GDPR: EU General Data Protection Regulation - you have to consider that
Related Videos: GDPR explained: How the new data protection act could change your life (May 2024).
On May 25, 2018, the GDPR is said to have been officially implemented by companies, photographers and other affected parties. We explain the most important things you need to consider in this article.
GDPR: EU General Data Protection Regulation - you have to consider that
With the GDPR there are a lot of changes that you as a website operator have to implement.
- On the one hand, according to the EU GDPR, it is no longer possible to set cookies without first asking the visitor of the website for consent. This means that when the homepage is called up, you have to ask whether cookies may be set, and if the visitor refuses to do so, they may also use the page completely without cookies. Accordingly, no cookies may be set if the visitor has not yet decided.
- Furthermore, the user of the website must be able to view all data stored about him at any time. In addition, there must be a way to delete all data that is about the user.
- According to Article 7 and Article 8 of the GDPR, consent must be given by the user (who must be at least 16 years old) to be able to process data. Otherwise you need parental consent.
- According to Article 32, it is also important that the data is protected in the best possible way.
- Since the GDPR, there has also been the "right to rectification", which means that users of a social network, for example, must be able to change their names if they are incorrectly stored.
- If data is collected directly from the data subject, the data subject must provide the name and contact details of the person responsible, the contact details of the data protection officer, the purpose of the data processing, the legal basis for the data processing, the presentation of the interests of the data processing, the recipients of the data and information on data transmission to third countries Article 13, paragraph 1 of the GDPR must be informed immediately.
- According to Article 13, Paragraph 2 of the GDPR, information about the duration of data storage, information about the rights of the user, a notice of revocation and information as to whether data processing is contractually required must be available.
- Pseudonymization and encryption of the data should also be guaranteed.
- In addition, a data protection officer should also be appointed when processing sensitive data. Even if no sensitive data is processed, a person must be determined according to §38 BDSG if more than 10 people are involved in data management.
- As far as the data protection declaration is concerned, the data processing steps must be described in detail according to the GDPR. Vague formulations are no longer permitted.
In the next article, you will learn what a lawyer costs in a lawsuit.