From 2000 to 2009 the Act on the Protection of Personal Data (the full name is Act No. 101/2000 Coll. on the Protection of Personal Data and on Changes to Some Laws) was the primary legislation regulating the protection of personal data and the work of the Office for the Protection of Personal Data. The Act was amended in 2004 in conformity with Directive No. 95/46/ES after the Czech Republic became a member of the European Union.
The purpose of the Act on the Protection of Personal Data was to implement the principles of the Charter of Basic Human Rights and Fundamental Freedoms that guarantee citizens protection from invasions into their privacy and personal life through the unauthorised collections, publication, or other misuse of personal data.
Protection from damages arising from the processing of data is addressed in the Civic Code (Act No. 89/2012 Coll.). The issue of technological data processing is addressed in Act No. 181/2014 Coll., on cyber security.
Effective 24 April 2019, Act No. 101/2000 was nullified and replaced by the Act on the Processing of Personal Data (No. 110/2019 Coll.), which implements Regulation (EU) No. 2016/679 (GDPR).
The implementation of GDPR in the CR was initially accompanied by inconsistent interpretations and concerns from the culture sector about future sanctions. Ultimately, however, cultural institutions have not experienced any serious effects as a result.