Setup Menus in Admin Panel

Material scope of application of the GDPR

You already know that the GDPR applies as soon as personal data of natural persons are processed. The term processing is interpreted quite broadly.

Definition

According to the GDPR, you “process” personal data as soon as you collect, record, organize, arrange, store, adapt, change, read out, query, use, disclose, compare, link, restrict, delete or destroy it by transmission, processing or any other form of provision.

In this context, it does not matter whether such processing is wholly or partially automated. The GDPR may even apply to non-automatic processing of personal data (e.g. in paper form). This is the case if the data is stored or is to be stored in a structured file system.

Are you wondering what is considered a file system by the GDPR? In accordance with the GDPR any collection of personal data organized according to certain criteria already represents a file system.

Example

The scope of application of the GDPR includes, for example, questionnaires, catei cards or files which are sorted according to the names of persons.

Whereas a bunch of disordered notepads with personal data is only recorded by the GDPR if it is intended to be filed in a structured manner at some point.

The background to these regulations is to ensure that the level of protection should not depend on the data processing techniques used.

If you are considering whether your private notepad with the phone numbers of friends and family is subject to the GDPR – don’t worry. The data protection law does not apply in areas of data processing within the scope of exclusively personal or family activities, nor does it come into force in certain special cases such as activities in the field of national security.

As you already know, the GDPR deals with the protection of personal data. But what exactly does personal data stand for?

Definition

Personal data is any information relating to an identified or identifiable natural person (“data subject”).

If you take a look at the following examples, you will quickly notice that in practical terms personal data simply covers anything that in any way allows a reference to a natural person.

Example

Examples of personal data:

  • a name
  • family status
  • date of birth and age
  • a home adress, a telephone number, an email address

account or credit card number

However, it makes a big difference under data protection law whether it’s about protecting your e-mail address or your medical history, for example. So-called sensitive data receive increased protection.

Definition

Sensitive data is a special category of personal data that reveals

  • racial and ethnic origin,
  • political opinion,
  • religious or philosophical beliefs or
  • union membership.

 

This also includes the processing of genetic or biometric data or data on the health or sexual life of a natural person.

Example

Examples of sensitive data are medical records, fingerprints and iris scans or religious credentials.

SEE ALL Add a note
YOU
Add your Comment