IT management

GDPR – Definition and meaning

3 min read 876 views

What is GDPR? Find out what the General Data Protection Regulation (GDPR) is and how it regulates the protection of personal data in the EU. Find out what effects

What is the GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation that governs the protection of personal data and privacy within the EU and the European Economic Area. It came into force on 25 May 2018 and represents a uniform regulation on the handling of personal data.

Important aspects of the GDPR

The GDPR has several key objectives and principles that are important for companies and organisations that handle personal data:

Consent: Companies must obtain the consent of users before processing their personal data.
Right of access: Data subjects have the right to request information about the processing of their data.
Right to be forgotten: Users can request the deletion of their personal data, provided there are no legal retention obligations to the contrary.
Data minimisation: Only the data that is necessary for the stated purpose may be collected and processed.
Transparency: Communication with users about the handling of their data must be clear and understandable.

Key terms of the GDPR

To better understand the GDPR, it is helpful to know some key terms:

Personal data: Any information relating to an identified or identifiable naturalperson.
Processing: Any operation relating to personal data, be it collection, storage, modification or deletion
Third country: Countries outside the EU to which personal data may be transferred, provided that appropriate data protection standards are guaranteed there.

Requirements for companies

The GDPR places high demands on companies that process personal data. Here are some of the key obligations:

Documentation: companies must document all processing activities and make them transparent.
Data protection impact assessment: Companies must carry out a risk analysis for certain data processing activities.
Data protection officer: Certain companies are obliged to appoint a data protection officer to monitor compliance with the GDPR.

Penalties for infringements

Violations of the GDPR can have significant financial consequences. The authorities can impose fines of up to €20 million or up to 4% of total global annual turnover, whichever is higher.

Illustrative example on the topic: GDPR

Imagine an online retailer wants to send out a newsletter. According to the GDPR, it must clearly communicate to users how their data will be used before they enter their email address. This includes stating how often the emails are sent, what content they contain and that users have the option to unsubscribe at any time. If the retailer does not provide this information, they could be held responsible by the relevant data protection authorities and face heavy fines.

Conclusion

The GDPR is a fundamental law for the protection of personal data in the EU. It ensures that companies handle users' data transparently and that their rights are respected. To find out more about other topics relating to data processing, please also visit our articles on cybersecurity and data mining.

Frequently asked questions

What are the main objectives of the GDPR?

The General Data Protection Regulation (GDPR) pursues several main objectives to ensure the protection of personal data in the EU. These include strengthening the rights of data subjects, such as the right of access and the right to erasure, as well as promoting transparency and accountability in data processing. Companies must ensure that they only collect and process the necessary data and they must obtain the consent of users. These goals are intended to increase trust in digital services and strengthen data protection in today's data-driven world.

What rights do users have under the GDPR?

According to the GDPR, users have several rights that protect their data protection and privacy. These include the right of access, which enables them to obtain information about the processing of their personal data. In addition, they have the right to rectification, erasure and restriction of processing of their data. Users can also exercise the right to data portability to transfer their data to another provider. These rights are crucial to give users control over their personal information and to ensure that their data is handled responsibly.

How can companies comply with the GDPR?

Companies can comply with the GDPR by creating clear data protection guidelines and ensuring that all employees are trained accordingly. This includes documenting all processing activities and carrying out data protection impact assessments where necessary. They must also ensure that they obtain user consent before processing personal data. The appointment of a data protection officer is also necessary for many companies in order to monitor compliance with the GDPR and act as a point of contact for data protection issues. These measures help to minimise the risk of breaches.

What are the consequences of violating the GDPR?

Violations of the GDPR can have serious financial and legal consequences for companies. Data protection authorities can impose fines of up to €20 million or 4% of total global annual turnover, whichever is higher. In addition, companies can expect a loss of reputation as customer trust in the handling of their data is affected. Such breaches can also lead to legal action by data subjects, requiring additional costs and resources to deal with the legal challenges.

What is the difference between personal data and anonymised data under the GDPR?

Personal data is any information relating to an identified or identifiable natural person, such as name, address or email address. Anonymised data, on the other hand, is information that has been processed in such a way that the data subject can no longer be identified and is therefore no longer subject to the provisions of the GDPR. The main difference is that personal data is subject to strict data protection requirements, while anonymised data is no longer considered as such and is therefore less regulated. When processing data, companies should always pay attention to whether the data collected is considered personal data.

Name	`PHPSESSID`
Description	Stores the user's current session ID.
Host	jobriver.de
Lifetime	Session
Type	HTTP

Name	`jobriver_consent`
Description	Stores your cookie consent decision.
Host	jobriver.de
Lifetime	365 days
Type	HTTP

Name	`jr_lang`
Description	Stores the selected language so the site is shown in your preferred language.
Host	jobriver.de
Lifetime	365 days
Type	HTTP

Provider	Website operator (first party)
Privacy policy	https://jobriver.de/en/privacy

Name	`_ga`
Description	Used to distinguish individual users.
Host	jobriver.de
Lifetime	2 years
Purpose	Tracking
Type	HTTP

Provider	Google
Description	Google LLC, the parent company of all Google services, is a technology company that offers various services and is engaged in developing hardware and software.
Address	Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy	business.safety.google/privacy
Cookie policy	policies.google.com/technologies/cookies

Name	`_fbp`
Description	Used by Meta to display a range of advertising products, e. g. real-time bidding from third-party advertisers.
Host	jobriver.de
Lifetime	3 months
Purpose	Marketing
Type	HTTP

Name	`_fbc`
Description	Stores the last click identifier from Facebook ads (click ID).
Host	jobriver.de
Lifetime	3 months
Purpose	Marketing
Type	HTTP

Provider	Meta Platforms
Description	Meta Platforms, Inc. (formerly Facebook, Inc.) is a technology company that operates social networks, messaging services and advertising technologies.
Address	4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy	facebook.com/privacy/policy
Cookie policy	facebook.com/privacy/policies/cookies