Act No. 256 / 1992 Coll.
Law on the protection of personal data in information systems
Valid
Effective from 01.06.1992
256
THE LAW
of 29 April 1992
on the protection of personal data in information systems
The Federal Assembly of the Czech and Slovak Federal Republic decided on this law:
Scope
The Act provides for the protection of personal data, in particular the obligations relating to the protection of information in the operation of an information system which treats personal data and the responsibility of the information system operator and other natural and legal persons involved in the implementation of activities related to the operation of such an information system.
This law also applies to information systems based on special legislation.1)
DEFINITION OF CERTAIN OBJECTIVES FOR THE PURPOSE OF THIS LAW
Information
Information relating to a person shall be personal data.
Information system
The information system shall mean a functional unit ensuring a targeted and systematic collection, processing, storage and disclosure of information. Each information system shall include an information base, technical and programming means, technologies and procedures and personnel.
Operation of the information system
The operation of the information system shall be understood as carrying out activities aimed at the collection (collection) of information, their input processing, the storage of information in an alleged base, the processing of information for the internal needs of the system or the provision of an information service. The operation shall cover all or just some of the above activities.
Information service
The information service means carrying out activities aimed at providing information from the information system, usually linked to the processing of information stored in the information system.
Processing of information
Processing of information means:
(a) technical or content adjustment of the information;
(b) automated processing, including operations carried out in full or in part by means of means of automation, in particular the retention of information and data, the conduct of logical or arithmetic operations with information and data, their modification and erasure;
(c) the inclusion of information without physical or material change in a set of information or other communication which may be intended for purposes other than the provision of an information service.
Disposal of information
Disposal information shall mean its deletion or physical distribution in such a way that the information cannot be reassembled or the physical destruction of the material medium to which it is bound.
Participants to the exchange of information
Participants in the exchange of information shall mean the information system operator (hereinafter referred to as "operator '), the user of information services (hereinafter referred to as" user') and the information intermediary (hereinafter referred to as "intermediary ').
Person concerned
The person concerned shall mean the individual natural person to whom the information relates.
Operator
(1) The operator is a natural or legal person who ensures the processing of information or the provision of information services and acts against other natural or legal persons as a rightholder of the rights and obligations associated with the operation of the information system.
(2) They shall not be considered as operators:
(a) natural persons who, in the course of their work or similar relationship, come into contact with information handled by the relevant information system;
(b) legal persons carrying out activities in the operation of the information system under a contract concluded with the operator.
User
User means any natural or legal person who uses or requests information obtained from the information system within the framework of information services provided by the information system.
Intermediate
The intermediary shall mean a natural or legal person who ascertains, collects, processes or provides information to the operator or user.
Appropriate means of collecting information
An appropriate means of collecting information shall be understood to mean their detection, which is not disguised for another purpose, covered by another activity and does not undermine the rights and freedoms of citizens.
Published information
Information disclosed to the public by means of mass media or electronic publicly available information services shall be considered as published information.
OBLIGATIONS RELATING TO THE OPERATING INFORMATION SYSTEM
To operate an information system which treats information that speaks to the person concerned's personality and privacy, racial origin, nationality, political attitudes and membership of political parties and movements, relation to religion, to his or her crime, health, sexual life and property conditions, may only be provided for by a special law or with the consent of a living person concerned, if it is possible for him or her to do so. If the condition of consent cannot be fulfilled, the information may be handled only if human dignity, personal honor, reputation and the reputation of the person concerned are preserved.
The obligations of the operator shall be:
(a) operate the information system in accordance with the purpose for which the system is established;
(b) to obtain information in a range appropriate to the purpose for which the system is established, in particular to avoid the collection of excess data;
(c) verify that the information that the information system is handling is accurate and updated as necessary;
(d) identify in an appropriate manner in the information system inaccurate or unverified information;
(e) not to keep false information in the information system;
(f) to prevent the pooling of information and information systems serving different purposes, unless otherwise provided for in a separate law;
(g) to obtain information for information systems in an appropriate manner; the acquisition of information under cover of another purpose or activity may only be provided by a separate law;
(h) keep information enabling the person concerned to be identified only for a reasonable period of time for the purposes of the information system, unless otherwise provided by the special law;
(i) to ensure the protection of information and the whole system against accidental or unauthorised destruction, accidental damage as well as unauthorised access or processing;
(j) determine the rights and obligations of natural and legal persons having access to the information system;
(k) take measures to ensure that, after the end of the working or similar relationship between the natural person and the operator, the information handled by the relevant information system cannot be used by that person; similar measures shall also be taken against persons who, in the performance of their tasks with the operator, come or may come into contact with information handled by the relevant information system,
(l) to provide, once a year, free of charge or with appropriate remuneration at any time, to each person concerned on request, a report on the information about it stored in the information system, unless otherwise provided by the special law.
(1) At the end of the operation of the information system, the operator shall be obliged to take such measures that the information that the information system has handled cannot be misused.
(2) In the event of a breach of the obligation referred to in paragraph 1, the beneficiary shall be entitled to satisfaction, the removal of the defective condition, the issue of unjustified enrichment by the person who obtained it, and the entitlement provided for in Article 20 (d) and (e).
(1) The intermediary shall:
(a) verify that the information it provides is accurate;
(b) the inaccurate or unverified information must be appropriately marked, or, where possible, remove that inaccuracy;
(c) to obtain information for information systems in an appropriate manner; the acquisition of information under cover of another purpose or activity may only be provided by a separate law;
(d) ensure the protection of intermediary information against accidental or unauthorised destruction, accidental damage, as well as unauthorised access or processing.
(2) When providing information to both users and operators, the intermediary shall keep the information obtained in connection with the performance of the intermediary activities only for as long as is strictly necessary and within the scope of the operator's approval.
In the event of an infringement of an operator's obligations referred to in Article 17, the natural person entitled to the operator shall be entitled to:
(a) abstain from such action, from the removal of the malfunctioning, the issue of unjustified enrichment to the entity at the expense of which the enrichment was obtained and the provision of satisfaction (apologies, corrections) to the person whose breach of obligations has been damaged by the operator. The right to grant satisfaction shall not arise in the event of an infringement under Article 17 (d) and (e), unless the operator has infringed its obligation under Article 17 (e). (c) or where it proves that the information has been handled within the limits of the consent of the person concerned or where the information is disclosed;
(b) the disposal of information; the claim is incurred if the operator has infringed the obligations referred to in Article 17 (a), (b), (d), (e), (g), (h). Such a claim shall also be established where the information system dealing with the information disclosed is concerned, where it appears that such information has been made public unduly or where such information has been corrected,
(c) the addition of information in the case of information entered into the information system with the consent of the person concerned or the information published;
(d) the payment of an adequate remuneration where its right to human dignity, personal honour, reputation and protection of its name has been infringed if it is not punishable by existing civil and commercial institutions;
(e) the avoidance of access to information during a dispute, unless the competent authority for decision-making exceptionally provides otherwise; the claim relates only to the dispute between the information concerned.
The intermediary shall be responsible for the activities it carries out for the operator or user to the extent that the operator is responsible.
(1) Natural persons, in the context of their work or similar relationship, or in the context of their public or other functions (e.g. the function of a judicial expert, auditor) or other persons who, in the performance of their duties with the operator, come in contact with information handled by the relevant information system (hereinafter referred to as "obliged persons"), have an obligation of confidentiality regarding such information and may not disclose it to other bodies or use it for themselves without the consent of the operator, unless otherwise provided for by a special law.
(2) The obligations referred to in paragraph 1 remain after the end of the employment or similar relationship between the obliged entity and the operator or after the performance of the duties of the obliged entity.
(3) In the event of a breach of the obligations referred to in paragraph 1, the person entitled to the debtor shall be entitled to:
(a) abstention from such negotiations, the removal of a defective condition, the issue of unjustified enrichment and the provision of satisfaction (apologies, corrections) at the expense of the debtor;
(b) the disposal of information which has been made available or used illegally;
(c) payment of an adequate remuneration where, by failing to fulfil these obligations, the debtor has caused damage, in particular of a non-material nature which is not punishable by the existing civil and commercial institutions and which is not linked to the fulfilment of other claims under this paragraph;
(d) the avoidance of disclosure of information in the course of a dispute, unless the decision-making authority has exceptionally provided otherwise; the claim relates only to the dispute between the information concerned.
(4) Where those obligations are infringed by a mandatory person who is in a working or similar proportion to the operator, the operator shall be responsible for the provision of the cash performance referred to in paragraph 3 (c) and for the provision of the satisfaction referred to in paragraph 3 (a).
(5) Where someone receives information from the information system by unlawful action, paragraphs 1 and 3 shall apply mutatis mutandis.
Disputes arising from the application of rights and obligations under this law shall be settled by the court.
REGISTRATION OF THE INFORMATION SYSTEM AND SUPERVISORY FOR OPERATING THE INFORMATION SYSTEM
In order to register and supervise the operation of information systems, the competent authorities established by specific laws shall be responsible.
Application for registration
(1) The authority referred to in Section 24 records registered information systems during their operation. The register shall be publicly available and officially published by that authority on 31 December.
(2) The operator shall inform the authority referred to in Section 24 without undue delay of the termination of the operation of the information system, indicating the date on which the operation of the information system is terminated. This shall not apply to information systems not subject to registration.
Only information systems handling the information referred to in Article 16 shall be subject to registration unless they are solely for the operator's internal needs; the exceptions to the registration obligation are laid down in a separate law. The registration shall not be subject to information systems handling exclusively the information published.
TRANSITIONAL AND FINAL PROVISIONS
An information system established after the effective date of this Act may be operated only if the conditions laid down in this Act are fulfilled; its operator shall apply for registration within three months of the entry into force of the law establishing the authority referred to in § 24.
The Government of the Czech and Slovak Federal Republic may exceptionally lay down conditions for the operation of an already functioning information system which does not comply with this Act for a period of no longer than three years from the entry into force of this Act. This is without prejudice to the obligation of the operator to apply for registration by an authority under Paragraph 24 within three months of the entry into force of the law establishing that authority.
This Act shall take effect on the day of its publication.
Havel. v. r.
Dubček v. r.
CHF
1) For example, Act No. 244 / 1991 Coll., on the Federal Security Information Service, Act No. 455 / 1991 Coll., on Business Business (Trade Act), Act No. 563 / 1991 Coll., on Accounting, Act No. 47 / 1990 Coll., on the elections to the Federal Assembly, as amended.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Act No. 256 / 1992 Coll., on the Protection of Personal Data in Information Systems |
|---|---|
| Regulation Type | - |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 01.06.1992 |
|---|---|
| Effective from | 01.06.1992 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0