anonym.legal

By · Last updated 2026-06-05

返回博客GDPR 与合规

捷克出生编号:性别编码与GDPR合规

捷克出生编号(rodné číslo)通过月份加50的方式编码性别,属于GDPR第9条特殊类别数据。67%的捷克企业使用德语工具处理此类数据,存在合规盲区。

June 5, 20267 分钟阅读
Czech ÚOOÚrodné číslo detectionCzech GDPR compliancemanufacturing data protectionCentral Europe

ÚOOÚ与Rodné Číslo:GDPR框架下的性别编码问题

2026年更新版

捷克数据保护机构为ÚOOÚ,全称Úřad pro ochranu osobních údajů(个人数据保护局)。该机构2024年共发布58项裁决。其中一项发现反复出现:出生编号(rodné číslo)在处理过程中未被识别。所用的个人信息工具是为德语或英语设计的,不包含此类标识符的识别逻辑。ÚOOÚ态度明确:工具必须具备校验码验证和正确性别偏移处理能力,方可识别出生编号。

Rodné Číslo:结构上的特殊类别数据

出生编号(简称RČ)采用RRMMDD/XXXX格式。

  • RR — 出生年份后两位。
  • MM — 出生月份。女性加50。1月变为51,12月变为62。
  • DD — 出生日期。
  • XXXX — 3至4位数字序列加一位校验值(模11运算)。

女性月份偏移使该编号成为生理性别的标记,并非偶然设计,民事登记系统以此进行行政查询。GDPR第9条涵盖揭示个人特征的数据,性别是其中之一。ÚOOÚ的立场是:任何含有出生编号的文件均携带近似特殊类别的数据,须适用更严格的保护措施。

**校验值的计算方式:**1954年后签发的10位编号,完整9位基数必须能被11整除。1954年前签发的9位编号不含校验值。工具必须同时支持两种格式。

ÚOOÚ对充分检测的要求

ÚOOÚ 2024年个人信息工具技术指引提出三项要求。

**性别偏移处理:**月份值在51至62之间的编号对应女性的合法标识符。若工具将这些值视为无效日期,则会漏检约半数成年女性的主要证件号码。

**格式变体:**1954年前出生者使用无校验值的9位编号,1954年后出生者使用含校验值的10位编号。两种格式均需支持。

**上下文信号:**在捷克语文件中,该标识符通常出现在「Rodné číslo:」「RČ:」或「r.č.:」等标签附近。具备语言感知能力的命名实体识别(NER)有助于在自由格式文本中定位这些信号。

德国母公司工具的合规问题

调查显示,67%的捷克企业部署了以德语或英语为配置基础的个人信息工具。制造业的合规失效链条可预见如下:

德国母公司部署扫描工具,以德国标识符为基础进行配置。人力资源数据——合同、健康记录、薪资——包含出生编号。工具不具备此类标识符的识别逻辑,所有出生编号均被漏检。员工健康和薪资数据在未受ÚOOÚ要求管控的情况下流转。一旦审计或数据泄露,本地企业无法依据GDPR第32条证明其采取了「适当技术措施」。

ÚOOÚ追究本地数据控制者的责任。「工具由母公司选定」不构成有效抗辩,GDPR的问责规则不允许此类推脱。

制造业企业合规清单

以下管控措施适用于使用德国母公司工具的工业企业。

  • **出生编号检测:**同时支持9位和10位格式,处理月份性别偏移(加50),对10位变体进行模11校验。
  • **捷克语NER:**使用spaCy的cs_core_news或同等模型。通用工具的捷克语NER准确率低约23%,本地模型可弥补差距。
  • **公民证号码检测:**市民证(občanský průkaz)为9位编号,常与出生编号共同出现在多种文件中。
  • **IČO和DIČ:**企业编号和税号出现在合同中,均需纳入检测范围。
  • **多语言流水线:**混合环境中同时存在捷克语、德语和英语文件。单语言流水线会漏检跨语言共现情况。

ÚOOÚ的执法具有一致性。能在审计中提供技术证据的企业面临的罚款金额远低于无法提供证据的企业。

关于国家税务标识符如何造成GDPR合规风险的更多信息,请参阅欧盟国家税务ID检测指南

关于类似的北欧标识符,请参阅丹麦Datatilsynet CPR技术指南

参考来源

相关文章

GDPR 与合规

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR 与合规

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR 与合规

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.