The term data protection refers to the protection of people against the misuse of their personal data.
The protection of personal data of natural persons is also the main objective of the European General Data Protection Regulation (GDPR). Since 25 May 2018, the GDPR has applied directly in every member state of the EU and national data protection regulations are only of a supplementary nature.
In addition to new definitions, the GDPR entails an extension of data subjects’ rights, an increase in data processing obligations and stricter penalties for data protection violations. The implementation of the GDPR is monitored by independent supervisory authorities in each Member State.
The objective scope of application of the GDPR is limited to the processing of data with personal reference. The GDPR applies not only to data processed automatically, but also to data processed manually, insofar as this data is (or is to be) stored in a file system.
According to the GDPR, personal data is all information relating to an identified or identifiable natural person. So-called sensitive data such as data on health status or religious or political orientation are treated as special data categories. In addition to the consent of the data subject, there are other conditions for the lawful processing of non-sensitive data as well. The processing of sensitive data is only permitted in exceptional cases.
A valid declaration of consent must be made voluntarily, for the specific processing purpose and in an informed and unambiguous manner and can be revoked at any time.
The principles for GDPR-compliant data processing are legality and transparency, purpose limitation, data minimization and correctness, storage limitation, integrity and confidentiality.
As soon as personal data are to be processed, the data subject must be informed of certain aspects of the data processing. The information must be provided to data subjects in a transparent and easily accessible form, in clear and simple language and free of charge.
The GDPR requires data protection through default settings (privacy by default) and data protection-friendly technology design (privacy by desgin).
In the case of a data breach, the data controller is obliged to notify the data protection authority within 72 hours if a risk to the rights and freedoms of the data subjects cannot be excluded.
The rights of the data subjects have been strengthened within the framework of the GDPR. So, requests for access, rectification, erasure, data portability or objection to the processing must be given attention. Only the data controller is responsible and authorized to answer data protection requests and to deal with data protection concerns of data subjects, However, the data processors have a so-called support obligation.
In order to protect data sufficiently, a data protection concept and the involvement of trained personnel are necessary. Based on this, various measures can be taken to prevent breaches of data protection laws and their serious consequences.
The term data protection refers to the protection of people against the misuse of their personal data.
The protection of personal data of natural persons is also the main objective of the European General Data Protection Regulation (GDPR). Since 25 May 2018, the GDPR has applied directly in every member state of the EU and national data protection regulations are only of a supplementary nature.
In addition to new definitions, the GDPR entails an extension of data subjects’ rights, an increase in data processing obligations and stricter penalties for data protection violations. The implementation of the GDPR is monitored by independent supervisory authorities in each Member State.
The objective scope of application of the GDPR is limited to the processing of data with personal reference. The GDPR applies not only to data processed automatically, but also to data processed manually, insofar as this data is (or is to be) stored in a file system.
According to the GDPR, personal data is all information relating to an identified or identifiable natural person. So-called sensitive data such as data on health status or religious or political orientation are treated as special data categories. In addition to the consent of the data subject, there are other conditions for the lawful processing of non-sensitive data as well. The processing of sensitive data is only permitted in exceptional cases.
A valid declaration of consent must be made voluntarily, for the specific processing purpose and in an informed and unambiguous manner and can be revoked at any time.
The principles for GDPR-compliant data processing are legality and transparency, purpose limitation, data minimization and correctness, storage limitation, integrity and confidentiality.
As soon as personal data are to be processed, the data subject must be informed of certain aspects of the data processing. The information must be provided to data subjects in a transparent and easily accessible form, in clear and simple language and free of charge.
The GDPR requires data protection through default settings (privacy by default) and data protection-friendly technology design (privacy by desgin).
In the case of a data breach, the data controller is obliged to notify the data protection authority within 72 hours if a risk to the rights and freedoms of the data subjects cannot be excluded.
The rights of the data subjects have been strengthened within the framework of the GDPR. So, requests for access, rectification, erasure, data portability or objection to the processing must be given attention. Only the data controller is responsible and authorized to answer data protection requests and to deal with data protection concerns of data subjects, However, the data processors have a so-called support obligation.
In order to protect data sufficiently, a data protection concept and the involvement of trained personnel are necessary. Based on this, various measures can be taken to prevent breaches of data protection laws and their serious consequences.