IQ ideas logo
Anglická vlajka
Slovenská vlajka

Personal data protection

Act no. 18/2018 of the Codex as amended

Act no. 18/2018 about the personal data protection

and its application

An amendment to the Act about personal data protection is in force from the year 2013. This amendment assigned to the companies an obligation to to protect all personal data they work with throughout the business activities performed. Personal data are tied to the individuals only, so the data of corporate entities or self-employed are not concerned. Among the most common personal data belong name, surname, address, date of birth, identification number, or combination of these data. Some conditions of the Act were changed by full wording of the Act under no. 84/2014 in May 2014. In addition to this, the Office for personal data protection issues various guidelines that have explanatory nature of some of the act requirements. Mainly it includes requirements related to usage of video surveillance systems, e-shops, cloud services, biometric data and alike.

Our portfolio of services in the personal data protection area

We supported many companies with implementation of the Act about personal data protection. I doesn\'t matter what is the company\'s core business, usually each company has at least employees, whose personal data have to be protected. This protection is documented in a security directive or in a security project, depending on if you process the data on a computer that is or is not connected to the internet. Each company has different \"kinds\" of the personal data, that have to be protected. Due to this, the initial analysis of so called (based on the law definition) \"information systems\" is the key for creating security documentation that is tailored to the needs.

  • 1
    Initial status analysis
    it is necessary to create an initial analysis in each company, to properly meet legal requirements. This analysis consists of the identification of "information systems", authorized persons, intermediaries and overall definition of the physical space, where the personal data are processed
  • 2
    Elaboration of the registration cards of the information systems
    most of the information systems does not have to be reported to the Office for personal data protection, but evidence of them has to be available in the company
  • 3
    Elaboration of authorized persons guidance
    the authorized persons have to be instructed, how to process personal data they come into contact with, so it is assured the protection against damage, misuse or lost respectively.
  • 4
    Elaboration of the contracts with the intermediaries
    intermediaries are companies that process personal data on behalf of the organization (e.g. company providing accounting, IT services, etc.); so the organization has to assure that the data provided to the intermediary are as well protected and confidential
  • 5
    Elaboration of the risk analysis
    the analysis of risks that influence the data protection is important part of setting up the preventive actions - technical, personal or organizational
  • 6
    Elaboration of the security directive
    security directive covers technical, organizational and personal measures for the personal data protection in the company
  • 7
    Elaboration of the security project
    overall summary of the security measures, risk analysis methodology as well as the physical definition of the space where the personal data are processed or located respectively, is covered in the security project
  • 8
    Assistence by the information systems reporting or individual registration in the Office respectively
    by meeting some of the requirements of the Act, the information system has to be reported to the Office for personal data protection (e.g. video-surveillance system or marketing campaings), or has to be individually registered respectively (processing of biometric data - attendance system using fingerprints)
  • 9
    Update and review of the alignment with the Act no. 18/2018
    a condition of the act talks about regular inspection activities oriented to the adherence to the rules of personal data protection, review of the risks set as well as about the update of the security documentation from the amendment of the law point of view