A fine of up to CZK 5m may be imposed for violation of prohibition of disclosure of personal data laid down in other legal regulations.
A fine of up to CZK 10m may be imposed for violation of obligations set out in the Data Processing Act regarding processing for purposes of prevention or detection of criminal offence, proceedings of criminal offenses, enforcement of penalties, ensuring the security of the Czech Republic or ensuring public policy and security.
A punishment of a prison sentence up to eight years, monetary penalty or punishment by disqualification may be imposed for processing or appropriating personal data that was collected on another person in connection with the execution of public authority without authorisation, and thus causing serious harm to the rights or legitimate interests of the person whom the personal data concerns.
Similar punishment may be imposed for violation of the State imposed or recognised obligation of confidentiality by the same action as above in connection with the execution of their employment, profession, or function without authorisation, and thus causing serious harm to the rights or legitimate interests of the person whom the personal data concerns.
Individual damages may be claimed pursuant to general obligations to compensate for damage caused by infringement of statutory or contractual obligations.