Mrs Matoušová based her presentation inter alia on the results of a census accomplished among the participants at the consultative meetings and seminars the Office organized for data protection officers during this summer and autumn. She also provided some figures: “We have received more than 16500 notifications of the DPO designation as well as more than 200 notifications of the change of a DPO or the relevant coordinates. It was interesting that great number of controllers established their DPO voluntarily, without being legally obliged to do so (given the nature of their activity). We also have registered a significant percentage of external DPOs.”
Mrs Matoušová went on by summarizing some typical errors controllers have done:
“The process of DPO designation, for instance, is surrounded by insufficient clarity. Often, the designation was communicated by the DPOs themselves, which of course is wrong. The other way round, we have also met cases where a DPO did not know who and when communicated the details and what was the basis of the designation. We know of organizations that nominated more than one DPO, but also of entities that did not designate any DPO at all. We have also recorded first complaints as to the insufficient availability of some DPOs working for more controllers simultaneously. Mrs Matoušová moreover reminded of the controllers´ duty to publish the contact details of the DPO on their website: “Our recent survey conducted over sixty randomly chosen websites has revealed that – on condition such an obligation existed – the DPO contact details were missing.”
Falsely interpreted notion of “personal data processing” appears also as a frequent mistake. This amounts in notifying of such data breaches for which the Office is not competent, or in requiring a consent with the data processing excessively.
The Office informed regularly about these topics on its website and in media, or voiced them via its experts at different seminars and conferences. This year saw over seventy of such events already.
The two-day Czech Compliance Association conference, organized under the auspices of Mr Jan Kněžínek, the Minister of Justice of the Czech Republic, brought together experts from the Czech Republic as well as from abroad, representing regulatory authorities, businesses, consultancies, and academic sphere. The contributions and discussions covered the issue of compliance programmes both in corporate and public environment. They typically dealt with the objective and focus of such programmes in order to prevent violations of law.
