GDPR

The General Data Protection Regulation (GDPR) is a central set of rules for the protection of personal data within the European Union (EU). Since it came into force on 25 May 2018, it has set essential standards for the processing of such data by companies, organizations and public bodies.

The GDPR aims to give individuals more control over their personal data while creating a consistent level of data protection across the EU. This includes data that can directly or indirectly identify an individual, such as names, photos, email addresses, bank details, posts on social networks, medical information or IP addresses.

• Data protection through technology design and data protection-friendly default settings (privacy by design and by default): Technologies must be designed in such a way that they take data protection into account from the outset. By default, only the data that is absolutely necessary for the respective purpose should be collected.
• Right of access: Data subjects have the right to be informed by the data processor whether and what personal data is stored about them.
• Right to be forgotten: In certain circumstances, individuals can request the erasure of their data.
• Data portability: This allows individuals to transfer their data from one service provider to another in a commonly used format.

The GDPR applies to all companies and organizations that process the personal data of individuals in the EU, regardless of whether the processing takes place in the EU or not. This means that the GDPR is also relevant for many companies outside the EU.

Implementing the GDPR is a challenge for many companies, particularly with regard to documenting data processing activities, ensuring data security and obtaining valid consent for data processing.

What is personal data under the GDPR?

Personal data is any information relating to an identified or identifiable natural person.

What is data processing under the GDPR?

Data processing includes any operation or set of operations which is performed on personal data, whether or not by automated means.

What is a Data Protection Officer (DPO)?

A DPO is a person appointed by the data controller to monitor compliance with the GDPR.

What are the penalties for breaches of the GDPR?

Violations can result in fines of up to €20 million or up to 4% of the company's global annual turnover, whichever is higher.

How does the GDPR affect international data transfers?

The GDPR imposes strict conditions on the transfer of personal data to countries outside the EU to ensure that the level of data protection is maintained.