{"id":62809,"date":"2024-03-22T15:48:25","date_gmt":"2024-03-22T06:48:25","guid":{"rendered":"https:\/\/monolith.law\/cs\/?p=62809"},"modified":"2024-03-31T13:06:31","modified_gmt":"2024-03-31T04:06:31","slug":"gdpr-extraterritorial-application","status":"publish","type":"post","link":"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application","title":{"rendered":"Jak postupovat, kdy\u017e se GDPR uplat\u0148uje mimo \u00fazem\u00ed? Vysv\u011btlen\u00ed metod \u0159e\u0161en\u00ed"},"content":{"rendered":"\n<p>GDPR je pravidlo stanoven\u00e9 EU, kter\u00e9 ur\u010duje ochranu osobn\u00edch \u00fadaj\u016f a jejich zpracov\u00e1n\u00ed. Pokud rozv\u00edj\u00edte sv\u00e9 produkty nebo slu\u017eby v r\u00e1mci EU, m\u016f\u017ee se na v\u00e1s GDPR vztahovat. Nicm\u00e9n\u011b, m\u016f\u017ee b\u00fdt nejasn\u00e9, zda se va\u0161e spole\u010dnost nach\u00e1z\u00ed v r\u00e1mci p\u016fsobnosti GDPR a co byste m\u011bli d\u011blat v p\u0159\u00edpad\u011b, \u017ee se to na v\u00e1s vztahuje.<\/p>\n\n\n\n<p>V tomto \u010dl\u00e1nku vysv\u011btl\u00edme rozsah p\u016fsobnosti GDPR, co byste m\u011bli d\u011blat, pokud se na v\u00e1s GDPR vztahuje, a jak\u00e9 kroky jsou vy\u017eadov\u00e1ny. Najdete zde tak\u00e9 Q&amp;A t\u00fdkaj\u00edc\u00ed se aplikace GDPR, kter\u00e9 v\u00e1m mohou pomoci l\u00e9pe porozum\u011bt t\u00e9to problematice.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Rozsah_pusobnosti_GDPR\" title=\"Rozsah p\u016fsobnosti GDPR\">Rozsah p\u016fsobnosti GDPR<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Co_musi_delat_firmy_podlehajici_GDPR\" title=\"Co mus\u00ed d\u011blat firmy podl\u00e9haj\u00edc\u00ed GDPR?\">Co mus\u00ed d\u011blat firmy podl\u00e9haj\u00edc\u00ed GDPR?<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Jmenovani_zastupce_v_EUUK\" title=\"Jmenov\u00e1n\u00ed z\u00e1stupce v EU\/UK\">Jmenov\u00e1n\u00ed z\u00e1stupce v EU\/UK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Zahrnuti_informaci_do_zasad_ochrany_osobnich_udaju\" title=\"Zahrnut\u00ed informac\u00ed do z\u00e1sad ochrany osobn\u00edch \u00fadaj\u016f\">Zahrnut\u00ed informac\u00ed do z\u00e1sad ochrany osobn\u00edch \u00fadaj\u016f<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Sankce_za_nejmenovani_zastupce\" title=\"Sankce za nejmenov\u00e1n\u00ed z\u00e1stupce\">Sankce za nejmenov\u00e1n\u00ed z\u00e1stupce<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Povinnosti_zastupce\" title=\"Povinnosti z\u00e1stupce\">Povinnosti z\u00e1stupce<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Zpracovani_zaznamu_podle_clanku_30\" title=\"Zpracov\u00e1n\u00ed z\u00e1znam\u016f podle \u010dl\u00e1nku 30\">Zpracov\u00e1n\u00ed z\u00e1znam\u016f podle \u010dl\u00e1nku 30<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Reakce_na_dotazy_subjektu_udaju_nebo_dozorovych_organu\" title=\"Reakce na dotazy subjekt\u016f \u00fadaj\u016f nebo dozorov\u00fdch org\u00e1n\u016f\">Reakce na dotazy subjekt\u016f \u00fadaj\u016f nebo dozorov\u00fdch org\u00e1n\u016f<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Q_A_k_aplikaci_Narizeni_GDPR\" title=\"Q&amp;A k aplikaci Na\u0159\u00edzen\u00ed GDPR\">Q&amp;A k aplikaci Na\u0159\u00edzen\u00ed GDPR<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Je_nutne_se_prizpusobit_GDPR_i_kdyz_neplanujeme_expanzi_do_zahranici\" title=\"Je nutn\u00e9 se p\u0159izp\u016fsobit GDPR, i kdy\u017e nepl\u00e1nujeme expanzi do zahrani\u010d\u00ed?\">Je nutn\u00e9 se p\u0159izp\u016fsobit GDPR, i kdy\u017e nepl\u00e1nujeme expanzi do zahrani\u010d\u00ed?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Jake_kroky_je_treba_podniknout_pri_spusteni_preshranicniho_e-commerce_webu_zamereneho_na_EU\" title=\"Jak\u00e9 kroky je t\u0159eba podniknout p\u0159i spu\u0161t\u011bn\u00ed p\u0159eshrani\u010dn\u00edho e-commerce webu zam\u011b\u0159en\u00e9ho na EU?\">Jak\u00e9 kroky je t\u0159eba podniknout p\u0159i spu\u0161t\u011bn\u00ed p\u0159eshrani\u010dn\u00edho e-commerce webu zam\u011b\u0159en\u00e9ho na EU?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Jaky_je_rozdil_mezi_GDPR_a_UK_GDPR\" title=\"Jak\u00fd je rozd\u00edl mezi GDPR a UK GDPR?\">Jak\u00fd je rozd\u00edl mezi GDPR a UK GDPR?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Shrnuti_V_pripade_potizi_s_GDPR_se_obratte_na_odborniky\" title=\"Shrnut\u00ed: V p\u0159\u00edpad\u011b pot\u00ed\u017e\u00ed s GDPR se obra\u0165te na odborn\u00edky\">Shrnut\u00ed: V p\u0159\u00edpad\u011b pot\u00ed\u017e\u00ed s GDPR se obra\u0165te na odborn\u00edky<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/gdpr-extraterritorial-application\/#Predstaveni_opatreni_nasi_kancelare\" title=\"P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e\">P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Rozsah_pusobnosti_GDPR\"><\/span>Rozsah p\u016fsobnosti GDPR<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/jyosei.jpg\" alt=\"\u017eena\" class=\"wp-image-63700\" \/><\/figure>\n\n\n\n<p>Podm\u00ednky, za kter\u00fdch se GDPR aplikuje, jsou stanoveny v \u010dl\u00e1nku 3 GDPR, kter\u00fd se zab\u00fdv\u00e1 \u201egeografick\u00fdm rozsahem p\u016fsobnosti\u201c. Rozsah p\u016fsobnosti GDPR se d\u011bl\u00ed na dv\u011b situace: kdy\u017e m\u00e1 subjekt z\u00e1kladnu v EU a kdy\u017e ji v EU nem\u00e1.<\/p>\n\n\n\n<p>Pro p\u0159\u00edpad, \u017ee m\u00e1 subjekt z\u00e1kladnu v EU, plat\u00ed n\u00e1sleduj\u00edc\u00ed:<\/p>\n\n\n\n<p>\u201eAplikuje se na zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f v r\u00e1mci \u010dinnost\u00ed z\u00e1kladny spr\u00e1vce nebo zpracovatele v EU, bez ohledu na to, zda se zpracov\u00e1n\u00ed prov\u00e1d\u00ed v EU.\u201c<\/p>\n\n\n\n<p>Reference: Japonsk\u00e1 komise pro ochranu osobn\u00edch \u00fadaj\u016f | \u201e<a href=\"https:\/\/www.ppc.go.jp\/files\/pdf\/gdpr-provisions-ja.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Obecn\u00e9 na\u0159\u00edzen\u00ed o ochran\u011b \u00fadaj\u016f (GDPR) \u2013 p\u0159edb\u011b\u017en\u00fd japonsk\u00fd p\u0159eklad[ja]<\/a>\u201c<\/p>\n\n\n\n<p>To znamen\u00e1, \u017ee pokud m\u00e1 spr\u00e1vce nebo zpracovatel z\u00e1kladnu v EU, GDPR se na n\u011bj vztahuje.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Spr\u00e1vce<\/td><td>Osoba, kter\u00e1 ur\u010duje \u00fa\u010dely a prost\u0159edky zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f<\/td><\/tr><tr><td>Zpracovatel<\/td><td>Osoba, kter\u00e1 zpracov\u00e1v\u00e1 osobn\u00ed \u00fadaje jm\u00e9nem spr\u00e1vce<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Pokud subjekt nem\u00e1 z\u00e1kladnu v EU, rozsah p\u016fsobnosti GDPR zahrnuje n\u00e1sleduj\u00edc\u00ed dva p\u0159\u00edpady:<\/p>\n\n\n\n<ol>\n<li>Kdy\u017e subjekt poskytuje zbo\u017e\u00ed nebo slu\u017eby osob\u00e1m v EU<\/li>\n\n\n\n<li>Kdy\u017e subjekt monitoruje chov\u00e1n\u00ed osob v EU<\/li>\n<\/ol>\n\n\n\n<p>GDPR klade p\u0159\u00edsn\u00e1 omezen\u00ed na p\u0159enos dat do zem\u00ed mimo EU a pro voln\u00fd p\u0159enos dat je vy\u017eadov\u00e1no \u201erozhodnut\u00ed o adekv\u00e1tnosti\u201c. Rozhodnut\u00ed o adekv\u00e1tnosti je ur\u010den\u00ed, kter\u00e9 se prov\u00e1d\u00ed po konzultaci s Evropskou komis\u00ed a je ud\u011blov\u00e1no zem\u00edm nebo region\u016fm, kter\u00e9 zaji\u0161\u0165uj\u00ed dostate\u010dnou \u00farove\u0148 ochrany osobn\u00edch \u00fadaj\u016f.<\/p>\n\n\n\n<p>Zem\u011b nebo regiony bez rozhodnut\u00ed o adekv\u00e1tnosti mus\u00ed pro p\u0159enos dat mimo EU prov\u00e9st postupy jako jsou SCC nebo BCR.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>SCC (Standardn\u00ed smluvn\u00ed dolo\u017eky)<\/td><td>Povinn\u00e9 polo\u017eky, kter\u00e9 mus\u00ed b\u00fdt zahrnuty do smlouvy o p\u0159enosu informac\u00ed<\/td><\/tr><tr><td>BCR (Z\u00e1vazn\u00e9 firemn\u00ed pravidla)<\/td><td>Politika ochrany osobn\u00edch \u00fadaj\u016f z\u00edskan\u00fdch z Evropsk\u00e9ho hospod\u00e1\u0159sk\u00e9ho prostoru (EHP) a pravidla pro sd\u00edlen\u00ed s p\u0159idru\u017een\u00fdmi spole\u010dnostmi mimo EHP<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Rozhodnut\u00ed o adekv\u00e1tnosti eliminuje pot\u0159ebu postup\u016f jako jsou SCC nebo BCR.<\/p>\n\n\n\n<p>Rozhodnut\u00ed o adekv\u00e1tnosti pro Japonsko bylo ozn\u00e1meno b\u011bhem pravideln\u00e9ho summitu mezi Japonskem a EU v \u010dervenci 2018 (Heisei 30), kde bylo ozn\u00e1meno, \u017ee se bude pracovat na zaveden\u00ed r\u00e1mce pro p\u0159enos osobn\u00edch \u00fadaj\u016f. N\u00e1sledn\u011b, dne 23. ledna 2019 (Heisei 31), Japonsko obdr\u017eelo rozhodnut\u00ed o adekv\u00e1tnosti a bylo vyd\u00e1no prohl\u00e1\u0161en\u00ed, \u017ee \u201eEU a Japonsko vz\u00e1jemn\u011b uzn\u00e1vaj\u00ed rovnocennou \u00farove\u0148 ochrany osobn\u00edch \u00fadaj\u016f\u201c.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Co_musi_delat_firmy_podlehajici_GDPR\"><\/span>Co mus\u00ed d\u011blat firmy podl\u00e9haj\u00edc\u00ed GDPR?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/thinki.jpg\" alt=\"Co mus\u00ed d\u011blat firmy podl\u00e9haj\u00edc\u00ed GDPR?\" class=\"wp-image-63702\" \/><\/figure>\n\n\n\n<p>Firmy, na kter\u00e9 se vztahuje GDPR, mus\u00ed splnit n\u00e1sleduj\u00edc\u00ed dv\u011b po\u017eadavky:<\/p>\n\n\n\n<ul>\n<li>Jmenov\u00e1n\u00ed z\u00e1stupce v EU\/UK<\/li>\n\n\n\n<li>Zahrnut\u00ed informac\u00ed do z\u00e1sad ochrany osobn\u00edch \u00fadaj\u016f<\/li>\n<\/ul>\n\n\n\n<p>Zde podrobn\u011b vysv\u011btl\u00edme ka\u017ed\u00fd z t\u011bchto bod\u016f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Jmenovani_zastupce_v_EUUK\"><\/span>Jmenov\u00e1n\u00ed z\u00e1stupce v EU\/UK<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u010cl\u00e1nek 27 GDPR stanov\u00ed povinnost jmenovat z\u00e1stupce v EU nebo UK v p\u0159\u00edpad\u011b, \u017ee se GDPR vztahuje mimo tyto oblasti.<\/p>\n\n\n\n<p>Z\u00e1stupcem se rozum\u00ed osoba jmenovan\u00e1 p\u00edsemn\u011b spr\u00e1vcem nebo zpracovatelem, kter\u00e1 zastupuje spr\u00e1vce nebo zpracovatele v povinnostech stanoven\u00fdch GDPR.<\/p>\n\n\n\n<p>Ne v\u0161echny firmy p\u016fsob\u00edc\u00ed v EU mus\u00ed jmenovat z\u00e1stupce. Firmy, kter\u00e9 nejsou povinny jmenovat z\u00e1stupce, jsou ty, kter\u00e9 (podle \u010dl\u00e1nku 27 GDPR):<\/p>\n\n\n\n<ul>\n<li>Nezab\u00fdvaj\u00ed se \u010dinnostmi podl\u00e9haj\u00edc\u00edmi GDPR, kter\u00e9 nejsou pouze p\u0159\u00edle\u017eitostn\u00e9, a z\u00e1rove\u0148 se nezab\u00fdvaj\u00ed zpracov\u00e1n\u00edm &#8220;zvl\u00e1\u0161tn\u00edch kategori\u00ed \u00fadaj\u016f&#8221; nebo &#8220;osobn\u00edch \u00fadaj\u016f t\u00fdkaj\u00edc\u00edch se trestn\u00edch odsouzen\u00ed a trestn\u00fdch \u010din\u016f&#8221; ve velk\u00e9m rozsahu, a pokud povaha, rozsah, kontext a \u00fa\u010dely zpracov\u00e1n\u00ed nep\u0159edstavuj\u00ed vysok\u00e9 riziko pro pr\u00e1va a svobody fyzick\u00fdch osob<\/li>\n\n\n\n<li>Nejsou ve\u0159ejn\u00fdmi org\u00e1ny nebo organizacemi<\/li>\n<\/ul>\n\n\n\n<p>Reference: Japonsk\u00e1 komise pro ochranu osobn\u00edch \u00fadaj\u016f | &#8216;<a href=\"https:\/\/www.ppc.go.jp\/files\/pdf\/gdpr-provisions-ja.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Obecn\u00e9 na\u0159\u00edzen\u00ed o ochran\u011b \u00fadaj\u016f (GDPR) &#8211; p\u0159edb\u011b\u017en\u00fd japonsk\u00fd p\u0159eklad[ja]<\/a>&#8216;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Zahrnuti_informaci_do_zasad_ochrany_osobnich_udaju\"><\/span>Zahrnut\u00ed informac\u00ed do z\u00e1sad ochrany osobn\u00edch \u00fadaj\u016f<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Firmy, na kter\u00e9 se vztahuje GDPR, mus\u00ed ve sv\u00fdch z\u00e1sad\u00e1ch ochrany osobn\u00edch \u00fadaj\u016f jasn\u011b uv\u00e9st, \u017ee maj\u00ed jmenovan\u00e9ho z\u00e1stupce.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Sankce_za_nejmenovani_zastupce\"><\/span>Sankce za nejmenov\u00e1n\u00ed z\u00e1stupce<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/penalty.jpg\" alt=\"Sank\u010dn\u00ed ustanoven\u00ed\" class=\"wp-image-63703\" \/><\/figure>\n\n\n\n<p>Je d\u016fle\u017eit\u00e9 si uv\u011bdomit, \u017ee pokud subjekt spad\u00e1 do p\u016fsobnosti Na\u0159\u00edzen\u00ed GDPR a p\u0159esto nejmenuje z\u00e1stupce, m\u016f\u017ee b\u00fdt podroben sankc\u00edm. Tyto sankce mohou dos\u00e1hnout a\u017e 1 000 eur nebo 2 % z celosv\u011btov\u00e9ho obratu, podle toho, kter\u00e1 \u010d\u00e1stka je vy\u0161\u0161\u00ed (\u010dl\u00e1nek 84 odstavec 4 Na\u0159\u00edzen\u00ed GDPR).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Povinnosti_zastupce\"><\/span>Povinnosti z\u00e1stupce<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/jyosei2.jpg\" alt=\"\u017dena z\u00e1stupce\" class=\"wp-image-63704\" \/><\/figure>\n\n\n\n<p>Pokud se na v\u00e1s vztahuje p\u016fsobnost GDPR, mus\u00edte v z\u00e1sad\u011b jmenovat z\u00e1stupce. Jak\u00e9 povinnosti jsou pak od z\u00e1stupce vy\u017eadov\u00e1ny? V n\u00e1sleduj\u00edc\u00edm textu podrobn\u011b vysv\u011btl\u00edme povinnosti z\u00e1stupce.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Zpracovani_zaznamu_podle_clanku_30\"><\/span>Zpracov\u00e1n\u00ed z\u00e1znam\u016f podle \u010dl\u00e1nku 30<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Spr\u00e1vci nebo zpracovatel\u00e9, kte\u0159\u00ed maj\u00ed z\u00e1stupce v zem\u00edch EU, mus\u00ed se sv\u00fdm z\u00e1stupcem sd\u00edlet z\u00e1znamy o sv\u00e9m zpracov\u00e1n\u00ed. Z\u00e1stupce je pak povinen tyto z\u00e1znamy uchov\u00e1vat stejn\u011b jako spr\u00e1vce nebo zpracovatel (\u010dl\u00e1nek 30 GDPR).<\/p>\n\n\n\n<p>Mezi obsah, kter\u00fd je nutn\u00e9 zaznamenat, pat\u0159\u00ed nap\u0159\u00edklad:<\/p>\n\n\n\n<ul>\n<li>Jm\u00e9na a kontaktn\u00ed \u00fadaje spr\u00e1vce, DPO (Data Protection Officer &#8211; \u00da\u0159ad pro ochranu osobn\u00edch \u00fadaj\u016f) a dal\u0161\u00edch<\/li>\n\n\n\n<li>\u00da\u010dely zpracov\u00e1n\u00ed<\/li>\n\n\n\n<li>Kategorie subjekt\u016f \u00fadaj\u016f a typy zpracov\u00e1van\u00fdch \u00fadaj\u016f<\/li>\n\n\n\n<li>Doba uchov\u00e1n\u00ed<\/li>\n\n\n\n<li>Term\u00edn smaz\u00e1n\u00ed<\/li>\n<\/ul>\n\n\n\n<p>Subjektem \u00fadaj\u016f se rozum\u00ed identifikovan\u00e1 nebo identifikovateln\u00e1 fyzick\u00e1 osoba, na kterou se vztahuj\u00ed osobn\u00ed \u00fadaje.<\/p>\n\n\n\n<p>V p\u0159\u00edpad\u011b po\u017eadavku od dozorov\u00e9ho org\u00e1nu je nutn\u00e9 m\u00edt tyto z\u00e1znamy o zpracov\u00e1n\u00ed k dispozici.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Reakce_na_dotazy_subjektu_udaju_nebo_dozorovych_organu\"><\/span>Reakce na dotazy subjekt\u016f \u00fadaj\u016f nebo dozorov\u00fdch org\u00e1n\u016f<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>V p\u0159\u00edpad\u011b dotaz\u016f od subjekt\u016f \u00fadaj\u016f nebo dozorov\u00fdch org\u00e1n\u016f je z\u00e1stupce povinen zastupovat spr\u00e1vce nebo zpracovatele a reagovat na dotazy subjekt\u016f \u00fadaj\u016f nebo dozorov\u00fdch org\u00e1n\u016f (\u010dl\u00e1nek 27 odstavec 3 GDPR). Nap\u0159\u00edklad, pokud subjekt \u00fadaj\u016f po\u017eaduje informace, mus\u00ed spr\u00e1vce poskytnout informace do jednoho m\u011bs\u00edce (\u010dl\u00e1nek 12 odstavec 3 GDPR). Z\u00e1stupce je tak\u00e9 povinen spolupracovat s dozorov\u00fdm org\u00e1nem a reagovat na jeho po\u017eadavky (\u010dl\u00e1nek 31 GDPR).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Q_A_k_aplikaci_Narizeni_GDPR\"><\/span>Q&amp;A k aplikaci Na\u0159\u00edzen\u00ed GDPR<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/faq.jpg\" alt=\"FAQ\" class=\"wp-image-63705\" \/><\/figure>\n\n\n\n<p>V n\u00e1sleduj\u00edc\u00edm textu odpov\u00edd\u00e1me na \u010dasto kladen\u00e9 ot\u00e1zky t\u00fdkaj\u00edc\u00ed se aplikace Na\u0159\u00edzen\u00ed GDPR.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Je_nutne_se_prizpusobit_GDPR_i_kdyz_neplanujeme_expanzi_do_zahranici\"><\/span>Je nutn\u00e9 se p\u0159izp\u016fsobit GDPR, i kdy\u017e nepl\u00e1nujeme expanzi do zahrani\u010d\u00ed?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Z\u00e1kladn\u011b, pokud nepl\u00e1nujete expanzi do zahrani\u010d\u00ed, nen\u00ed nutn\u00e9 se p\u0159izp\u016fsobovat GDPR. Nicm\u00e9n\u011b, i kdy\u017e neexpandujete, je t\u0159eba b\u00fdt opatrn\u00fd, pokud existuje mo\u017enost z\u00edsk\u00e1n\u00ed dat od jednotlivc\u016f z EU.<\/p>\n\n\n\n<p>Jako p\u0159\u00edklady lze uv\u00e9st n\u00e1sleduj\u00edc\u00ed situace:<\/p>\n\n\n\n<ul>\n<li>Provozujete e-shop a obdr\u017eeli jste dotaz nebo objedn\u00e1vku od osoby z EU.<\/li>\n\n\n\n<li>Z\u00edskali jste online identifik\u00e1tory (IP adresy nebo cookies) osob z EU prost\u0159ednictv\u00edm prohl\u00ed\u017een\u00ed va\u0161eho webu.<\/li>\n\n\n\n<li>Z\u00edskali jste e-mailovou adresu p\u0159i odpov\u00edd\u00e1n\u00ed na dotazy od osob z EU.<\/li>\n<\/ul>\n\n\n\n<p>I kdy\u017e ne\u00famysln\u011b z\u00edsk\u00e1te osobn\u00ed data osob z EU, pokud nespad\u00e1te do geografick\u00e9ho rozsahu p\u016fsobnosti, nen\u00ed nutn\u00e9 se p\u0159izp\u016fsobovat GDPR a nevznik\u00e1 v\u00e1m \u017e\u00e1dn\u00fd probl\u00e9m.<\/p>\n\n\n\n<p>Pamatujte si, \u017ee je nutn\u00e9 se p\u0159izp\u016fsobit GDPR pouze v p\u0159\u00edpad\u011b, \u017ee m\u00e1te z\u00e1kladnu v EU, nebo i bez z\u00e1kladny v EU, pokud spl\u0148ujete n\u00e1sleduj\u00edc\u00ed dv\u011b krit\u00e9ria:<\/p>\n\n\n\n<ol>\n<li>Poskytujete zbo\u017e\u00ed nebo slu\u017eby osob\u00e1m v EU.<\/li>\n\n\n\n<li>Monitorujete chov\u00e1n\u00ed osob v EU.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Jake_kroky_je_treba_podniknout_pri_spusteni_preshranicniho_e-commerce_webu_zamereneho_na_EU\"><\/span>Jak\u00e9 kroky je t\u0159eba podniknout p\u0159i spu\u0161t\u011bn\u00ed p\u0159eshrani\u010dn\u00edho e-commerce webu zam\u011b\u0159en\u00e9ho na EU?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>P\u0159i spu\u0161t\u011bn\u00ed p\u0159eshrani\u010dn\u00edho e-commerce webu zam\u011b\u0159en\u00e9ho na EU m\u016f\u017ee doj\u00edt k z\u00edsk\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f osob v EU. Mezi informace, kter\u00e9 mohou b\u00fdt z\u00edsk\u00e1ny, pat\u0159\u00ed:<\/p>\n\n\n\n<ul>\n<li>Jm\u00e9no<\/li>\n\n\n\n<li>E-mailov\u00e1 adresa<\/li>\n\n\n\n<li>Adresa bydli\u0161t\u011b<\/li>\n\n\n\n<li>Informace o kreditn\u00ed kart\u011b<\/li>\n\n\n\n<li>Informace o n\u00e1kupu<\/li>\n\n\n\n<li>Geoloka\u010dn\u00ed \u00fadaje<\/li>\n\n\n\n<li>IP adresa &amp; Cookie ID<\/li>\n<\/ul>\n\n\n\n<p>P\u0159i z\u00edsk\u00e1v\u00e1n\u00ed t\u011bchto informac\u00ed je nutn\u00e9 dodr\u017eovat pravidla GDPR, proto\u017ee se jedn\u00e1 o osobn\u00ed \u00fadaje definovan\u00e9 v GDPR.<\/p>\n\n\n\n<p>Prvn\u00edm krokem by m\u011bla b\u00fdt revize a aktualizace va\u0161\u00ed politiky ochrany osobn\u00edch \u00fadaj\u016f a zve\u0159ejn\u011bn\u00ed upraven\u00e9ho prohl\u00e1\u0161en\u00ed o ochran\u011b soukrom\u00ed v souladu s GDPR.<br>Souvisej\u00edc\u00ed \u010dl\u00e1nek: <a href=\"https:\/\/monolith.law\/corporate\/gdpr-privacy-policy\" target=\"_blank\" rel=\"noreferrer noopener\">Jak vytvo\u0159it politiku ochrany osobn\u00edch \u00fadaj\u016f v souladu s GDPR![ja]<\/a><\/p>\n\n\n\n<p>N\u00e1sledn\u011b byste m\u011bli postupovat podle n\u00e1sleduj\u00edc\u00edch krok\u016f:<\/p>\n\n\n\n<ol>\n<li>Zaveden\u00ed politiky pou\u017e\u00edv\u00e1n\u00ed cookies a z\u00edsk\u00e1n\u00ed souhlasu s jejich pou\u017e\u00edv\u00e1n\u00edm od prvn\u00edch n\u00e1v\u0161t\u011bvn\u00edk\u016f e-commerce webu<\/li>\n\n\n\n<li>Z\u00edsk\u00e1n\u00ed souhlasu s &#8220;zpracov\u00e1n\u00edm osobn\u00edch \u00fadaj\u016f&#8221; p\u0159i z\u00edsk\u00e1v\u00e1n\u00ed osobn\u00edch informac\u00ed<\/li>\n\n\n\n<li>Implementace bezpe\u010dnostn\u00edch opat\u0159en\u00ed pro ochranu osobn\u00edch \u00fadaj\u016f a prevenci jejich \u00faniku<\/li>\n\n\n\n<li>Jmenov\u00e1n\u00ed z\u00e1stupce<\/li>\n<\/ol>\n\n\n\n<p>Krom\u011b toho byste m\u011bli podle pot\u0159eby p\u0159ezkoumat intern\u00ed pravidla, vytvo\u0159it manu\u00e1ly pro dodr\u017eov\u00e1n\u00ed GDPR a p\u0159ehodnotit smluvn\u00ed podm\u00ednky s extern\u00edmi dodavateli.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Jaky_je_rozdil_mezi_GDPR_a_UK_GDPR\"><\/span>Jak\u00fd je rozd\u00edl mezi GDPR a UK GDPR?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>UK GDPR je obecn\u00e9 na\u0159\u00edzen\u00ed o ochran\u011b osobn\u00edch \u00fadaj\u016f ve Velk\u00e9 Brit\u00e1nii. UK GDPR bylo zavedeno v souvislosti s odchodem Velk\u00e9 Brit\u00e1nie z EU a vstoupilo v platnost 1. ledna 2021 (Reiwa 3). GDPR je na\u0159\u00edzen\u00ed EU a ve Velk\u00e9 Brit\u00e1nii se neuplat\u0148uje.<\/p>\n\n\n\n<p>UK GDPR se uplat\u0148uje v n\u00e1sleduj\u00edc\u00edch p\u0159\u00edpadech:<\/p>\n\n\n\n<ol>\n<li>Kdy\u017e poskytujete zbo\u017e\u00ed nebo slu\u017eby osob\u00e1m ve Velk\u00e9 Brit\u00e1nii.<\/li>\n\n\n\n<li>Kdy\u017e monitorujete chov\u00e1n\u00ed osob ve Velk\u00e9 Brit\u00e1nii.<\/li>\n<\/ol>\n\n\n\n<p>Pokud rozv\u00edj\u00edte sv\u00e9 podnik\u00e1n\u00ed ve Velk\u00e9 Brit\u00e1nii a v EU, je t\u0159eba se p\u0159izp\u016fsobit jak GDPR, tak UK GDPR.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Shrnuti_V_pripade_potizi_s_GDPR_se_obratte_na_odborniky\"><\/span>Shrnut\u00ed: V p\u0159\u00edpad\u011b pot\u00ed\u017e\u00ed s GDPR se obra\u0165te na odborn\u00edky<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/12\/senmonka.jpg\" alt=\"Mu\u017e odborn\u00edk\" class=\"wp-image-63706\" \/><\/figure>\n\n\n\n<p>Pokud m\u00e1te z\u00e1kladnu v EU nebo i bez z\u00e1kladny v EU poskytujete zbo\u017e\u00ed \u010di slu\u017eby osob\u00e1m v EU nebo sledujete chov\u00e1n\u00ed osob, spad\u00e1te do p\u016fsobnosti GDPR. Podniky podl\u00e9haj\u00edc\u00ed GDPR mus\u00ed v EU jmenovat z\u00e1stupce a ve sv\u00e9 z\u00e1sad\u011b ochrany osobn\u00edch \u00fadaj\u016f mus\u00ed tuto skute\u010dnost jasn\u011b uv\u00e9st.<\/p>\n\n\n\n<p>Nejmenov\u00e1n\u00ed z\u00e1stupce m\u016f\u017ee v\u00e9st k vysok\u00fdm sank\u010dn\u00edm pokut\u00e1m. Podniky, kter\u00e9 se rozv\u00edjej\u00ed nebo pl\u00e1nuj\u00ed expanzi v EU, by m\u011bly v souladu s GDPR jmenovat z\u00e1stupce.<\/p>\n\n\n\n<p>Pokud si nejste jisti, zda se va\u0161e spole\u010dnost nach\u00e1z\u00ed v r\u00e1mci p\u016fsobnosti GDPR, doporu\u010dujeme konzultaci s odborn\u00edkem na mezin\u00e1rodn\u00ed pr\u00e1vo.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Predstaveni_opatreni_nasi_kancelare\"><\/span>P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Advok\u00e1tn\u00ed kancel\u00e1\u0159 Monolith je pr\u00e1vn\u00ed firma s bohat\u00fdmi zku\u0161enostmi v oblasti IT, zejm\u00e9na internetu a pr\u00e1va. V posledn\u00edch letech se glob\u00e1ln\u00ed podnik\u00e1n\u00ed neust\u00e1le roz\u0161i\u0159uje a pot\u0159eba pr\u00e1vn\u00edho dohledu odborn\u00edky st\u00e1le roste. Na\u0161e kancel\u00e1\u0159 poskytuje \u0159e\u0161en\u00ed v oblasti mezin\u00e1rodn\u00edho pr\u00e1va.<\/p>\n\n\n\n<p>Oblasti p\u016fsobnosti advok\u00e1tn\u00ed kancel\u00e1\u0159e Monolith: <a href=\"https:\/\/monolith.law\/global-jpn2fgn\" target=\"_blank\" rel=\"noreferrer noopener\">Mezin\u00e1rodn\u00ed pr\u00e1vn\u00ed slu\u017eby a zahrani\u010dn\u00ed podnik\u00e1n\u00ed[ja]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GDPR je pravidlo stanoven\u00e9 EU, kter\u00e9 ur\u010duje ochranu osobn\u00edch \u00fadaj\u016f a jejich zpracov\u00e1n\u00ed. Pokud rozv\u00edj\u00edte sv\u00e9 produkty nebo slu\u017eby v r\u00e1mci EU, m\u016f\u017ee se na v\u00e1s GDPR vztahovat. Nicm\u00e9n\u011b, m\u016f\u017ee b\u00fdt nejasn\u00e9, z [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":64342,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[24,29],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/62809"}],"collection":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/comments?post=62809"}],"version-history":[{"count":2,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/62809\/revisions"}],"predecessor-version":[{"id":64343,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/62809\/revisions\/64343"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media\/64342"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media?parent=62809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/categories?post=62809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/tags?post=62809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}