Definition of data protection

Data protection is intended to protect the personal data of individuals from unauthorized and improper use.

This so-called "personal data," i.e., information that makes a person directly or indirectly identifiable, includes, for example, data such as full name, date of birth, address or telephone number. Particularly sensitive personal data (e.g., health, origin, political orientation, religion, etc.) belong to the special categories of personal data and are thus given special protection.

In Germany, the legal basis for data protection is provided by the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), among others.

By the way: The EU General Data Protection Regulation (GDPR) does not only apply in the EU, but to everyone who processes data of EU citizens. A significant difference!

Overview: data protection & personal data

Data is no longer considered personal if it has been anonymized in a way that data subjects can no longer be identified. For example, information in elections or surveys is anonymized so that it's impossible to identify a certain participant. Likewise, collective e-mail addresses of a company with the format info@company.com, for example, are not personal. The statistics and marketing data used by companies for planning, research and market analyses are also no longer personal once they have been anonymized.

Here you can find an overview:

Data	Personal	Not personal
Full name
Contact data
Adress
Bank data
Biometric data	(special category)
Origin	(special category)
Sexual orientation	(special category)
Health data	(special category)
Religion	(special category)
Political views	(special category)
Trade union membership	(special category)
Collective company email address
Anonymised survey data

There's no "just do it" in data protection

The principle of data protection is that every individual has the right to informational self-determination. On this basis, everyone should be able to decide for themselves how their data is processed.

In practical terms, this means that the collection, storage and processing of personal data is basically prohibited by default, unless:

There is a legal authorization (e.g. data at the tax office to determine the tax burden),
The data is needed to fulfill a contract (e.g. a sales contract between two people),
Or, the person concerned has explicitly given consent (e.g. social media terms of use)

Looking for an e-learning?

We have a modern and comprehensive data protection training that will effectively train your employees on how data protection works.

Find out more

Data protection principles: What do you need to consider?

Personal data is processed according to seven principles that are mandatory for every company or organisation:

Lawfulness and transparency: Data processing needs to be lawful and plausible for the data subject.
Purpose limitation: Processing may only be carried out for the purpose to which the data subject has consented.
Data minimization: Only the data necessary for the purpose may be obtained and used.
Accuracy: Only correct, necessary and up-to-date data may be used.
Storage limitation: The respective data may only be used as long as necessary for the respective purpose (afterwards, they must be properly deleted).
Integrity and confidentiality: Adequate protection is the be-all and end-all, because data must not only be protected from loss, but also from unlawful use.
Accountability: Compliance with data protection must be verifiable.

Data protection: data subject rights

Every person whose personal data is collected and processed has the following rights:

Information/access: Any person may request information from authorities, companies or other bodies about their data stored with them.
Rectification: If the stored data is not correct, there is a right to have the data rectified.
Erasure/ to be forgotten: Provided that no law stands in the way, a person may request the erasure of their data.
Objection: any person may object to the processing of their data on specific grounds. If the objection is justified, it must be complied with.
Withdrawal: Every person has the right to withdraw their consent to the processing of personal data without giving reasons.
Restrict processing: If there is a legitimate reason, the person may request the restriction of the processing their her data.
Data portability: Individuals have the right to receive their stored data in an electronic format.
Complaint: If a person does not agree with the processing of their data, they can lodge a complaint with the data protection supervisory authority.

Why is data protection so important?

As global digitalization continues to spread, the need to better protect data and personal information is steadily increasing. Because with digitalization, the criminal misuse of data has also increased.

This is also recognized by politicians with the implementation of laws such as the European Data Protection Regulation ('EU GDPR') or the German Federal Data Protection Act ('BDSG'). Thus, the goal is: everyone should be able to determine for themselves who collects, stores and processes their personal data, when and for what purpose.

In order to sensitize your employees on how data protection works, we offer an easy-to-understand data protection training.

IS-FOX data protection training

Easy to understand and right to the point. With refresher or test-out

Data protection is important. Therefore, as a company, you can't really avoid regular and often unpopular employee awareness training. For you to fulfill your training obligation without overburdening your employees, we have thought out an exceptional data protection training that: