´Over the past half year, the office´s activity was about consultancy and guidance. Fining was not on the agenda,´ Mr Prokeš said and continued: ´Controllers often turn to us with a mere problem description and want a complex solution. This is however not the way a supervisory authority can handle for the controller. We do not bake rolls, we offer guidance how to bake.´
It was also stated that the almost two-fold increase in number of complaints compared with the previous year can go to the debit of cases which were beyond the office´s competence and could better be settled under the Civil Code.
Furthermore, Mr Prokeš emphasized that ´Consents for data processing are a permanent issue. The Czech Republic is over-consented, quite unnecessarily. Consent seeking is even unlawful in numerous instances. Consent is often required aggressively and in a misleading manner which, of course, is at variance with the GDPR.´ The consent issue stands in the forefront of the public interest, anyway.
Somewhat surprisingly, requests for a preliminary consultation on data protection impact assessment were rare. Mr Prokeš closed his presentation by saying that notices of warning sent to controllers to remind them of their shortcomings proved very useful and did not always resulted in a financial sanction. It is a fair, honest, and open communication that the office values most.