Key Data & Cybersecurity Laws | Czech Republic | Global Data and Cyber Handbook

How are data and cybersecurity laws/regulations implemented?

Last review date: 15 January 2025

☒ omnibus – all personal data

☒ sector-specific

☒ Telecoms, public healthcare sector

☒ constitutional

What are the key data privacy laws and regulations?

Last review date: 15 January 2025

Please refer to the EU Chapter for detailed information regarding EU-wide legislation.

EU General Data Protection Regulation ("GDPR")
Act on Processing of Personal Data – Act No. 110/2019 Coll.
Further sector-specific laws, in particular the Electronic Communications Act (Act No. 127/2005 Coll.), the Information Society Services Act (Act No. 480/2004 Coll.)
Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union.

What are the key cybersecurity laws and regulations?

Last review date: 15 January 2025

Please refer to the EU Chapter for detailed information regarding EU-wide legislation.

Act on Cyber Security - Act No. 181/2014 Coll.
Decrees implementing the Act on Cyber Security, such as the Cybersecurity Decree (Decree No. 82/2018 Coll.), the Decree on Important Information Systems and their Determination Criteria (No 317/2014 Coll.)

Please note that a new draft Act on Cyber Security is currently being discussed within the legislative process (currently still in the Chamber of Deputies of the Parliament of the Czech Republic), which implements Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive) and which is intended to replace the aforementioned Act on Cyber Security.

What are the key laws and regulations relating to non-personal data?

Last review date: 15 January 2025

Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union.
Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance (“Data Governance Act”)
Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data (“Data Act”)
Further sector-specific laws, in particular the Electronic Communications Act (Act No. 127/2005 Coll.), the Information Society Services Act (Act No. 480/2004 Coll.)

Are new or material changes to those key data and cybersecurity laws anticipated in the near future?

Last review date: 15 January 2025

Please refer to the EU Chapter for detailed information regarding EU-wide legislation.

Following the adoption of the NIS 2 Directive (i.e. the directive on measures for a high common level of cybersecurity across the Union), a new Act on Cyber Security, as well as the relevant decrees should be adopted during 2025.

Global Data and Cyber Handbook

Czech Republic

Select a Topic