{"id":66015,"date":"2025-07-29T19:55:08","date_gmt":"2025-07-29T10:55:08","guid":{"rendered":"https:\/\/monolith.law\/cs\/?p=66015"},"modified":"2025-08-21T15:01:47","modified_gmt":"2025-08-21T06:01:47","slug":"personal-information-cloud-exceptions","status":"publish","type":"post","link":"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions","title":{"rendered":"Co je to \"v\u00fdjimka pro cloud\" v z\u00e1kon\u011b o ochran\u011b osobn\u00edch \u00fadaj\u016f? Vysv\u011btlen\u00ed na z\u00e1klad\u011b skute\u010dn\u00fdch p\u0159\u00edpad\u016f administrativn\u00edho veden\u00ed poskytovatel\u016f cloudov\u00fdch slu\u017eeb."},"content":{"rendered":"\n<p>Podniky, kter\u00e9 se zab\u00fdvaj\u00ed osobn\u00edmi \u00fadaji, jsou podle japonsk\u00e9ho z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f (Personal Information Protection Law) podrobeny r\u016fzn\u00fdm regulac\u00edm ve zpracov\u00e1n\u00ed t\u011bchto informac\u00ed. Na\u0161e osobn\u00ed \u00fadaje jsou \u00fazce spojeny s na\u0161\u00edm soukrom\u00edm a zahrnuj\u00ed d\u016fle\u017eit\u00e9 informace t\u00fdkaj\u00edc\u00ed se fyzick\u00fdch charakteristik nebo majetku, tak\u017ee je zcela logick\u00e9, \u017ee jsou stanoveny p\u0159\u00edsn\u00e9 pravidla.<\/p>\n\n\n\n<p>Av\u0161ak tento z\u00e1kon tak\u00e9 stanov\u00ed n\u011bkter\u00e9 v\u00fdjimky. Jednou z nich je takzvan\u00e1 &#8220;cloudov\u00e1 v\u00fdjimka&#8221;.<\/p>\n\n\n\n<p>Co tedy &#8220;cloudov\u00e1 v\u00fdjimka&#8221; znamen\u00e1? V tomto \u010dl\u00e1nku vysv\u011btl\u00edme na p\u0159\u00edkladu spole\u010dnosti MK System, kter\u00e1 byla podrobena administrativn\u00edmu veden\u00ed v roce Reiwa 6 (2024), co p\u0159esn\u011b &#8220;cloudov\u00e1 v\u00fdjimka&#8221; obn\u00e1\u0161\u00ed a jak\u00e9 jsou podm\u00ednky pro jej\u00ed uplatn\u011bn\u00ed.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Zasady_a_vyjimky_pri_poskytovani_osobnich_udaju_tretim_stranam_podle_japonskeho_prava\" title=\"Z\u00e1sady a v\u00fdjimky p\u0159i poskytov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f t\u0159et\u00edm stran\u00e1m podle japonsk\u00e9ho pr\u00e1va\">Z\u00e1sady a v\u00fdjimky p\u0159i poskytov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f t\u0159et\u00edm stran\u00e1m podle japonsk\u00e9ho pr\u00e1va<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Zasady_poskytovani_osobnich_udaju_tretim_stranam_podle_zakona_o_ochrane_osobnich_udaju_v_Japonsku\" title=\"Z\u00e1sady poskytov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f t\u0159et\u00edm stran\u00e1m podle z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f v Japonsku\">Z\u00e1sady poskytov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f t\u0159et\u00edm stran\u00e1m podle z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f v Japonsku<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Co_je_vyjimka_pro_cloud_podle_japonskeho_prava\" title=\"Co je v\u00fdjimka pro cloud podle japonsk\u00e9ho pr\u00e1va\">Co je v\u00fdjimka pro cloud podle japonsk\u00e9ho pr\u00e1va<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Administrativni_vedeni_spolecnosti_MK_System_podle_japonskeho_zakona_o_ochrane_osobnich_udaju\" title=\"Administrativn\u00ed veden\u00ed spole\u010dnosti MK System podle japonsk\u00e9ho z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f\">Administrativn\u00ed veden\u00ed spole\u010dnosti MK System podle japonsk\u00e9ho z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Prehled_pripadu\" title=\"P\u0159ehled p\u0159\u00edpadu\">P\u0159ehled p\u0159\u00edpadu<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Obsah_administrativniho_vedeni\" title=\"Obsah administrativn\u00edho veden\u00ed\">Obsah administrativn\u00edho veden\u00ed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Upozorneni_od_Japonske_komise_pro_ochranu_osobnich_udaju\" title=\"Upozorn\u011bn\u00ed od Japonsk\u00e9 komise pro ochranu osobn\u00edch \u00fadaj\u016f\">Upozorn\u011bn\u00ed od Japonsk\u00e9 komise pro ochranu osobn\u00edch \u00fadaj\u016f<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Pozorovani_pro_poskytovatele_cloudovych_sluzeb_podle_japonskeho_prava\" title=\"Pozorov\u00e1n\u00ed pro poskytovatele cloudov\u00fdch slu\u017eeb podle japonsk\u00e9ho pr\u00e1va\">Pozorov\u00e1n\u00ed pro poskytovatele cloudov\u00fdch slu\u017eeb podle japonsk\u00e9ho pr\u00e1va<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Znovu_zkontrolujte_zda_jsou_splneny_pozadavky_pro_vyjimku_cloudovych_sluzeb\" title=\"Znovu zkontrolujte, zda jsou spln\u011bny po\u017eadavky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb\">Znovu zkontrolujte, zda jsou spln\u011bny po\u017eadavky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Pokud_nesplnujete_pozadavky_pro_vyjimku_cloudovych_sluzeb_musite_se_postarat_o_dohled_nad_subdodavateli\" title=\"Pokud nespl\u0148ujete po\u017eadavky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb, mus\u00edte se postarat o dohled nad subdodavateli\">Pokud nespl\u0148ujete po\u017eadavky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb, mus\u00edte se postarat o dohled nad subdodavateli<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Shrnuti_Ochrana_osobnich_udaju_v_cloudovych_sluzbach_%E2%80%93_konzultujte_s_pravnikem\" title=\"Shrnut\u00ed: Ochrana osobn\u00edch \u00fadaj\u016f v cloudov\u00fdch slu\u017eb\u00e1ch \u2013 konzultujte s pr\u00e1vn\u00edkem\">Shrnut\u00ed: Ochrana osobn\u00edch \u00fadaj\u016f v cloudov\u00fdch slu\u017eb\u00e1ch \u2013 konzultujte s pr\u00e1vn\u00edkem<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/monolith.law\/cs\/it\/personal-information-cloud-exceptions\/#Predstaveni_opatreni_nasi_kancelare\" title=\"P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e\">P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Zasady_a_vyjimky_pri_poskytovani_osobnich_udaju_tretim_stranam_podle_japonskeho_prava\"><\/span>Z\u00e1sady a v\u00fdjimky p\u0159i poskytov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f t\u0159et\u00edm stran\u00e1m podle japonsk\u00e9ho pr\u00e1va<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2025\/05\/b220cbcc20a6fcb8115bfe357ec9f5f6.jpg\" alt=\"Z\u00e1sady a v\u00fdjimky p\u0159i poskytov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f t\u0159et\u00edm stran\u00e1m podle japonsk\u00e9ho pr\u00e1va\" class=\"wp-image-137683\" \/><\/figure>\n\n\n\n<p>Nejprve si probereme z\u00e1sady a v\u00fdjimky, kter\u00e9 se vztahuj\u00ed na poskytov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f t\u0159et\u00edm stran\u00e1m podle Z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f v Japonsku.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Zasady_poskytovani_osobnich_udaju_tretim_stranam_podle_zakona_o_ochrane_osobnich_udaju_v_Japonsku\"><\/span>Z\u00e1sady poskytov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f t\u0159et\u00edm stran\u00e1m podle z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f v Japonsku<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Kdy\u017e subjekty zpracov\u00e1vaj\u00edc\u00ed osobn\u00ed \u00fadaje vyu\u017e\u00edvaj\u00ed cloudov\u00e9 slu\u017eby, pova\u017euje se to za &#8220;p\u0159enech\u00e1n\u00ed zpracov\u00e1n\u00ed v\u0161ech nebo \u010d\u00e1sti osobn\u00edch dat&#8221; podle \u010dl\u00e1nku 27 odstavec 5 bod 1 z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f (z\u00e1kon \u010d. 27 odstavec 5 bod 1), a na z\u00e1klad\u011b \u010dl\u00e1nku 25 tohoto z\u00e1kona je z\u00e1sadou, \u017ee mus\u00ed prov\u00e1d\u011bt nezbytn\u00fd a vhodn\u00fd dohled nad poskytovatelem cloudov\u00fdch slu\u017eeb.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Co_je_vyjimka_pro_cloud_podle_japonskeho_prava\"><\/span>Co je v\u00fdjimka pro cloud podle japonsk\u00e9ho pr\u00e1va<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Tato v\u00fdjimka je zn\u00e1m\u00e1 jako &#8220;v\u00fdjimka pro cloud&#8221;.<\/p>\n\n\n\n<p>Term\u00edn &#8220;poskytovatel cloudov\u00fdch slu\u017eeb&#8221; zde ozna\u010duje spole\u010dnosti, kter\u00e9 p\u0159edev\u0161\u00edm poskytuj\u00ed IT infrastrukturu, jako jsou \u00falo\u017ei\u0161t\u011b a servery (IaaS\/PaaS), a nab\u00edzej\u00ed slu\u017eby ukl\u00e1d\u00e1n\u00ed a zpracov\u00e1n\u00ed dat jin\u00fdch spole\u010dnost\u00ed prost\u0159ednictv\u00edm internetu. Mezi tyto poskytovatele pat\u0159\u00ed nap\u0159\u00edklad:<\/p>\n\n\n\n<ul>\n<li>Amazon Web Services (AWS): Slu\u017ebu poskytuje americk\u00e1 spole\u010dnost Amazon, kterou vyu\u017e\u00edv\u00e1 mnoho japonsk\u00fdch firem.<\/li>\n\n\n\n<li>Microsoft Azure: Cloudov\u00e1 platforma od spole\u010dnosti Microsoft, kter\u00e1 m\u00e1 mnoho p\u0159\u00edpad\u016f implementace ve ve\u0159ejn\u00e9 spr\u00e1v\u011b.<\/li>\n\n\n\n<li>Google Cloud Platform (GCP): Slu\u017ebu poskytuje Google, kter\u00fd se specializuje na AI a zpracov\u00e1n\u00ed velk\u00fdch dat.<\/li>\n<\/ul>\n\n\n\n<p>V\u00fdjimka pro cloud se t\u00fdk\u00e1 situac\u00ed, kdy podniky poskytuj\u00edc\u00ed SaaS (Software as a Service) vyv\u00edjej\u00ed syst\u00e9my na cloudov\u00e9 infrastruktu\u0159e (IaaS nebo PaaS) t\u011bchto poskytovatel\u016f a n\u00e1sledn\u011b je nab\u00edzej\u00ed sv\u00fdm z\u00e1kazn\u00edk\u016fm, p\u0159i\u010dem\u017e se zab\u00fdvaj\u00ed osobn\u00edmi daty.<\/p>\n\n\n\n<p>V Q&amp;A k &#8220;Sm\u011brnic\u00edm k z\u00e1konu o ochran\u011b osobn\u00edch \u00fadaj\u016f&#8221; vydan\u00fdm Japonskou komis\u00ed pro ochranu osobn\u00edch \u00fadaj\u016f je o poskytovatel\u00edch cloudov\u00fdch slu\u017eeb uvedeno n\u00e1sleduj\u00edc\u00ed v bod\u011b 7-53:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<p>(Pokud se nejedn\u00e1 o t\u0159et\u00ed stranu) Q7-53: Mus\u00ed subjekt zpracov\u00e1vaj\u00edc\u00ed osobn\u00ed \u00fadaje z\u00edskat &#8220;souhlas subjektu \u00fadaj\u016f&#8221; (podle \u010dl\u00e1nku 27 odstavec 1) v p\u0159\u00edpad\u011b, \u017ee vyu\u017e\u00edv\u00e1 extern\u00edho poskytovatele, jako je cloudov\u00e1 slu\u017eba, pro informa\u010dn\u00ed syst\u00e9m zpracov\u00e1vaj\u00edc\u00ed elektronick\u00e1 data obsahuj\u00edc\u00ed osobn\u00ed \u00fadaje? Nebo je t\u0159eba, aby subjekt podle \u010dl\u00e1nku 25 dohl\u00ed\u017eel na poskytovatele cloudov\u00fdch slu\u017eeb, proto\u017ee &#8220;p\u0159enechal zpracov\u00e1n\u00ed v\u0161ech nebo \u010d\u00e1sti osobn\u00edch \u00fadaj\u016f&#8221; (podle \u010dl\u00e1nku 27 odstavec 5 bod 1)?<\/p>\n\n\n\n<p>A7-53: Existuje mnoho r\u016fzn\u00fdch forem cloudov\u00fdch slu\u017eeb, ale ot\u00e1zka, zda vyu\u017eit\u00ed cloudov\u00e9 slu\u017eby p\u0159edstavuje poskytov\u00e1n\u00ed \u00fadaj\u016f t\u0159et\u00ed stran\u011b vy\u017eaduj\u00edc\u00ed souhlas subjektu \u00fadaj\u016f (podle \u010dl\u00e1nku 27 odstavec 1) nebo zda jde o p\u0159enech\u00e1n\u00ed (podle \u010dl\u00e1nku 27 odstavec 5 bod 1), z\u00e1vis\u00ed ne na tom, zda ulo\u017een\u00e1 elektronick\u00e1 data obsahuj\u00ed osobn\u00ed \u00fadaje, ale na tom, zda poskytovatel cloudov\u00fdch slu\u017eeb zpracov\u00e1v\u00e1 osobn\u00ed \u00fadaje. Pokud poskytovatel cloudov\u00fdch slu\u017eeb nezpracov\u00e1v\u00e1 dan\u00e9 osobn\u00ed \u00fadaje, pak subjekt zpracov\u00e1vaj\u00edc\u00ed osobn\u00ed \u00fadaje neposkytl osobn\u00ed \u00fadaje t\u0159et\u00ed stran\u011b a nen\u00ed t\u0159eba z\u00edsk\u00e1vat &#8220;souhlas subjektu \u00fadaj\u016f&#8221;. V\u00fd\u0161e uveden\u00fd p\u0159\u00edpad tak\u00e9 nep\u0159edstavuje p\u0159enech\u00e1n\u00ed zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f, a proto nen\u00ed podle \u010dl\u00e1nku 25 povinnost\u00ed dohl\u00ed\u017eet na poskytovatele cloudov\u00fdch slu\u017eeb. Pokud poskytovatel cloudov\u00fdch slu\u017eeb nezpracov\u00e1v\u00e1 dan\u00e9 osobn\u00ed \u00fadaje, viz Q7-54 pro p\u0159\u00edstup k bezpe\u010dnostn\u00edm opat\u0159en\u00edm subjektu zpracov\u00e1vaj\u00edc\u00edho osobn\u00ed \u00fadaje. P\u0159\u00edpad, kdy poskytovatel cloudov\u00fdch slu\u017eeb nezpracov\u00e1v\u00e1 osobn\u00ed \u00fadaje, m\u016f\u017ee nastat, pokud jsou v smluvn\u00edch podm\u00ednk\u00e1ch stanoveny ustanoven\u00ed, \u017ee extern\u00ed poskytovatel nebude zpracov\u00e1vat osobn\u00ed \u00fadaje ulo\u017een\u00e9 na serveru, a jsou zavedena vhodn\u00e1 opat\u0159en\u00ed pro kontrolu p\u0159\u00edstupu. Vztah k \u010dl\u00e1nku 28 je vysv\u011btlen v Q12-3.<\/p>\n<cite><a href=\"https:\/\/www.ppc.go.jp\/personalinfo\/faq\/APPI_QA\/\" target=\"_blank\" rel=\"noreferrer noopener\">Q&amp;A k &#8220;Sm\u011brnic\u00edm k z\u00e1konu o ochran\u011b osobn\u00edch \u00fadaj\u016f&#8221;[ja]<\/a><em>\uff5cJaponsk\u00e1 komise pro ochranu osobn\u00edch \u00fadaj\u016f<\/em><\/cite><\/blockquote>\n\n\n\n<p>Jin\u00fdmi slovy, pokud u\u017eivatel cloudov\u00fdch slu\u017eeb spln\u00ed v\u00fdjime\u010dn\u00e9 po\u017eadavky, nen\u00ed nutn\u00e9 dohl\u00ed\u017eet na poskytovatele cloudov\u00fdch slu\u017eeb. Aby bylo mo\u017en\u00e9 uznat v\u00fdjimku pro cloud, je t\u0159eba splnit n\u00e1sleduj\u00edc\u00ed dv\u011b podm\u00ednky:<\/p>\n\n\n\n<ul>\n<li>Smluvn\u00ed ustanoven\u00ed stanov\u00ed, \u017ee extern\u00ed poskytovatel nebude zpracov\u00e1vat osobn\u00ed \u00fadaje ulo\u017een\u00e9 na serveru<\/li>\n\n\n\n<li>Jsou zavedena vhodn\u00e1 opat\u0159en\u00ed pro kontrolu p\u0159\u00edstupu<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Administrativni_vedeni_spolecnosti_MK_System_podle_japonskeho_zakona_o_ochrane_osobnich_udaju\"><\/span>Administrativn\u00ed veden\u00ed spole\u010dnosti MK System podle japonsk\u00e9ho z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Dne 25. b\u0159ezna roku Reiwa 6 (2024) provedla Japonsk\u00e1 komise pro ochranu osobn\u00edch \u00fadaj\u016f podle \u010dl\u00e1nku 147 z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f veden\u00ed spole\u010dnosti MK System. Toto veden\u00ed bylo reakc\u00ed na rozs\u00e1hl\u00fd \u00fanik informac\u00ed, kter\u00fd se t\u00fdkal p\u0159ibli\u017en\u011b 7,5 milionu lid\u00ed. V d\u016fsledku t\u00e9to ud\u00e1losti vydala Japonsk\u00e1 komise pro ochranu osobn\u00edch \u00fadaj\u016f upozorn\u011bn\u00ed na to, co by poskytovatel\u00e9 cloudov\u00fdch slu\u017eeb m\u011bli vz\u00edt v \u00favahu, pokud se st\u00e1vaj\u00ed zpracovateli osobn\u00edch \u00fadaj\u016f podle z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f.<\/p>\n\n\n\n<p>Reference: <a href=\"https:\/\/www.ppc.go.jp\/news\/careful_information\/240325_alert_cloud_service_provider\/\" target=\"_blank\" rel=\"noreferrer noopener\">Japonsk\u00e1 komise pro ochranu osobn\u00edch \u00fadaj\u016f | Upozorn\u011bn\u00ed na to, co by poskytovatel\u00e9 cloudov\u00fdch slu\u017eeb m\u011bli vz\u00edt v \u00favahu, pokud se st\u00e1vaj\u00ed zpracovateli osobn\u00edch \u00fadaj\u016f podle z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f[ja]<\/a><\/p>\n\n\n\n<p>Poj\u010fme se pod\u00edvat na p\u0159\u00edpad administrativn\u00edho veden\u00ed spole\u010dnosti MK System, kter\u00e9 se t\u00fdkalo v\u00fdjimky pro cloud podle z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Prehled_pripadu\"><\/span>P\u0159ehled p\u0159\u00edpadu<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Spole\u010dnost MK System Co., Ltd. vyu\u017e\u00edvala servery Tencent Cloud v \u010c\u00edn\u011b k vytvo\u0159en\u00ed syst\u00e9mu podpory pro soci\u00e1ln\u00ed poji\u0161t\u011bn\u00ed a person\u00e1ln\u011b-mzdov\u00e9 \u00fakony a poskytovala tento servis u\u017eivatel\u016fm, jako jsou kancel\u00e1\u0159e soci\u00e1ln\u00edch a pracovn\u00edch poradc\u016f.<\/p>\n\n\n\n<p>V \u010dervnu roku Reiwa 5 (2023), servery byly kompromitov\u00e1ny neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem, co\u017e vedlo k riziku \u00faniku spravovan\u00fdch osobn\u00edch \u00fadaj\u016f (jmen, dat narozen\u00ed, pohlav\u00ed, adres, \u010d\u00edsel z\u00e1kladn\u00edho d\u016fchodov\u00e9ho poji\u0161t\u011bn\u00ed, \u010d\u00edsel poji\u0161t\u011bnc\u016f zam\u011bstnaneck\u00e9ho poji\u0161t\u011bn\u00ed a My Number atd.) zam\u011bstnanc\u016f firem a pracovi\u0161\u0165, kter\u00e9 jsou klienty soci\u00e1ln\u00edch a pracovn\u00edch poradc\u016f.<\/p>\n\n\n\n<p>Vztah mezi t\u011bmito t\u0159emi stranami lze v souladu s pokyny vylo\u017eit n\u00e1sledovn\u011b:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Pozice podle pokyn\u016f<\/td><td>Podnikatel<\/td><td>Obsah<\/td><\/tr><tr><td>Zadavatel<\/td><td>U\u017eivatel\u00e9, jako jsou soci\u00e1ln\u00ed a pracovn\u00ed poradci (podnikatel\u00e9 zpracov\u00e1vaj\u00edc\u00ed osobn\u00ed \u00fadaje)<\/td><td>Osoby zpracov\u00e1vaj\u00edc\u00ed osobn\u00ed \u00fadaje z\u00e1kazn\u00edk\u016f (firem a jednotlivc\u016f)<\/td><\/tr><tr><td>Dodavatel<\/td><td>MK System Co., Ltd.<\/td><td>Poskytov\u00e1n\u00ed syst\u00e9mu na cloudu, kter\u00fd nahrazuje a podporuje \u010dinnost soci\u00e1ln\u00edch a pracovn\u00edch poradc\u016f. Zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f na z\u00e1klad\u011b pokyn\u016f z\u00e1kazn\u00edk\u016f<\/td><\/tr><tr><td>Subdodavatel<\/td><td>Tencent Cloud (\u010c\u00edna)<\/td><td>Infrastruktura cloudu sv\u011b\u0159en\u00e1 spole\u010dnost\u00ed MK System. Mo\u017enost, \u017ee se jedn\u00e1 o p\u0159ed\u00e1n\u00ed do zahrani\u010d\u00ed<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Osobn\u00ed informa\u010dn\u00ed komise Japonska rozhodla, \u017ee MK System m\u011bl nedostatky v technick\u00fdch bezpe\u010dnostn\u00edch \u0159\u00eddic\u00edch opat\u0159en\u00edch.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Obsah_administrativniho_vedeni\"><\/span>Obsah administrativn\u00edho veden\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Od Komise pro ochranu osobn\u00edch \u00fadaj\u016f bylo provedeno administrativn\u00ed veden\u00ed, kter\u00e9 zahrnovalo pokyny podle \u010dl\u00e1nku 147 Z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f a sb\u011br zpr\u00e1v podle odstavce 1 \u010dl\u00e1nku 146 t\u00e9ho\u017e z\u00e1kona v Japonsku.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Upozorneni_od_Japonske_komise_pro_ochranu_osobnich_udaju\"><\/span>Upozorn\u011bn\u00ed od Japonsk\u00e9 komise pro ochranu osobn\u00edch \u00fadaj\u016f<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Spole\u010dn\u011b s t\u00edm bylo Japonskou komis\u00ed pro ochranu osobn\u00edch \u00fadaj\u016f vyd\u00e1no upozorn\u011bn\u00ed &#8220;<a href=\"https:\/\/www.ppc.go.jp\/news\/careful_information\/240325_alert_cloud_service_provider\/\" target=\"_blank\" rel=\"noreferrer noopener\">Upozorn\u011bn\u00ed pro poskytovatele cloudov\u00fdch slu\u017eeb, kte\u0159\u00ed se st\u00e1vaj\u00ed zpracovateli osobn\u00edch \u00fadaj\u016f podle z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f[ja]<\/a>.&#8221;<\/p>\n\n\n\n<p>Toto upozorn\u011bn\u00ed je prim\u00e1rn\u011b ur\u010deno stran\u00e1m vyu\u017e\u00edvaj\u00edc\u00edm cloudov\u00e9 slu\u017eby, aby posoudily, zda pou\u017e\u00edv\u00e1n\u00ed cloudov\u00fdch slu\u017eeb odpov\u00edd\u00e1 pov\u011b\u0159en\u00ed zpracov\u00e1n\u00ed osobn\u00edch dat (podle \u010dl\u00e1nku 27 odstavce 5 bodu 1 z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f), a v p\u0159\u00edpad\u011b, \u017ee se jedn\u00e1 o pov\u011b\u0159en\u00ed, mus\u00ed zpracovatel osobn\u00edch \u00fadaj\u016f, kter\u00fdm je u\u017eivatel cloudov\u00fdch slu\u017eeb, prov\u00e1d\u011bt nezbytn\u00fd a vhodn\u00fd dohled nad poskytovatelem slu\u017eeb.<\/p>\n\n\n\n<p>Co se t\u00fd\u010de syst\u00e9mu MK, bylo uzn\u00e1no, \u017ee neexistuje v\u00fdjimka pro cloud a je pova\u017eov\u00e1n za zpracovatele osobn\u00edch \u00fadaj\u016f, co\u017e vy\u017eaduje odpov\u00eddaj\u00edc\u00ed dohled, proto\u017ee se zab\u00fdv\u00e1 osobn\u00edmi daty, a to z n\u00e1sleduj\u00edc\u00edch t\u0159\u00ed d\u016fvod\u016f:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<ul>\n<li>V u\u017eivatelsk\u00fdch podm\u00ednk\u00e1ch je stanoveno, \u017ee poskytovatel cloudov\u00fdch slu\u017eeb m\u016f\u017ee prov\u00e1d\u011bt nezbytn\u00e9 \u010dinnosti, jako je monitorov\u00e1n\u00ed, anal\u00fdza a vy\u0161et\u0159ov\u00e1n\u00ed dat atd., pokud to pova\u017euje za nezbytn\u00e9 pro \u00fadr\u017ebu a provoz, a \u017ee poskytovatel cloudov\u00fdch slu\u017eeb m\u016f\u017ee v ur\u010dit\u00fdch p\u0159\u00edpadech pou\u017e\u00edvat osobn\u00ed data u\u017eivatele cloudov\u00fdch slu\u017eeb bez povolen\u00ed a nesm\u00ed je zve\u0159ej\u0148ovat t\u0159et\u00edm stran\u00e1m.<\/li>\n\n\n\n<li>Poskytovatel cloudov\u00fdch slu\u017eeb m\u00e1 v dr\u017een\u00ed \u00fadr\u017ebov\u00e9 ID, kter\u00e9 mu umo\u017e\u0148uje p\u0159\u00edstup k osobn\u00edm dat\u016fm u\u017eivatele cloudov\u00fdch slu\u017eeb, a nebyla p\u0159ijata \u017e\u00e1dn\u00e1 technick\u00e1 opat\u0159en\u00ed pro kontrolu p\u0159\u00edstupu, kter\u00e1 by zabr\u00e1nila zpracov\u00e1n\u00ed.<\/li>\n\n\n\n<li>Poskytovatel cloudov\u00fdch slu\u017eeb skute\u010dn\u011b zpracov\u00e1val osobn\u00ed data u\u017eivatele cloudov\u00fdch slu\u017eeb po vz\u00e1jemn\u00e9 dohod\u011b a podeps\u00e1n\u00ed potvrzen\u00ed.<\/li>\n<\/ul>\n<cite><a href=\"https:\/\/www.ppc.go.jp\/files\/pdf\/240325_alert_cloud_service_provider.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Upozorn\u011bn\u00ed pro poskytovatele cloudov\u00fdch slu\u017eeb, kte\u0159\u00ed se st\u00e1vaj\u00ed zpracovateli osobn\u00edch \u00fadaj\u016f podle z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f\uff5cJaponsk\u00e1 komise pro ochranu osobn\u00edch \u00fadaj\u016f[ja]<\/a><br><\/cite><\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Pozorovani_pro_poskytovatele_cloudovych_sluzeb_podle_japonskeho_prava\"><\/span>Pozorov\u00e1n\u00ed pro poskytovatele cloudov\u00fdch slu\u017eeb podle japonsk\u00e9ho pr\u00e1va<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2025\/05\/7d8b9299c2a15a801c04913ba0d80d99.jpg\" alt=\"Pozorov\u00e1n\u00ed pro poskytovatele cloudov\u00fdch slu\u017eeb podle japonsk\u00e9ho pr\u00e1va\" class=\"wp-image-137684\" \/><\/figure>\n\n\n\n<p>Vzhledem k pr\u00e1vn\u00edm ot\u00e1zk\u00e1m a upozorn\u011bn\u00edm ze strany regula\u010dn\u00edch org\u00e1n\u016f, kter\u00e9 jsme dosud vysv\u011btlili, jak\u00e9 kroky by m\u011bli podniknout poskytovatel\u00e9 cloudov\u00fdch slu\u017eeb, jako je nap\u0159\u00edklad MK System, o kter\u00e9m jsme hovo\u0159ili d\u0159\u00edve?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Znovu_zkontrolujte_zda_jsou_splneny_pozadavky_pro_vyjimku_cloudovych_sluzeb\"><\/span>Znovu zkontrolujte, zda jsou spln\u011bny po\u017eadavky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Nejprve byste m\u011bli znovu zkontrolovat, zda slu\u017eby, kter\u00e9 va\u0161e spole\u010dnost poskytuje, spl\u0148uj\u00ed po\u017eadavky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb.<\/p>\n\n\n\n<p>V reakci na ned\u00e1vn\u00e1 upozorn\u011bn\u00ed od Japonsk\u00e9 komise pro ochranu osobn\u00edch \u00fadaj\u016f by m\u011bli u\u017eivatel\u00e9 cloudov\u00fdch slu\u017eeb zv\u00e1\u017eit d\u016fkladnou kontrolu, zda poskytovatel\u00e9 cloudov\u00fdch slu\u017eeb, kter\u00e9 vyu\u017e\u00edvaj\u00ed, spl\u0148uj\u00ed podm\u00ednky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb.<\/p>\n\n\n\n<p>Proto by i poskytovatel\u00e9 cloudov\u00fdch slu\u017eeb m\u011bli znovu zkontrolovat, zda spl\u0148uj\u00ed po\u017eadavky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Pokud_nesplnujete_pozadavky_pro_vyjimku_cloudovych_sluzeb_musite_se_postarat_o_dohled_nad_subdodavateli\"><\/span>Pokud nespl\u0148ujete po\u017eadavky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb, mus\u00edte se postarat o dohled nad subdodavateli<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Pokud nespl\u0148ujete po\u017eadavky pro v\u00fdjimku cloudov\u00fdch slu\u017eeb, mus\u00edte se vyrovnat s dohledem ze strany u\u017eivatel\u016f cloudov\u00fdch slu\u017eeb (v tomto p\u0159\u00edpad\u011b kancel\u00e1\u0159\u00ed soci\u00e1ln\u00edch a pracovn\u00edch poradc\u016f nebo spole\u010dnost\u00ed vyu\u017e\u00edvaj\u00edc\u00edch slu\u017eby MK System).<\/p>\n\n\n\n<p>Dohled u\u017eivatel\u016f cloudov\u00fdch slu\u017eeb zahrnuje n\u00e1sleduj\u00edc\u00ed kroky, kter\u00e9 jsou uvedeny v pokynech k z\u00e1konu o ochran\u011b osobn\u00edch \u00fadaj\u016f (Obecn\u00e1 \u010d\u00e1st) 3-4-4 Dohled nad subdodavateli (souvisej\u00edc\u00ed s \u010dl\u00e1nkem 25 z\u00e1kona):<\/p>\n\n\n\n<ul>\n<li>V\u00fdb\u011br vhodn\u00e9ho subdodavatele: Je nutn\u00e9 ov\u011b\u0159it, \u017ee bezpe\u010dnostn\u00ed opat\u0159en\u00ed subdodavatele jsou ekvivalentn\u00ed s po\u017eadavky, kter\u00e9 z\u00e1kon a tyto pokyny kladou na zadavatele.<\/li>\n\n\n\n<li>Uzav\u0159en\u00ed smlouvy o subdod\u00e1vce: Je vhodn\u00e9 uzav\u0159\u00edt smlouvu, kter\u00e1 umo\u017e\u0148uje zadavateli rozumn\u011b sledovat zpracov\u00e1n\u00ed sv\u011b\u0159en\u00fdch osobn\u00edch \u00fadaj\u016f.<\/li>\n\n\n\n<li>Pochopen\u00ed zpracov\u00e1n\u00ed osobn\u00edch \u00fadaj\u016f subdodavatelem: Pravideln\u011b hodnotit prost\u0159ednictv\u00edm audit\u016f, zda je zpracov\u00e1n\u00ed adekv\u00e1tn\u00ed.<\/li>\n<\/ul>\n\n\n\n<p>Pokud bezpe\u010dnostn\u00ed opat\u0159en\u00ed subdodavatele nejsou adekv\u00e1tn\u00ed, m\u016f\u017ee doj\u00edt k ukon\u010den\u00ed smlouvy, nebo m\u016f\u017ee b\u00fdt subdodavatel vyzv\u00e1n k zaveden\u00ed pot\u0159ebn\u00fdch bezpe\u010dnostn\u00edch opat\u0159en\u00ed a k \u00fa\u010dasti na pravideln\u00fdch auditech.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Shrnuti_Ochrana_osobnich_udaju_v_cloudovych_sluzbach_%E2%80%93_konzultujte_s_pravnikem\"><\/span>Shrnut\u00ed: Ochrana osobn\u00edch \u00fadaj\u016f v cloudov\u00fdch slu\u017eb\u00e1ch \u2013 konzultujte s pr\u00e1vn\u00edkem<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>V tomto \u010dl\u00e1nku jsme vysv\u011btlili rizika pro poskytovatele cloudov\u00fdch slu\u017eeb, kter\u00e9 nespl\u0148uj\u00ed v\u00fdjimky cloudu, na z\u00e1klad\u011b administrativn\u00edho veden\u00ed od Japonsk\u00e9 komise pro ochranu osobn\u00edch \u00fadaj\u016f (Personal Information Protection Commission) zve\u0159ejn\u011bn\u00e9ho v b\u0159eznu 2025 (2025).<\/p>\n\n\n\n<p>Na z\u00e1klad\u011b \u00faniku informac\u00ed v t\u00e9to v\u011bci byla u\u017eivatel\u016fm cloudov\u00fdch slu\u017eeb vyd\u00e1na upozorn\u011bn\u00ed od Japonsk\u00e9 komise pro ochranu osobn\u00edch \u00fadaj\u016f. Tato upozorn\u011bn\u00ed jsou relevantn\u00ed nejen pro u\u017eivatele cloudov\u00fdch slu\u017eeb, ale tak\u00e9 pro poskytovatele cloudov\u00fdch slu\u017eeb, kte\u0159\u00ed by m\u011bli p\u0159ehodnotit sv\u00e9 slu\u017eby a b\u00fdt si v\u011bdomi mo\u017en\u00fdch z\u00e1t\u011b\u017e\u00ed, kter\u00e9 mohou vzniknout.<\/p>\n\n\n\n<p>Vzhledem k tomuto administrativn\u00edmu veden\u00ed, pokud m\u00e1te obavy ohledn\u011b rizik, kter\u00fdm m\u016f\u017ee va\u0161e spole\u010dnost \u010delit, a jak\u00e9 kroky by m\u011bly b\u00fdt provedeny, doporu\u010dujeme konzultovat s pr\u00e1vn\u00edkem.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Predstaveni_opatreni_nasi_kancelare\"><\/span>P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Pr\u00e1vn\u00ed kancel\u00e1\u0159 Monolith je firma s bohat\u00fdmi zku\u0161enostmi v oblasti IT, zejm\u00e9na internetu, a pr\u00e1va. V dne\u0161n\u00ed dob\u011b, kdy mnoho IT spole\u010dnost\u00ed vyu\u017e\u00edv\u00e1 cloudov\u00e9 slu\u017eby jako AWS pro rozvoj sv\u00fdch podnik\u016f, se st\u00e1v\u00e1 \u00fanik osobn\u00edch \u00fadaj\u016f jedn\u00edm z nezbytn\u00fdch rizik, kter\u00e1 je t\u0159eba \u0159\u00eddit p\u0159i veden\u00ed podniku. V p\u0159\u00edpad\u011b \u00faniku osobn\u00edch \u00fadaj\u016f m\u016f\u017ee doj\u00edt k z\u00e1va\u017en\u00fdm dopad\u016fm na podnikov\u00e9 aktivity. Na\u0161e firma m\u00e1 odborn\u00e9 znalosti v prevenci \u00faniku informac\u00ed a v reakc\u00edch na takov\u00e9 ud\u00e1losti. Podrobnosti naleznete v n\u00e1sleduj\u00edc\u00edm \u010dl\u00e1nku.<\/p>\n\n\n\n<p>Oblasti pr\u00e1ce pr\u00e1vn\u00ed kancel\u00e1\u0159e Monolith: <a href=\"https:\/\/monolith.law\/personalinformation\" target=\"_blank\" rel=\"noreferrer noopener\">Pr\u00e1vn\u00ed slu\u017eby souvisej\u00edc\u00ed s ochranou osobn\u00edch \u00fadaj\u016f podle japonsk\u00e9ho pr\u00e1va[ja]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Podniky, kter\u00e9 se zab\u00fdvaj\u00ed osobn\u00edmi \u00fadaji, jsou podle japonsk\u00e9ho z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f (Personal Information Protection Law) podrobeny r\u016fzn\u00fdm regulac\u00edm ve zpracov\u00e1n\u00ed t\u011bchto informac\u00ed. Na\u0161e o [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":66200,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[19,51],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/66015"}],"collection":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/comments?post=66015"}],"version-history":[{"count":2,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/66015\/revisions"}],"predecessor-version":[{"id":66201,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/66015\/revisions\/66201"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media\/66200"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media?parent=66015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/categories?post=66015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/tags?post=66015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}