anonym.legal

By · Last updated 2026-05-18

Atpakaļ uz BloguGDPR un Atbilstība

[LV: Translation Needed] ÚOOÚ Czech Republic...

[LV: Translation Needed] Czech rodné číslo encodes gender via 50-offset month encoding — making it GDPR Article 9 special category data.

May 18, 20267 min lasīšanai
Czech ÚOOÚrodné číslo detectionCzech GDPR compliancemanufacturing data protectionCentral Europe

[LV: Translation Needed]

The Czech Úřad pro ochranu osobních údajů (ÚOOÚ) issued 58 enforcement decisions in 2024. One finding appears in multiple cases: the rodné číslo (birth number) was processed without detection because the deployed PII tool was configured for German or English language, missing Czech-specific identifier logic. ÚOOÚ's guidance is clear — tools must implement rodné číslo detection with checksum validation and correct handling of gender encoding.

Rodné Číslo: Special Category Data by Structure

The rodné číslo (abbreviated RČ) format: RRMMDD/XXXX where:

  • RR = last two digits of birth year
  • MM = birth month (women: 50 added — month 01 becomes 51, month 12 becomes 62)
  • DD = birth day
  • XXXX = sequential number (3-4 digits) + check digit (modulus 11)

The women's month encoding (MM + 50) makes rodné číslo a structural indicator of biological sex. This is not incidental — the Czech civil registration system deliberately embeds gender in the number for administrative lookup purposes. GDPR Article 9 covers data "revealing" natural persons' characteristics — sex being one. ÚOOÚ's interpretation: any document containing rodné číslo is de facto containing special category-adjacent data requiring heightened protection.

Check digit: For rodné číslo with 10 digits (issued after 1954), the check digit makes the entire 9-digit number divisible by 11. For 9-digit numbers (before 1954), no check digit is applied. Tools must handle both variants.

ÚOOÚ's Technical Guidance: What "Adequate Detection" Means

ÚOOÚ's 2024 technical guidance for Czech PII tools specifies:

Gender-offset handling: Tools must correctly identify rodné číslo numbers with month values 51-62 (women's encoding) as valid RČ, not misparse them as invalid dates. The majority of Czech adult female citizens have rodné čísla with month values 51-62 — tools that reject these as "invalid date format" miss approximately half of the female Czech population's primary identifier.

9-digit vs. 10-digit: Pre-1954 births use 9-digit rodné čísla without check digit. Post-1954 use 10-digit with check digit. Tools must support both formats.

Context detection: In Czech language documents, rodné číslo typically appears in one of several contexts: "Rodné číslo:", "RČ:", "r.č.:", or embedded in forms. Czech-language NER helps identify these contexts even when the document is not explicitly structured.

Czech Manufacturing Context: The German Parent Company Configuration

67% of Czech enterprises deploy German or English-configured PII tools — documented in ÚOOÚ's survey. The failure mode in Czech manufacturing:

  1. German parent company deploys SAP-integrated PII scanning tool configured for German identifiers
  2. Czech HR data (employment contracts, health records, payroll) contains rodné čísla
  3. German tool does not implement rodné číslo logic — misses all Czech employee birth numbers
  4. Czech employee health and salary data is processed without the identifier-level protection ÚOOÚ requires
  5. In case of data breach or ÚOOÚ audit, the Czech subsidiary cannot demonstrate "appropriate technical measures" under GDPR Article 32

ÚOOÚ holds the Czech controller (the local subsidiary) responsible — not the German tool vendor. The defense that "our parent company selected this tool" does not satisfy GDPR's accountability requirement.

Czech Manufacturing Compliance Checklist

For Czech manufacturing and industrial organizations with German parent company tools:

  • Rodné číslo detection: Both 9-digit and 10-digit formats, with gender-offset month handling (50+), with modulus-11 check digit for 10-digit variants
  • Czech-language NER: spaCy cs_core_news or equivalent — 23% lower accuracy than German for generic tools; Czech-specific models close this gap
  • Číslo OP (občanský průkaz): 9-character national ID card number detection
  • IČO/DIČ: Business identification and tax registration numbers in contracts
  • Multi-language pipeline: Czech + German + English processing for mixed-language manufacturing document environments

ÚOOÚ's enforcement pattern shows that Czech manufacturing organizations that can demonstrate these capabilities in response to an audit questionnaire — with technical evidence, not just policy statements — receive significantly lower penalty exposure than those that cannot.

Sources:

Saistītie Raksti

GDPR un Atbilstība

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR un Atbilstība

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR un Atbilstība

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

Vai esat gatavi aizsargāt savus datus?

Sāciet PII anonimizāciju ar 285+ entitāšu veidiem 48 valodās.

Sākt Bezmaksas IzmēģinājumuSkatīt Funkcijas

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.