Basic information on GDPR can be found on the website of The Office for Personal Data Protection on https://www.uoou.cz/gdpr-obecne-nbsp-narizeni/ds-3938/p1=3938.
Canadian Medical s.r.o. has taken the necessary measures to protect sensitive information which includes not only personal data, but also information contained within medical records as a whole. The security measures are continually assessed in line with changes and new security threats. This allows for CM to identify and ensure the appropriate level of personal data protection.
Personal data protection is important for us even in cases, where we are in the role of the data controller. This applies to our own services where we determine the reasons and means of processing personal data. This also applies to cases where we play the role of data processor of personal data and are involved in the processing of personal data passed on to us by other subjects. This applies primarily to occupational health services and premium services provided to larger corporations.
New obligations introduced under GDPR
Although the basic principles of personal data protection remain in place under current legislation, GDPR introduces a number of new responsibilities that we implemented.
Rights of data subjects
As of May 25, 2018, this website provides all of the required information about exercising your rights under GDPR including a form that will allow you to do so in the simplest way possible.
All basic information about the processing of personal data is always a part of the contract you have signed with our company. In certain cases, from the viewpoint of GDPR, such information is not sufficient and needs adjustment. Information about processing personal information also forms a part of our Terms and Conditions. As of GDPR being implemented, our company is in full compliance with the requirement set forth by the legislation.
Records of processing activities
Canadian Medical s.r.o. is already registered with The Office for Personal Data Protection with regards to mandatory reporting of processing activities. From May 25, 2018, when this requirement passed, all processes have been set to keep records in line with the extent required by GDPR. This applies to situations when Canadian Medical s.r.o. is in the position of controller of personal data. It also applies to situations where Canadian Medical s.r.o. is in the position of processor of personal data.
Impact assessment on the protection of personal data
Canadian Medical Care s.r.o. implemented processes into its existing security standards within which requirements resulting from GDPR are applied. These are done in such a way as to assess the impact of any planned operations in terms of personal data protection; especially when using new technologies that look at the nature, extent, context and purpose of processing of the data which could pose a high level of risk in breaching the rights and freedoms of individuals.
Reporting cases of violation of data subject’s personal data to The Office for Personal Data Protection
As soon as the controller records a breach of security concerning personal information The Office for Personal Data Protection must be notified within 72 hours. This does not apply when the controller can prove that it is unlikely that any such security breach of personal data could carry the risk of breaching the rights and freedoms of individuals.
Reporting cases of violation of data subject’s personal data
The controller is required to notify a data subject (concrete client) only in cases when a specific incident could pose a high risk for the rights and freedoms of that client or a group of clients.
Data Protection Officer
As of 25.5.2018, Canadian Medical s.r.o. set its Data Protection Officer who has the necessary and appropriate powers and is involved in all matters associated with the protection of personal data.
Data Protection Officer (DPO)
Telephone: +420 731 546 921 (Working days from 09:00 to 15:00)