Personal data protection
Canadian Medical Care Česká republika, spol. s r.o. is fully aware of the importance of protecting personal data which is currently governed by Act No. 101/2000 Coll., on the Protection of Personal Data and other legislation. Canadian Medical Care Česká republika, spol. s r.o. has begun implementing measures as a reaction to the requirements laid out by Regulation (EU) 2016/679 as issued by the European Council and the European Parliament on April 27, 2016. General Data Protection Regulation otherwise known as GDPR will come into effect on May 25, 2018.
For some basic information on GDPR, please visit The Office for Personal Data Protection: https://www.uoou.cz/en/
Canadian Medical Care Česká republika, spol. s r.o. has adopted necessary security measures to protect sensitive personal information. This extends not only to personal data itself, but also to overall information provided in medical documentation. The security measures that were implemented are constantly evaluated with regards to potential security threats in order to maintain the appropriate level of personal data protection.
The protection of personal data is important to us not only in situations where we manage personal data but also in cases where we provide our services, always ensuring that we state the reasons and tools utilized to process it. It is also important in cases where we as the personal data processor handle data provided to us by other entities. This applies primarily with regards to occupational health services and premium healthcare services rendered for large corporations.
New GDPR responsibilities
Despite the fact that basic rules and principles for data protection remain virtually unchanged, GDPR does introduce several new requirements that we are required to implement and comply with.
Rights of the data subjects
On these pages, by May 25, 2018, you will be able to find all necessary information about the possibilities available to you to exercise your rights stemming from GDPR. This will include a simple, step-by-step form that will make it easier for your requests to be processed.
All basic provisions on the processing of personal data are included in the various contracts that you have signed with us. In certain cases where information and consent is insufficient as far as GDPR is concerned, such contracts will require changes. Information on processing personal data will now be available as part of our Business Terms and Conditions. As of the implementation date of GDPR, our companies will meet all requirements posed by GDPR on us as a data controller.
Records on data processing
Canadian Medical Care Česká republika, spol. s r.o. is already registered with The Office for Personal Data Protection concerning the required reporting on data processing. By May 25, 2018, when this becomes a requirement, we will have set in place all processes required to manage information as outlined by GDPR. This applies to cases where Canadian Medical Care Česká republika, spol. s r.o. is a data controller as well as cases where Canadian Medical Care Česká republika, spol. s r.o. acts as a data processor.
Impact assessment on the protection of personal data
In addition to its already established security standards, Canadian Medical Care Česká republika, spol. s r.o. will first implement processes to ensure that expected operations are carried out with the view to assess their impact on personal data protection. This applies not only to the implementation of new technology but also to assessing the nature, extent and context of data processing that could carry a high-risk for rights and freedoms of individuals.
Reporting personal data breaches to The Office for Personal Data Protection
As soon as the data controller realizes a security breach related to data protection, it must report each instance to The Office for Personal Data Protection within 72 hours, unless it can be proven that the breach is highly unlikely to carry a high risk in terms of assuring the rights and freedoms of all individuals involved.
Reporting personal data breaches to the data subjects
This reporting requirement is aimed at the data subjects themselves, i.e. specific clients, but only in cases where such an incident could carry a high risk in terms of the rights and freedoms for this particular client, or a group of clients.
Provision of a Data Protection Officer
Canadian Medical Care Česká republika, spol. s r.o. will set, by the implementation date at the latest, its Data Protection Officer who will be provided with sufficient privileges and responsibilities as well as involved in all matters concerning data protection.