The General Data Protection Regulation (GDPR) finally came into force in all member states of the EU on May 25, 2018. you regulates data protection law and standardizes legislation within the EU. The new EU regulation is intended to make companies' handling of personal data more transparent and secure for users. Companies are mainly faced with many new obligations.
Company view:
Anyone who stores and processes employee and customer data is now faced with more tasks. Anyone who does not comply with these must expect heavy fines. Personal data may only be collected for a previously defined purpose. The motto applies here as little as possible but as much as necessary.
This applies not only to large companies and online shops, but to every company that operates on the Internet and stores and processes customer data.
Personal data includes, for example:
- name
- address
- email address
- phone number
- birthday
- account details
- car number plates
- location data
- IP addresses
- cookies
In principle, more measures must be taken than before to implement data protection. For example, the declarations relating to the privacy policy or to Consent texts be made understandable. Companies are also now in a accountability: Individual processes must be documented in directories.
All of this serves to make the company's handling of data more transparent and secure for consumers. Instructions and checklists You can download them here.
User view:
Users come out as winners. They have more rights over your data than before. For users, it is more comprehensible what happens with their data, as companies can no longer hide behind legal clauses, but must disclose what happens with the data in accordance with the right to information.
On request, consumers can find out which companies store their data and what they do with it. In certain cases, users can exercise their right of deletion and object to data processing. Consumers also have the right to complete or correct their data.
Impacts:
After the last deadline to implement the GDPR, many companies have adopted a Warning wave feared. With a few exceptions, however, this has not been done so far. The current Federal Data Protection Act (BDSG) has been revised and, since the introduction of the GDPR, only applies in addition and only in areas that are compatible with the GDPR.
Only a certain amount of displeasure spread on the part of users, as the introduction of the General Data Protection Regulation and the signing of the many declarations of consent caused resentment among many.
The Data Protection Foundation collects information on the topic on its website and sees itself as a discussion platform on the subject of privacy.
