DSGVO: Fast Facts EU Data Protection Basic Regulation
What is the EU-DSGVO?
The new EU data protection basic regulation comes into force on 25.05.2018 and standardizes data protection law within the EU. The aim is a uniform standard throughout Europe for the processing, storage and reproduction of personal data by private companies and public authorities.
Legal niches are to be completely prevented so that consumers and users have greater control over their data and can protect themselves from unauthorized use. Many regulations are based on the existing German Federal Data Protection Act (BDSG), but there are also some changes for Germany.
To whom does the EU-DSGVO apply?
To public bodies of the Federal Government and the Federal States as well as private companies that are active on the Internet or use personal data:
- all European companies
- Companies with a branch in the EU
- companies outside the EU that process data of EU citizens, e.g. Google or Facebook
What are personal data?
The legal definition is complicated and extensive. Basically, these include:
- Date of birth
- E-mail address
- Tax number
- Car license plate
- Bank account data
What are the important changes?
Active consent: Users must actively consent to data processing in writing. If there is no consent, processing is illegal.
Right to information: Users have the right to know which data has been processed and stored, for what purpose and for how long. Access to all stored data must be guaranteed. It must also be ensured that the data can be easily exchanged between two different service providers.
Right to deletion or “right to be forgotten”: Users have the right to demand the deletion and use of their data, which must be complied with immediately and without exception.
Accountability: Data controllers must ensure that data protection principles are observed. An account must be given of compliance with the principles of data protection law. Documented data protection management is therefore important for companies in order to exclude liability risks.
Legality of data processing (consents): In addition to the permission or consent of the data subject, oral, written and electronic consent is permitted. Consents of minors under 16 years of age (or under 13 years of age, depending on the provisions of national law) are only valid under the DSGVO if parents agree! For example, when registering for online services such as Facebook.
Higher fines: Fines of up to 4% of the total worldwide annual turnover or up to 20 million Euros are possible in case of violation.
Conclusion: For companies, it is important to check whether the necessary declarations of consent have been obtained from the persons concerned for all data – and whether the data serve to fulfill the purpose.
Sta*Ware GmbH attaches great importance to data protection. In accordance with the German Federal Data Protection Act (BDSG) and, in the future, the EU Data Protection Basic Regulation DSGVO, all regulations and rules for the processing, storage and reproduction of personal data are carefully checked and adhered to.