Art. 84
1. Member States shall lay down the rules on other penalties applicable to infringements of this Regulation in particular for infringements which are not subject to administrative fines pursuant to Article 83, and shall take all measures necessary to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive.
2. Each Member State shall notify to the Commission the provisions of its law which it adopts pursuant to paragraph 1, by 25 May 2018 and, without delay, any subsequent amendment affecting them.
|
Art. 78
1. Member States shall lay down the rules on penalties, applicable to infringements of the provisions of this Regulation and shall take all measures necessary to ensure that they are implemented, including where the controller did not comply with the obligation to designate a representative. The penalties provided for must be effective, proportionate and dissuasive.
2. Where the controller has established a representative, any penalties shall be applied to the representative, without prejudice to any penalties which could be initiated against the controller.
3. Each Member State shall notify to the Commission those provisions of its law which it adopts pursuant to paragraph 1, by the date specified in Article 91(2) at the latest and, without delay, any subsequent amendment affecting them.
|
Art. 79b
1. For infringements (…)of this Regulation in particular for infringements which are not subject to administrative fines pursuant to (…) Article 79a Member States shall lay down the rules on penalties applicable to such infringements and shall take all measures necessary to ensure that they are implemented (…). Such penalties shall be effective, proportionate and dissuasive.
2. (…).
3. Each Member State shall notify to the Commission those provisions of its law which it adopts pursuant to paragraph 1, by the date specified in Article 91(2) at the latest and, without delay, any subsequent amendment affecting them.
|
Art. 24
The Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down the sanctions to be imposed in case of infringement of the provisions adopted pursuant to this Directive.
|
Article 44
(1) Natural person who
(a) is in a labour or similar relationship to the controller or processor;
(b) carries out activities for the controller or processor on the basis of an agreement, or who
(c) in the framework of fulfilling powers and obligations imposed by a special Act comes into contact with personal data at the controller or processor,
commits an offence by breaching the obligation to maintain confidentiality (Article 15).
(2) Natural person in the position of the controller or processor commits an offence in the course of personal data processing if he:
(a) fails to specify the purpose, means or manner of processing (Article 5(1)(a) and (b)) or breaches an obligation by the specified purpose of processing or exceeds his authority ensuing from a special Act,
(b) processes inaccurate personal data (Article 5(1)(c))
(c) collects or processes personal data in an extent or manner which does not correspond to the specified purpose (Article 5(1)(d),(f) thru (h))
(d) retains personal data for a period longer than necessary for the purpose of processing (Article 5(1)(e))
(e) processes personal data without the consent of data subject except for the cases provided by law (Article 5(2) and Article 9)
(f) fails to provide the data subject with information in the scope or in the manner provided by law (Article 11)
(g) refuses to provide the data subject with the requested information (Articles 12 and 21)
(h) fails to adopt or implement measures for ensuring security of personal data processing (Article 13)
(i) fails to fulfil the notification obligation pursuant to this Act (Articles 16 and 27)
(j) fails to implement imposed remedial measures in the fixed period.
(3) Natural person in the position of the controller or processor commits an offence if he in the course of personal data processing:
(a) jeopardises a substantial number of persons by unauthorized interference in the private and personal lives, or
(b) fails to fulfil obligations related to the processing of sensitive data (Article 9)
by some of the courses of action pursuant to paragraph 2.
(4) A fine up to CZK 100,000 may be imposed for an offence pursuant to paragraph 1.
(5) A fine up to CZK 1,000,000 may be imposed for an offence pursuant to paragraph 2.
(6) A fine up to CZK 5,000,000 may be imposed for an offence pursuant to paragraph 3.
Article 44a
(1) Natural person commits an offence by breaching prohibition to publish personal data provided by other legal regulation.
(2) A fine up to CZK 1,000,000 may be imposed for an offence pursuant to paragraph 1.
(3) A fine up to CZK 5,000,000 may be imposed for an offence pursuant to paragraph 1 committed by press, film, radio, television, publicly accessible computer network or by other equally effective way.
Article 45
(1) Legal or natural person doing business according to special regulations when processing personal data in the position of the controller or processor commits an administrative delict if he:
(a) fails to specify the purpose, means or manner of processing (Article 5(1)(a) and (b)) or breaches an obligation by the specified purpose of processing or exceeds his authority ensuing from a special Act;
(b) processes inaccurate personal data (Article 5(1)(c));
(c) collects or processes personal data in a scope or manner which does not correspond to the specified purpose (Article 5(1)(d), (f) thru (h));
(d) retains personal data for a period longer than necessary for the purpose of processing (Article 5(1)(e));
(e) processes personal data without the consent of data subject except for the cases provided by law (Article 5(2) and Article 9);
(f) fails to provide the data subject with information in the scope or in the manner provided by law (Article 11);
(g) refuses to provide the data subject with the requested information (Article 12 and Article 21);
(h) fails to adopt or implement measures for ensuring security of personal data processing (Article 13);
(i) fails to fulfil the notification obligation pursuant to this Act (Articles 16 and 27);
(j) don’t maintain an inventory of personal data breaches pursuant to Article 88 (7) of the Electronic Communications Act.
(k) fails to implement imposed remedial measures in the fiwed period.
(2) Legal person in the position of the controller or processor commits an administrative delict if he in the course of personal data processing:
(a) jeopardises a substantial number of persons by unauthorized interference in the private and personal lives, or
(b) fails to fulfil obligations related to the processing of sensitive data (Article 9)
by some of the courses of action pursuant to paragraph 1.
(3) A fine up to CZK 5,000,000 shall be imposed for an administrative offence pursuant to paragraph 1.
(4) A fine up to CZK 10,000,000 shall be imposed for an administrative offence pursuant to paragraph 2.
Article 45a
(1) Legal person or natural person doing business commits an administrative delict by breaching prohibition to publish of personal data provided by other legal regulation.
(2) A fine up to CZK 1,000,000 shall be imposed for an administrative delict pursuant to paragraph 1.
(3) A fine up to CZK 5,000,000 shall be imposed for an offence pursuant to paragraph 1 committed by press, film, radio, television, publicly accessible computer network or by other equally effective way.
Article 46
(1) Legal person shall not be liable for an administrative delict if he proves that he has made all reasonable effort to prevent the breach of a legal obligation.
(2) When deciding on the amount of the fine, especially the seriousness, manner, duration and consequences of the unlawful behaviour and the circumstances under which the unlawful behaviour was committed shall be taken into account.
(3) Liability of the legal person for an administrative delict becomes extinct, if the administrative body has not initiated proceedings within 1 year as of the day when it learned of it, but not later than within 3 years as of the day when the delict was committed.
(4) Administrative delicts pursuant to this act shall be dealt with in the first instance by the Office.
(5) The provisions on the liability of legal person and related sanctions applies on the liability for the behaviour of natural person that occurred when the natural person carried on business activities or in a direct relation to such business activities.
(6) The fine is payable within 30 days as of the day when the decision on imposing the fine came into force.
(7) The fine shall be collected by the Office. The revenue from fines shall be an income of the state budget.
|