WHAT IS DATA PROTECTION?

Enterprises that process personal data must comply with data protection requirements. Data protection law exclusively protects personal data. It is all information relating to an identified or identifiable natural person. The definition is to be interpreted in the broad manner. For example, all storage or processing methods shall be covered.

THE AMOUNT OF DATA

Natural persons voluntarily disclose their personal information to banks, insurance companies, hospitals or commercial companies. As a rule, the disclosed data are subsequently used by the controller for management of the business processes with the data subject or in other legitimate interests. Therefore, organizations usually have an enormous amount of data. In addition, the storage capacities of modern IT infrastructures are almost unlimited.

THE RIGHTS OF THE DATA SUBJECT

If the controller processes personal data, the data subject has, inter alia, right of access. He or she may contact the controller with the request for provision of information. In this case the data protection officer of the controller should be able to provide relevant information. Thus, IT systems must allow this.

A data protection officer is responsible for monitoring compliance with data protection requirements and ensures that the rights of the data subjects are safeguarded. The German Association for Data Protection helps you to design individual solutions in order to ensure the subsequent handling of the rights of the data subjects.

THE DATA PROTECTION OFFICER

KEY POINTS OF THE DATA PROTECTION STANDARDS

Compliance

Processing of personal data only in compliance with legal requirements

Erasure

The data subjects have a right to demand the erasure of the personal data concerning them.

Access

The data subjects have a right of access to the personal data.

Objection

The data subject may object to the use of personal data.

IT IS WITHIN OUR POWER

Data protection has become increasingly important in recent decades. The General Data Protection Regulation (the GDPR) enters into force from 25 May 2018. In the meantime, the different data protection regulations of the Member States continue to apply. The General Regulation contains, on the other hand, opening clauses which enable the Member States to adopt additional provisions.

The processing of personal data and the related responsibility at the union level are regulated by the GDPR. Therefore, any processing of personal data as of May 25, 2018 is only permitted on the condition of the strict observance of the requirementsof the General Regulation. The German Association for Data Protection is glad to help you implement the requirements of the GDPR.

The General Data Protection Regulation