Art. 4 GDPR – Definitions

data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; ‘personal data breach’ means a breach of…

Data Protection Officer

…of data processing and the size of the company. The duties of a Data Protection Officer include: Working towards the compliance with all relevant data protection laws, monitoring specific processes, such as data protection impact assessments, increasing employee awareness for data protection and training them accordingly, as well as collaborating…

Art. 9 GDPR – Processing of special categories of personal data

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation…

Personal Data

The term ‘personal data’ is the entryway to the application of the General Data Protection Regulation (GDPR). Only if a processing of data concerns personal data, the General Data Protection Regulation applies. The term is defined in Art. 4 (1). Personal data are any information which are related to an…

Right to be Informed

…14 of the GDPR). Where data is obtained directly, the person must be immediately informed, meaning at the time the data is obtained. In terms of content, the controller’s obligation to inform includes his identity, the contact data of the Data Protection Officer (if available), the processing purposes and the…

Recital 68

1To further strengthen the control over his or her own data, where the processing of personal data is carried out by automated means, the data subject should also be allowed to receive personal data concerning him or her which he or she has provided to a controller in a structured,…

Third Countries

…generally applicable, or by certification of the data processing procedure. Furthermore, there are several exceptions, which legitimize data transfer to a third country, even if the protection of personal data cannot be sufficiently assured. Most frequently, the consent of the data subject is relevant here. At the same time, one…

Art. 6 GDPR – Lawfulness of processing

…link between the purposes for which the personal data have been collected and the purposes of the intended further processing; the context in which the personal data have been collected, in particular regarding the relationship between data subjects and the controller; the nature of the personal data, in particular whether…