EU GDPR – General Data Protection Regulation

What is the EU GDPR?

In December 2015, after lengthy negotiations, the first European General Data Protection Regulation was created and thus a common concept of the European Union that applies equally to all member States. Until then, national legislation on data protection was based on the so-called EU Data Protection Directives of 1995. Although these were also unified, they were more a guidline than a regulation. As a result, there were considerable differences at the international level, which particularly made trade and online life between various countries difficult. At the same time, the US Privacy Shild Agreement of 2016 is considered to be nearly compliant in terms of data transmission, storage and processing. In addition, the EU member states are still being granted opening clauses that allow the national legislators their own regulations. However, the differences have been minimized. Since 25 May 2018, the EU GDPR, together with the JHA Directive (Justice and Home Affairs Council configuration), form the common data protection framework of the European Union.

Basically, the GDPR deals with the framework conditions for the processing of personal data, both by private companies and by public institutions. On the one hand, the protection of EU citizens’ rights is to be ensured, on the other hand, the free movement of data within the European Economic Area. Even if companies based outside the EU process personal data within the EU or EU citizens, these processes are subject to the GDPR. In the event of a violation, warnings and enormous fines are threatened.

What you as a user of web offers need to know:

• Abbreviations: DSGVO is the German abbreviation for Datenschutzgrundverordnung. In the English GDPR, in the French RGPD. BDSG stands for Bundesdatenschutzgesetz, the German version, which is in addition currently in appropriate revision.
• Many of the privacy principles remain in place. For example earmarking, data minimization and transparency.
• Children and young people under the age of 16 are given special protection.
• Your data as an EU citizen may be processed by all companies and institutions nationally as well as internationally only in accordance with the GDPR. This also applies to further processing by third parties and this may only be done for compatible purposes.
• The requirements for informed, voluntary consent have been gradually increased. This means that users must clearly take an action to confirm their consent. Usually this is solved by clicking on boxes or fields or by specific entries like “I agree”.
• In parallel, the requirements for the revocation of consent were reduced for the person affected. In other words, users must be able to withdraw their consent at any time without stating any reasons. This is also called opt-out function. Such a function must be implemented in every newsletter, for example.
• In addition, users can view, change and delete the data processed about them at any time.
• In future, companies must to provide their customers/users with detailed information on the extent to which the data is processed, by which third-party providers and for what purpose.

In addition to all these innovations, many, many more will apply from now on. Article 5 GDPR is also mentioned particularly frequently. It lays down the principles for the processing of personal data: legality, good faith, transparency, earmarking, data minimization, accuracy, storage limitation, integrity and confidentiality, accountability.

And precisely these guiding themes are the basis for a competent cooperation between providers and users. Therefore, seven has committed itself to data protection right from the start and will implement appropriate solutions with the new EU GDPR.

Do you have questions, suggestions or special requests for the implementation of the GDPR? We are looking forward to your message.