Skip to content
World Watch/Czechia/Data & Privacy

Data & Privacy · Czechia

Data protection & GDPR compliance in Czechia (2026)

Comprehensive lawGDPR (Regulation (EU) 2016/679) directly applicable, supplemented by Act No. 110/2019 Coll. on Personal Data Processing (national adaptation law); supervised by the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, UOOU)Country index 84 · A

Czechia shaded by its data & privacy status

Data protection in Czechia: comprehensive law, under GDPR (Regulation (EU) 2016/679) directly applicable, supplemented by Act No. 110/2019 Coll. on Personal Data Processing (national adaptation law); supervised by the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, UOOU).

Czechia operates under the EU's GDPR as directly applicable law, with Act No. 110/2019 Coll. serving as the national adaptation statute that replaced the former Act No. 101/2000 Coll. and implements GDPR derogations, the Law Enforcement Directive (2016/680), and the PNRD. The independent supervisory authority is the UOOU (uoou.gov.cz), which is a full member of the European Data Protection Board and carries active enforcement powers including significant fines.

GDPR & data protection in Czechia

In Czechia, data protection is governed by the EU General Data Protection Regulation (GDPR), which applies directly and is enforced by the Office for Personal Data Protection (ÚOOÚ).

Framework
the GDPR (Regulation (EU) 2016/679) plus the national data-protection act
Supervisory authority
the Office for Personal Data Protection (ÚOOÚ)
Applies to
any organisation processing the personal data of people in Czechia, wherever the organisation is based
Maximum fine
€20 million or 4% of global annual turnover, whichever is higher
Breach notification
within 72 hours of becoming aware, to the supervisory authority
DPO
required for large-scale monitoring or large-scale special-category processing

The GDPR is bloc-wide; Czechia supplements it with a national data-protection act and its own supervisory authority.

GDPR in Czechia: FAQ

Does the GDPR apply in Czechia?

Yes. As an EU/EEA member, Czechia applies the GDPR (Regulation (EU) 2016/679) directly, enforced by the Office for Personal Data Protection (ÚOOÚ).

Who enforces data protection law in Czechia?

The Office for Personal Data Protection (ÚOOÚ).

What are the GDPR fines in Czechia?

Up to €20 million or 4% of global annual turnover, whichever is higher.

Do you need a Data Protection Officer in Czechia?

A DPO is required where you carry out large-scale monitoring or process special-category data at scale.

How quickly must a data breach be reported in Czechia?

Personal-data breaches must be notified to the supervisory authority within 72 hours of becoming aware.

Key points

Primary legislation

Act No. 110/2019 Coll. on Personal Data Processing entered into force on 24 April 2019, replacing Act No. 101/2000 Coll. It adapts GDPR at the national level and also implements Directive (EU) 2016/680 (LED) for law-enforcement processing of personal data.

Supervisory authority

The Office for Personal Data Protection (UOOU), based in Prague, is the independent national DPA. It is a member of the EDPB, cooperates with the EDPS on Schengen-related supervisory matters, and publishes binding decisions and annual enforcement plans.

Child consent age

Section 7 of Act No. 110/2019 lowers the age of valid consent for information-society services to 15 years (below the GDPR default of 16), the minimum permitted under GDPR Article 8. This covers social networks, apps, streaming, and marketing newsletters.

Public-authority fine exemption

Czech national law opts out of GDPR administrative fines for public authorities and bodies; these entities cannot be fined for GDPR or Act No. 110/2019 infringements, though other corrective powers of the UOOU still apply.

Enforcement, Avast fine (2024)

In April 2024 the UOOU issued a final binding appellate decision fining Avast Software s.r.o. CZK 351 million (approx. EUR 13.9 million) for transferring pseudonymised browsing history of ~100 million users to a sister company without a valid legal basis, violating GDPR Articles 6 and 13.

2025 enforcement priorities

The UOOU's 2025 control plan targets retailers conditioning discounts on loyalty-programme enrolment (lawfulness of processing) and CCTV systems in public transport, applying its updated CCTV methodology to assess proportionality and transparency obligations.

Czechia - other topics

Data & Privacy in other countries

Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →