At first sight, 25 May 2018 brought no revolution to Czech health care regarding data protection. The practice of the providers of health services related to medical records has already been aptly regulated by the Act on Health Services of 2011. Nevertheless, GDPR has caused several dilemmas, most importantly in the area of medical research and particularly biobanks. The paper focuses on selected questions related to GDPR compliance in Czech health care and medical research, outlining the answer to the question of what changed with GDPR and what it means to the relevant subjects.