What is the General Data Protection Regulation?

The General Data Protection Regulation (GDPR) is a regulation of the European Union. The GDPR is a standardization of data protection in Europe. It regulates how data and especially personal data may be collected and/or processed by companies, associations, public authorities and private individuals. On the one hand, this is intended to give citizens better control over their data and, on the other hand, to ensure the free movement of data within the European Single Market.

Principles of the GDPR:

Art. 5 of the GDPR sets out the various basic principles for data processing. These regulate how the storage and processing of data can take place in accordance with the law.

  • Lawfulness of processing
    A legal basis is a prerequisite for any data processing.
  • Purpose limitation
    When collecting data, the purpose for the collection must be defined and communicated to the data subject. It must be legitimate and unambiguous and may not be used for any other purpose. The data subject must be informed of any subsequent changes. In addition, the data subject is given a right of objection with the change, if applicable.
  • Data minimization
    Only the data that is actually necessary to achieve the purpose should be collected. This means that for a reservation in a restaurant, the date of birth or marital status need not be requested.
  • Accuracy
    All data must be factually correct and always up to date. This means that all outdated data must be deleted or modified immediately.
  • Storage limitation
    Data may only be stored as long as it is necessary to achieve the purpose.
  • Integrity and confidentiality
    The collected data must be adequately protected against unauthorized or unauthorized processing, but especially against disclosure to unauthorized third parties or accidental loss. The appropriate technical and organizational measures must be introduced for this purpose.
  • Accountability
    The controller who collects the data is responsible for compliance with the above points and must also be able to demonstrate this to the supervisory authorities.

Objectives of the GDPR:

The objective of the GDPR is to protect the fundamental rights and freedoms of a natural person and in particular their right to protection of personal data. Everyone should be able to make informed decisions about what happens to their data. 

What is the threat of a breach of the GDPR?

Failure to comply with the data protection principles can have unpleasant consequences. Violations of the personal data processing principles may result in a fine of up to €20,000,000 or, in the case of a company, up to 4% of its total annual worldwide turnover in the previous financial year, as well as action by the supervisory authority (Article 83(5)(a) GDPR).

Image credits: Header- & Featured image by Wilfried Pohnke on Pixabay