What does data protection mean for you

What are personal data?

The most important things about personal data in brief

  • According to European law and the Federal Data Protection Act (BDSG)personal data is all information that relates to a natural person or are at least obtainable and thus allow conclusions to be drawn about their personality.
  • Special personal data include information about ethnic and cultural origins, political, religious and philosophical beliefs, health, sexuality and union membership. They are particularly worth protecting.
  • Above all, those affected have the right to Informational self-determination. Saving and processing personal data is therefore only permitted with the consent of the person concerned.

More on the subject of personal data

Biometric dataCitizen IDFingerprint deviceIdentityPhone numberPhotographs of peopleProcedure directoryLocation dataData protection when using drones

Personal data: definition according to BDSG and GDPR

Data protection should as a sub-area of ​​the more general area of ​​data security, specific data sets protect against misuse and unauthorized access: personal data.

The corresponding data protection provisions can be found on the one hand in the Federal Data Protection Act, but on the other hand, even more importantly, in the European General Data Protection Regulation (GDPR). This will Binding for all EU member states from mid-2018. Both the BDSG, the GDPR and the numerous state laws on data protection contain definitions of individual terms to which the texts refer.

The definition of the term “personal data” is similar. But which data are exactly personal? Basically are all data that can be assigned to a specific or identifiable natural person. Every person is a natural person in his function as a bearer of certain rights and duties.

The GDPR extends this general definition a little: According to this, personal data is information that, when assigned to a natural person, enables insights into theirs physical, physiological, genetic, psychological, economic, cultural or social identity (Article 4 Number 1 GDPR). But which personal data is there in detail?

Examples of personal data

The types of personal data or data that can be related to individuals are numerous. A final summary can hardly be managed. However, the following is a list of corresponding values, which should give a first impression of what everything falls under personal data:

  • general personal data (name, date of birth and age, place of birth, address, email address, telephone number, etc.)
  • Identification numbers (social security number, tax identification number, health insurance number, identity card number, matriculation number, etc.)
  • Bank details (account numbers, credit information, account balances, etc.)
  • Online data (IP address, location data, etc.)
  • physical characteristics (gender, skin, hair and eye color, stature, dress size, etc.)
  • Ownership features (vehicle and real estate ownership, land register entries, license plates, registration data, etc.)
  • Customer data (orders, address data, account data, etc.)
  • Value judgments (school and work references, etc.)
  • and much more m.

There are also special ones personal data that require increased protection. The rules for collecting and processing such data are much stricter. Such special categories of personal data are new according to § 46 section 14 a-e BDSG-new (see also Articles 4, 9 GDPR):

  • "Data showing racial or ethnic origin, political opinions, religious or ideological convictions or trade union membership,
  • genetic data,
  • biometric data for the unique identification of a natural person,
  • Health data and
  • Data on sex life or sexual orientation; "

In the following graphic overview you will once again receive a compact overview of the different forms of personal data - from general personal data to important identification numbers, bank data, online data, ownership features to value judgments, factual circumstances as well as customer and identifiable data. These categories are explained in more detail with individual examples.

Why does personal data need to be protected?

In times of global links via the Internet, fear of the “transparent human being” is omnipresent. Which data can authorities collect from my communication? How can I keep control over the data stored about myself?

The fact is that many people still go today too reckless with the release of personal data - often out of ignorance of how valuable these can be for individual companies and authorities. Globally active data octopuses such as Google and Facebook collect data on user activities from the World Wide Web.

They mostly use this master data (from the location data to information on purchasing behavior to contacts) for the placement of personalized advertising for the respective user. And ultimately, they generate annual profits in the millions. Personal data is therefore worth real money.

In addition, however, can the misuse of this sensitive information can also have criminal relevance: Criminals can intercept bank data and thus access accounts without authorization, false documents can be created and sold with personal or ID numbers, and so on.

The misuse of personal data therefore often has an economic background.

Therefore, when dealing with personal data - whether in a company or an authority - greater care is required. Companies and public bodies that collect, store and process such data treasures must protect them from unauthorized access. In addition, not all data may be processed or stored for any purpose - and certainly not passed on - become.

Specific advice on the misuse of personal data

Address traffickingData traffickingPhishingIdentity theft

Handling of personal data

Not every company is allowed to freely collect all the data that it can get its hands on. If it is permissible that this or that public or non-public body collects and processes data, you must Ensure data protection. That means:

  • The employees who work in data processing must have the Data secrecy and require training in data protection law in dealing with the data sets.
  • The transfer of personal data to third parties is regular - and without the consent of the person concerned - not permitted. If it is permitted in exceptional cases, the transmission must be encrypted and the data must be transmitted separately from each other. In the end, this is intended to prevent unlawful tapping, but also to prevent data collections from revealing too much information about the person concerned.
  • The storage of personal data requires increased security measures. That means not only password-protected workplaces and databases, but above all appropriate encryption programs and highly effective measures to prevent infiltration by malware (antivirus programs, firewall, etc.). Under certain circumstances, the offices must also anonymize personal data, for example remove the reference to a specific or identifiable person.
  • The processing of personal data must always be for a specific purpose. If the purpose has been fulfilled, the information must be deleted or protected from further access. The person concerned must also have clearly consented to this purpose.
  • The obligation to delete personal data exists regularly as soon as the data is no longer needed or the earmarking has been terminated. In addition, one or the other entry of data expires at regular intervals (for example with Schufa information). Even unlawfully stored data must be immediately and securely deleted.

Personal data: important rights of those affected

Data subjects whose data is collected, stored and processed have numerous rights. Personal data are to be understood to a certain extent as the property of the respective natural person. The three most important rights concern self-determination, the right to information and the deletion of data.

Right to informational self-determination

In the so-called census judgment of December 15, 1983, the Federal Constitutional Court came to the conclusion that the right to informational self-determination basically falls into general personal rights. These, in turn, are clearly protected by Article 1 of the Basic Law.

According to this ruling - and this is also how it was stipulated in the BDSG and the GDPR - the right to informational self-determination may only be restricted within a narrow legal framework. These restrictions contain state and European legal bases.

The main regulation that applies to personal data Mention should be made: Everyone affected must go to the Consent to the storage and processing of your data for a specific purpose. With the GDPR coming into force in 2018, tacit consent by accepting the data protection declaration is no longer sufficient. Personal data may only be collected if the person concerned gives active consent to the process.

But that also means: Here, too, the people themselves have a duty. In principle, you should be more careful when releasing such personal information and also take precautions yourself to prevent the misuse of personal data.

right of providing information

According to Sections 19 and 34, data subjects are authorized to view the data stored about them by companies and authorities. In return, the public and non-public bodies are obliged to provide information. This is especially true with regard to information about data stored with credit agencies such as Schufa that relate to a person's creditworthiness. Affected people even have the right to receive free information once a year.

Right to correction, deletion and blocking of the data

Incorrect, outdated, illegally stored or passed on personal data must be reported by the data collector blocked, corrected or completely deleted in good time. The data subjects have the right to demand these processes if a violation of data protection is ascertained in this regard.

(58 Ratings, average: 4,05 of 5)
What are personal data?
4.05558Loading ...

You might also be interested in: