Natural persons voluntarily disclose their personal information to banks, insurance companies, hospitals or commercial companies. As a rule, the disclosed data are subsequently used by the controller for management of the business processes with the data subject or in other legitimate interests. Therefore, organizations usually have an enormous amount of data. In addition, the storage capacities of modern IT infrastructures are almost unlimited.
Enterprises that process personal data must comply with data protection requirements. Data protection law exclusively protects personal data. It is all information relating to an identified or identifiable natural person. The definition is to be interpreted in the broad manner. For example, all storage or processing methods shall be covered.
If the controller processes personal data, the data subject has, inter alia, right of access. He or she may contact the controller with the request for provision of information. In this case the data protection officer of the controller should be able to provide relevant information. Thus, IT systems must allow this.
A data protection officer is responsible for monitoring compliance with data protection requirements and ensures that the rights of the data subjects are safeguarded. The German Association for Data Protection helps you to design individual solutions in order to ensure the subsequent handling of the rights of the data subjects.
Key Points of the Data Protection Standards
Processing of personal data only in compliance with legal requirements
The data subjects have a right to demand the erasure of the personal data concerning them.
The data subjects have a right of access to the personal data.
The data subject may object to the use of personal data.
Data protection has become increasingly important in recent decades. The General Data Protection Regulation (the GDPR) enters into force from 25 May 2018. In the meantime, the different data protection regulations of the Member States continue to apply. The General Regulation contains, on the other hand, opening clauses which enable the Member States to adopt additional provisions.
The processing of personal data and the related responsibility at the union level are regulated by the GDPR. Therefore, any processing of personal data as of May 25, 2018 is only permitted on the condition of the strict observance of the requirementsof the General Regulation. The German Association for Data Protection is glad to help you implement the requirements of the GDPR.