho sektoru, na kter\u00e9 se vztahuje st\u00e1vaj\u00edc\u00ed ochrana (obchodn\u00ed tajemstv\u00ed, du\u0161evn\u00ed vlastnictv\u00ed nebo ochrana \u00fadaj\u016f), r\u00e1mec pro zprost\u0159edkovatele dat (povinn\u00e1 certifikace), datov\u00fd altruismus a pro Evropsk\u00fd sbor pro datov\u00e9 inovace (EDIB).<\/p>\n\n\n\n<p>DGA je subsidi\u00e1rn\u00ed k&nbsp;GDPR a nen\u00ed j\u00edm nijak dot\u010deno. DGA m\u00e1 velk\u00fd dopad na postaven\u00ed \u00fa\u0159ad\u016f pro ochranu osobn\u00edch \u00fadaj\u016f, jeliko\u017e jim ukl\u00e1d\u00e1 \u0159adu nov\u00fdch povinnost\u00ed.<\/p>\n\n\n\n<p>DGA nap\u0159. v&nbsp;\u010dl. 7 od\u016fvodn\u011bn\u00ed popisuje <strong>techniky jako syntetick\u00e1 data a diferenci\u00e1ln\u00ed soukrom\u00ed, kter\u00e9 by m\u011bly podporovat ochranu osobn\u00edch \u00fadaj\u016f, a nav\u00edc umo\u017enit ve\u0159ejn\u00e9mu sektoru v\u011bt\u0161\u00ed sd\u00edlen\u00ed dat. \u010cl. 5 odst. 5 a bod 8 od\u016fvodn\u011bn\u00ed se potom zab\u00fdv\u00e1 podporou anonymizace soubor\u016f.<\/strong><\/p>\n\n\n\n<p>Op\u011btovn\u00e1 identifikace subjekt\u016f z&nbsp;anonymizovan\u00fdch soubor\u016f by m\u011bla b\u00fdt podle na\u0159\u00edzen\u00ed zak\u00e1zan\u00e1. V \u010dl. 25 odst. 1 a 3 zav\u00e1d\u00ed <em>evropsk\u00fd formul\u00e1\u0159 souhlasu s&nbsp;datov\u00fdm altruismem<\/em>, kter\u00fd bude vytvo\u0159en ve spolupr\u00e1ci s&nbsp;Evropsk\u00fdm sborem pro ochranu osobn\u00edch \u00fadaj\u016f (EDPB).<br><br>O datov\u00fd altruismus se jedn\u00e1 v p\u0159\u00edpad\u011b, kdy jednotlivci a firmy dobrovoln\u011b bez odm\u011bny zp\u0159\u00edstupn\u00ed data k&nbsp;pou\u017eit\u00ed pro realizaci c\u00edle ve\u0159ejn\u00e9ho z\u00e1jmu (nap\u0159\u00edklad pro boj proti zm\u011bn\u011b klimatu). Tento souhlas bude mo\u017en\u00e9 tak\u00e9 odvolat.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">\ud83d\udfe3<strong>Konflikt pr\u00e1va na svobodu projevu s\u00a0pr\u00e1vem b\u00fdt zapomenut\u00a0\u00a0<\/strong><\/p>\n\n\n\n<p>Velk\u00fd sen\u00e1t Evropsk\u00e9ho soudu pro lidsk\u00e1 pr\u00e1va (ESLP) rozhodl rozsudkem dne 4. 7. 2023 <strong>o st\u00ed\u017enosti belgick\u00e9ho vydavatele Hurbaina proti Belgii (\u010d. 57292\/16), kter\u00fd brojil proti rozhodnut\u00ed belgick\u00fdch soud\u016f, kter\u00e9 mu ulo\u017eily anonymizovat archivovanou elektronickou verzi \u010dl\u00e1nku z&nbsp;roku 1994. V&nbsp;n\u011bm bylo uveden\u00e9 jm\u00e9no a p\u0159\u00edjmen\u00ed pana G., \u0159idi\u010de odpov\u011bdn\u00e9ho za smrtelnou dopravn\u00ed nehodu.<\/strong><\/p>\n\n\n\n<p>ESLP uvedl, \u017ee st\u011b\u017eovatelem nam\u00edtan\u00fd z\u00e1sah do jeho pr\u00e1va na svobodu projevu a svobodu tisku byl v&nbsp;dan\u00e9m p\u0159\u00edpad\u011b souladn\u00fd s&nbsp;pr\u00e1vem a sledoval legitimn\u00ed c\u00edl, kter\u00fdm byla ochrana pov\u011bsti nebo pr\u00e1v jin\u00fdch, konkr\u00e9tn\u011b pana G. a respektov\u00e1n\u00ed jeho soukrom\u00e9ho \u017eivota. ESLP zohlednil, \u017ee v dan\u00e9m p\u0159\u00edpad\u011b \u201epr\u00e1vo b\u00fdt zapomenut\u201c bylo panem G. uplatn\u011bno 20 let po ud\u00e1lostech, kter\u00e9 zjevn\u011b nem\u011bly historick\u00fd v\u00fdznam, pan G. nebyl ve\u0159ejnou osobou, co\u017e nep\u0159isp\u011blo k ve\u0159ejn\u00e9mu z\u00e1jmu o \u010dl\u00e1nek, kter\u00fd pouze statisticky p\u0159isp\u011bl k ve\u0159ejn\u00e9 diskusi o bezpe\u010dnosti silni\u010dn\u00edho provozu.<\/p>\n\n\n\n<p>Pan G. byl ve\u0159ejnosti nezn\u00e1m\u00fd a nevzbudil z\u00e1jem ve\u0159ejnosti ani v dob\u011b, kdy zve\u0159ejn\u011bn\u00e1 ud\u00e1lost nastala, a to ani v dob\u011b, kdy byla archivovan\u00e1 verze \u010dl\u00e1nku publikovan\u00e1 na internet. <strong>Z&nbsp;toho d\u016fvodu p\u0159ev\u00e1\u017eilo pr\u00e1vo pana G. \u201eb\u00fdt zapomenout\u201c nad svobodou projevu a tisku belgick\u00e9ho vydavatele (st\u011b\u017eovatele).<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>V n\u00e1sleduj\u00edc\u00edm p\u0159ehledu v\u00e1s sezn\u00e1m\u00edme s&nbsp;ned\u00e1vn\u00fdmi rozhodnut\u00edmi \u00da\u0159adu pro ochranu osobn\u00edch \u00fadaj\u016f (\u00daOO\u00da), z\u00e1v\u011bry proveden\u00fdch kontrol a s&nbsp;dal\u0161\u00edmi novinkami v&nbsp;oblasti ochrany osobn\u00edch [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Problematika ochrany osobn\u00edch \u00fadaj\u016f 02\/23 - Haven Advisory<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Problematika ochrany osobn\u00edch \u00fadaj\u016f 02\/23 - Haven Advisory\" \/>\n<meta property=\"og:description\" content=\"V n\u00e1sleduj\u00edc\u00edm p\u0159ehledu v\u00e1s sezn\u00e1m\u00edme s&nbsp;ned\u00e1vn\u00fdmi rozhodnut\u00edmi \u00da\u0159adu pro ochranu osobn\u00edch \u00fadaj\u016f (\u00daOO\u00da), z\u00e1v\u011bry proveden\u00fdch kontrol a s&nbsp;dal\u0161\u00edmi novinkami v&nbsp;oblasti ochrany osobn\u00edch [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Haven Advisory\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-27T09:44:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-26T10:55:38+00:00\" \/>\n<meta name=\"author\" content=\"info@haven-advisory.cz info@haven-advisory.cz\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"20 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/\",\"url\":\"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/\",\"name\":\"Problematika ochrany osobn\u00edch \u00fadaj\u016f 02\/23 - Haven Advisory\",\"isPartOf\":{\"@id\":\"https:\/\/haven-advisory.cz\/#website\"},\"datePublished\":\"2023-12-27T09:44:02+00:00\",\"dateModified\":\"2024-02-26T10:55:38+00:00\",\"author\":{\"@id\":\"https:\/\/haven-advisory.cz\/#\/schema\/person\/2cb145725791f76aa97320d1ca15b328\"},\"breadcrumb\":{\"@id\":\"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/haven-advisory.cz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Problematika ochrany osobn\u00edch \u00fadaj\u016f 02\/23\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/haven-advisory.cz\/#website\",\"url\":\"https:\/\/haven-advisory.cz\/\",\"name\":\"Haven Advisory\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/haven-advisory.cz\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/haven-advisory.cz\/#\/schema\/person\/2cb145725791f76aa97320d1ca15b328\",\"name\":\"info@haven-advisory.cz info@haven-advisory.cz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/haven-advisory.cz\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2038e22556e355d2731ef31b3f584531?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2038e22556e355d2731ef31b3f584531?s=96&d=mm&r=g\",\"caption\":\"info@haven-advisory.cz info@haven-advisory.cz\"},\"sameAs\":[\"https:\/\/haven-advisory.cz\"],\"url\":\"https:\/\/haven-advisory.cz\/aktuality\/author\/haven-admin-2023\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Problematika ochrany osobn\u00edch \u00fadaj\u016f 02\/23 - Haven Advisory","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/","og_locale":"cs_CZ","og_type":"article","og_title":"Problematika ochrany osobn\u00edch \u00fadaj\u016f 02\/23 - Haven Advisory","og_description":"V n\u00e1sleduj\u00edc\u00edm p\u0159ehledu v\u00e1s sezn\u00e1m\u00edme s&nbsp;ned\u00e1vn\u00fdmi rozhodnut\u00edmi \u00da\u0159adu pro ochranu osobn\u00edch \u00fadaj\u016f (\u00daOO\u00da), z\u00e1v\u011bry proveden\u00fdch kontrol a s&nbsp;dal\u0161\u00edmi novinkami v&nbsp;oblasti ochrany osobn\u00edch [&hellip;]","og_url":"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/","og_site_name":"Haven Advisory","article_published_time":"2023-12-27T09:44:02+00:00","article_modified_time":"2024-02-26T10:55:38+00:00","author":"info@haven-advisory.cz info@haven-advisory.cz","twitter_card":"summary_large_image","twitter_misc":{"Napsal(a)":false,"Odhadovan\u00e1 doba \u010dten\u00ed":"20 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/","url":"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/","name":"Problematika ochrany osobn\u00edch \u00fadaj\u016f 02\/23 - Haven Advisory","isPartOf":{"@id":"https:\/\/haven-advisory.cz\/#website"},"datePublished":"2023-12-27T09:44:02+00:00","dateModified":"2024-02-26T10:55:38+00:00","author":{"@id":"https:\/\/haven-advisory.cz\/#\/schema\/person\/2cb145725791f76aa97320d1ca15b328"},"breadcrumb":{"@id":"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/haven-advisory.cz\/aktuality\/prehled-k-problematice-ochrany-osobnich-udaju-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/haven-advisory.cz\/"},{"@type":"ListItem","position":2,"name":"Problematika ochrany osobn\u00edch \u00fadaj\u016f 02\/23"}]},{"@type":"WebSite","@id":"https:\/\/haven-advisory.cz\/#website","url":"https:\/\/haven-advisory.cz\/","name":"Haven Advisory","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/haven-advisory.cz\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/haven-advisory.cz\/#\/schema\/person\/2cb145725791f76aa97320d1ca15b328","name":"info@haven-advisory.cz info@haven-advisory.cz","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/haven-advisory.cz\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2038e22556e355d2731ef31b3f584531?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2038e22556e355d2731ef31b3f584531?s=96&d=mm&r=g","caption":"info@haven-advisory.cz info@haven-advisory.cz"},"sameAs":["https:\/\/haven-advisory.cz"],"url":"https:\/\/haven-advisory.cz\/aktuality\/author\/haven-admin-2023\/"}]}},"_links":{"self":[{"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/posts\/2201"}],"collection":[{"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/comments?post=2201"}],"version-history":[{"count":3,"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/posts\/2201\/revisions"}],"predecessor-version":[{"id":2554,"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/posts\/2201\/revisions\/2554"}],"wp:attachment":[{"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/media?parent=2201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/categories?post=2201"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haven-advisory.cz\/wp-json\/wp\/v2\/tags?post=2201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}