The Act brings particularly the following changes:
The Act specifies certain definitions of concepts, eliminates the ambiguity of some of the basic provisions that in the application practice caused the need for its frequent clarification. In several positions of the Act, for example, is deleted the phrase „government authorities, local government authorities, other public authorities, as well as other legal and natural persons“ and it is replaced by the word „everyone“, thus simplifying legislation. It also introduces a new concept of „space available to the public“, which was absent in this legislation. The Act further provides clearer editing of the operator and intermediary and their interrelationship.
For more explict interpretation the Act establisheds a new common name „legal basis of the processing of personal data.“ In terms of the explanatory memorandum the legal basis is in general terms to be understood the authorization of operator to the processing of personal data of individual persons (persons concerned). In other words, it is a factor which allows the operator to perform any operations with personal data of the persons concerned in accordance with applicable legislation.“
The Act also regulates the conditions of the processing of biometric data
Another innovation is the introduction of conditions relating to the authorization of the responsible person. Inter alia, the Act establishes a responsible person conducting the test of knowledge of generally binding legal regulations on the protection of personal data.
The Act further regulates
- new legal provisions for the transfer of personal data to third countries
- update of registration, special registration and registry of information systems
- amendment of the provisions of authorized person