The Office for Personal Data Protection (hereinafter “Czech DPA”) has elaborated “ten commandments” to straighten out the most frequent misinterpretations or misleading statements concerning the General Data Protection Regulation (GDPR).

The effective day of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), is approaching inexorably. Both controllers and processors have been getting ready, professional conferences have been organized countrywide with the media attention ever growing.

Similar pace, at which the interest in GDPR intensifies, is observed by the Czech DPA also for inaccuracies and misleading or even mistaken information concerning this general regulation.

The present list of repeated mistakes and inaccuracies has been compiled as a result of the Czech DPA experiences gathered at different professional events as well as the observations drawn from the publicly available sources. The order of topics respects the systemic structure of the General Data Protection Regulation (hereinafter “GDPR“) and does not express their weight.

Click here for details in English and Czech.