Back to top


The GDPR (General Data Protection Regulation) is a new EU regulation that aims to improve the protection of personal data and harmonize the rules in this field within the EU. The GDPR went into effect on 25 May, 2018, and has been binding and directly applicable in the Czech Republic.

The GDPR affects all subjects who work with information about individuals, whether as employers, contractors, service providers, website and e-shop operators or otherwise. he GDPR applies to both the private and public sector.

Compared to the current legislation, the GDPR has delivered substantially higher privacy standards. What was only recommended practice it is mandatory under the GDPR. It introduced a number of novelties such as the right to data portability, the right to be forgotten, and the obligation connected with specific types of data processing to carry out a data protection impact assessment or to appoint a data protection officer. The GDPR laid down special obligations for organizations with at least 250 employees. The GDPR places fundamental emphasis on the obligation to provide information.

The GDPR introduces higher fines of up to 20 million euros, or 4% of the total worldwide annual turnover (whichever is higher). The GDPR cannot be taken lightly. Anyone who processes personal data must prepare thoroughly for it.

act Řanda Havel Legal provides comprehensive consultancy in connection with the GDPR. Our lawyers have extensive knowledge of GDPR-related issues, as well as of data protection law in general. We have been following the development of the GDPR since 2012, when the first draft was submitted. We have also intensively focused on the matter within the prestigious international organization IAPP (International Association of Privacy Professionals), which brings together professionals in the field of data protection.

Regarding the GDPR, we will analyse existing data processing processes, identify necessary changes and prepare their implementation. All this in close cooperation with your staff, for whom we prepare practical GDPR training. Once you’ve implemented the necessary changes, you will be GDPR ready.

For more information please contact gdpr (at)