GDRP = DSGVO (Datenschutz Grundverordnung)

DSGVO is effective since 2018

Goal

It shall protect the people living in the EU.

person related data

The definition of „personenbezogenen Daten“ in GDPR is very broad. It means all information referencing to an identifiable person. The identifiable person can be an employee, customer or thirdparty. For example: data about looking of a person, its opinions or its working start and end infos.

Examples of data giving conclusion about an identity of a person:

  • Name
  • Birthdate
  • Gender
  • Address
  • Phonenumbers
  • email
  • CV
  • Policynumber
  • Bankinginfos
  • Creditcard number
  • IP Address

The difference is that the processing of this data is forbidden, except the person excplicitly allowed it.

  • rassische oder ethnische Herkunft
  • politische Meinung
  • religiöse oder weltanschauliche Überzeugungen
  • Gewerkschaftszugehörigkeit
  • genetische oder biometrische Daten
  • Gesundheitsdaten
  • Daten zum Sexualleben oder sexuellen Orientierung
  • Vorstrafen und Massnahmen Sozialhilfe (nur Schweiz)

Profiling

This is about analysing data of a person to project the future or to make decisions.

Fines

Violations can be fined up to 20Mio Euro or 4% of worldwide yearly turnover (It takes the bigger of them).

important things

  • It needs to be as easy to opt-out of something as to opt-in.

Communications of violation

Communication to Datenschutzbehörde after the realization of a data protection violation: 72 hours

Updated: