The Office for Personal Data Protection (the "Office") has published its control plan for 2023.
The first area of focus for the Office is the regular monitoring of embassies processing Schengen visas applications. Next, the Authority will focus on companies that engage in telemarketing.
The audit of these companies will examine whether they have a title for processing personal data and whether they sufficiently fulfil their information obligations towards data subjects.
Designated employers and their attendance systems will also be inspected, in particular to examine which categories of personal data are processed, for how long and whether personal data are processed to the extent necessary to fulfil the purpose.
In the past year, the Office recorded an increase of complaints about the sending of commercial communications by SMS. Therefore , this year the Office will carry out an inspection of companies operating in the field of dissemination of commercial communications by this means, the subject of the inspection being an examination of whether the communications in question are in the form and requirements required by law.
Last but not least, the Office will deal with complaints from natural persons regarding the setting of the period of retention of personal data, the fulfilment of information obligations towards these persons, etc.
So far this year, the Office has imposed fines for GDPR violations totalling CZK 10 million. However, it can be expected that after almost 5 years since the GDPR came into force, controls will be tightened, and fines will increase.
By Radek Matous, Partner, Petra Kratochvilova, Counsel, Eversheds Sutherland