praha@rowan.legal +420 224 216 212 ROWAN LEGAL on LinkedIn
CZEN
MENU
Rowan Legal

The turbulent seas of IT legislation in 2016

4.1.2017

The past year has brought an especially large number of changes and new features, even from the viewpoint of the dynamic and turbulent nature of information technology law. The changes, which were not limited to legislation, took place on the domestic as well as the EU level and resemble a brewing storm over the open sea. And we can expect to feel the waves of their effects on the shores of the IT sector for a long time to come. Let’s take a brief look at the areas affected by the changes and what they will bring.

Personal data protection

The decision taken to approve the General Data Protection Regulation (GDPR) is unquestionably the most significant change to have taken place in recent months. This regulation represents new European rules on handling the data of individuals, also bringing about a tightening of several previously grey zones and introducing a whole host of new obligations. As a result, businesses, state authorities as well as the non-profit sector will have to prepare for revisions of all consents with the processing of personal data, agreements with the subcontractors who process this data, and the overall auditing of all their processes involving the handling of data. Anyone failing to comply shall risk being fined up to € 20 million or 4 % of global annual turnover. The regulation enters into force in May 2018, however large organisations need to start preparing now, and everyone should verify that they are already obtaining their consents in accordance with this regulation, otherwise there is the risk of such consents being invalid.

Electronic signatures and electronic identity

The eIDAS regulation, which regulates electronic signatures and the mutual recognition of electronic identities between member states, came into effect in July, followed in September by the adoption of the Czech implementing legislation, the Act on Trust Services. This legislation primarily regulates the method of communicating with public authorities and stipulates that public authorities are obligated to place time stamps on all electronic documents sent, and to start using so-called qualified signatures based on chip cards or USB tokens in two years.

Payment services

The adoption of PSD2 directive in November 2015 kicked up a storm in the financial sector, owing to revolutionary changes forcing banks and other payment institutions to open up their systems to third parties. On the instructions of users, banks will be have to allow these new third-party services, typically applications, to access these systems, to read various types of information and to subsequently provide them to the users in a consolidated form or even, on the instructions of users, to directly enter payments in the systems. The new services present a huge risk for existing players and an opportunity for new, innovative companies. However, if existing players are able to take advantage of these possibilities, they will be able to use their technical head start and capital base to turn this threat into an opportunity.

Cyber security

Thanks to the head start that the Czech Republic has in terms of cyber security regulation, the adoption back in July of the directive on the security of network and information systems (the NIS Directive) does not represent a revolutionary change. That said, the Cyber Security Act will be amended, with planned changes including, for example, significant increases in fines or new obligations for system suppliers.

Software development

The modern trend of agile development, which is now also being reflected in the agreements concluded, has hit Czech software customers as well as suppliers in its fullest extent. Customers are looking for ways to avoid complicated and confusing change management procedures in their IT projects, whilst at the same time obtaining the product they want at the end of the entire process, even though their idea is unclear at the start. Developers are catering to this need by working in short development cycles and encouraging greater customer involvement in the entire process. This, however, impacts the basic parameters of the entire relationship, from the pricing model to the terms and conditions of product acceptance. For this reason, the agile approach to software development must be duly reflected in the contracts, and this is a trend that we have noted to a great degree in the elapsed year.

What can we expect next year

We are unlikely to see any reduction to the fast pace of change next year. Aside from the legislation in the pipeline, such as the Act on Electronic Identification and the said amendment to the Cyber Security Act, the whole situation is also being influenced by both domestic and European case law, with may also shake up the system for transferring personal data abroad, as in the case of the invalidation of the “Safe Harbor” system.

In such turbulent times, the need for a strong partner, who is well versed in both the legal and technological aspects of these changes and capable of shepherding its clients safely through their pitfalls, is of extra importance. By highlighting who you can trust in the IT field, the annual Czech Law Firm of the Year competition offers a helping hand in this tough situation.

Preparing a budget for next year? Don’t forget about the GDPR! Multilaw network awarded Global Network of The Year 2017