ABSTRACT
After the political changes in 1989 in the Czech Republic, two Acts of Parliament were adopted concerning personal data protection. Firstly, there was Act no. 256/1992 Coli., on Personal Data Protection in Information Systems. Then this was replaced by the Act no. 10112000 Coll., on Personal Data Protection (hereinafter 'Data Protection Act'). The Data Protection Act established a special supervisory authority (according to the Article 28 of the Directive) called the Office for Personal Data Protection (Urad pro ochranu osobnich udaju) (hereinafter 'the Office') with its seat in Prague. Personal data is defined in Article 4 paragraph of the Data Protection Act. There are no special provisions for processing the national identification number ('NIN'). Notification is required for data processing generally. Ethics committees have a supervisory function to protect the research subject in relation to laws. The Czech law operates with a supervisory authority.
