What are internet privacy disadvantages


Resources> Lexicon> GDPR

Definition: what does a data protection law like the GDPR say?

A data protection act ensures that personal data is handled sensitively and protected against data misuse. However, this is not only about data on the Internet, but also account data, personnel files and medical files. Since May 25, 2018, the General Data Protection Regulation (GDPR) has been binding for every EU member state and is to be applied directly in it. However, the individual countries have a certain amount of room for maneuver.

Why was the GDPR enacted?

The GDPR was created for the purpose of consistency. Previously there were national laws regarding data protection, which showed considerable differences in some aspects, now the European General Data Protection Regulation forms a uniform basis. This must be applied in all Member States. The aim is to give everyone the same right to data protection. With regard to the processing of data, principles such as transparency, purpose limitation, data minimization, confidentiality and accountability should be given priority in the companies concerned.

What is regulated by the GDPR?

The most relevant contents of the General Data Protection Regulation include employee data protection, which concerns employee data, obligations for companies, international data transfers abroad, video surveillance, order processing, data protection provisions for websites and the processing of personal data, with additional regulations for children and adolescents.

What happens in the event of a violation of the GDPR?

Compliance with the law is monitored by supervisory authorities. In the first instance, use is made of warnings. If the provisions of the GDPR are violated again, high regulations on fines will apply. Depending on the extent of the transfer, penalties are imposed, with a maximum fine of 20 million euros. This amount of money will be changed if 4% of the company's worldwide sales exceed the penalty, because then this amount will be used and offset.

What are the pros and cons of the GDPR?

  • Standardization of the data protection level
  • Data processing only with consent
  • Greater data security
  • Fines Higher
  • Deletion of personal data can be arranged
  • Effort for companies
  • Small businesses are disadvantaged by strict guidelines
  • Minimizing efficiency through regulations

What has changed in Austria?

In Austria, the General Data Protection Regulation is supported by the Data Protection Adjustment Act and the Data Protection Deregulation Act. These supplementary laws are referred to as so-called opening clauses, which give the national legislature some leeway.

The most important changes include, for example, the simplification of the right to erasure. In this way, it is possible for a user or customer to have their data deleted. If this is not possible immediately, the use of this data must be restricted. Furthermore, data secrecy has been tightened. This stipulates that data that has been entrusted to a person due to their professional activity are kept secret and must be protected from any (unfounded) transmission. In addition, the data protection council in the Federal Chancellery was expanded to include members. This is responsible for commenting on and advising on data protection issues. A national data protection authority was also set up.

The entrepreneur or processor is given greater responsibility. For example, he must keep a record of processing activities. A data protection impact assessment must also be carried out. If this assessment shows a high risk, the supervisory authority must be consulted.

What changes have there been in Germany?

The Federal Data Protection Act (BDSG) previously applied in Germany. When the GDPR was introduced, the BDSG was renewed and now serves as a national opening clause.

The obligations of companies with regard to data protection have been strengthened. For example, a data protection breach with not inconsiderable consequences (even unintentional) must be reported after 72 hours at the latest. Furthermore, it is intended to take the protection of personal data into account as early as the development of processes. Subsequent changes would be unnecessary. Another new feature is that non-European companies that are active in the European market are also subject to the General Data Protection Regulation.

What changes for consumers is that they can voluntarily consent to any data processing and can revoke this consent at any time. The consumer can also insist that the personal data be deleted. The right to receive information about the purpose and duration of the data processing is granted.

Does the GDPR also affect Switzerland?

Switzerland is also, if only partially, affected by the introduction of the GDPR. Swiss companies that have a branch in the EU or process personal data of a person who is established in the EU must comply with the provisions of the GDPR.

Although there is already a Data Protection Act (DSG) in Switzerland, since the DSGVO is not applicable to some Swiss companies, the level of data protection of the national law had to be adjusted. The reason for this necessity is that the DSG has to be classified as appropriate by the EU Commission.

The additional effort for companies in Switzerland should not be underestimated, because the adjustments lead to a lot of need for action. For example, a record of processing activities must be kept and a data protection officer in the EU must be appointed.