FAQ – GDPR
Basic data protection regulation
Since 2018, the Basic Data Protection Regulation (abbreviated GDPR) has been one of the basic principles for website operators at companies, authorities and businesses of all kinds within the European Union when it comes to the topic of “protection of personal data”. It affects all companies that have their headquarters in the EU. The background for the regulations within the basic data protection regulation is the standardization of the rules for the protection of important data.
History of the Basic Data Protection Regulation
As early as the 1970s of the last millennium, the first approaches to data protection in the then European Community were pursued. In the mid-1990s, a uniform approach was then adopted for the first time. However, implementation was the responsibility of each member state and they followed different approaches, so that no uniform regulation was achieved. Furthermore, the worldwide use of the Internet in its current dimensions was not yet foreseeable.
Where can violations of the GDPR be reported?
Each country has its own contact point for reporting violations of the basic data protection regulation. It does not matter in which EU country the GDPR has been violated. This makes it easier for companies to communicate when a violation has become known. They then only need to communicate with one authority.
Documentation in accordance with the basic data protection regulation
Companies with more than 250 employees must keep a documentation of all data in the form of a procedure directory. This contains all processed data that is collected on a person and the reason for the collection. The transmission of this data must also be documented. Furthermore, all companies that regularly collect personal data must also keep a register of procedures. This applies to all online traders and many small companies, practices and law firms.
Which data is personal?
Among other things, the GDPR issues the name, address, e-mail address, telephone numbers, date of birth, bank or credit card data, vehicle registration number and location-related data (IP addresses, cookies, etc.) as personal data. However, there is also a whole range of other data which, according to the GDPR, are covered by the regulation. To some extent, these are also a matter of interpretation and therefore one should keep an eye on the latest judgements on the GDPR.
Which companies need a data protection officer?
The introduction of the GDPR has the consequence that some companies are obliged to employ a data protection officer. All companies that have employed more than nine employees to process personal data are now obliged to employ a data protection officer. This can work in the company, but this is not mandatory. External experts can also be called upon. Also affected are companies that regularly evaluate and further process data using analysis tools.
Sources and judgements
Location
WSO International
Grevenbroicher road 45
50829 Cologne Germany
Phone: +49 221/29884152
e-mail: info@web-seo-online.com