Argana Consulting GmbH 
Let's rather talk about how to solve the problems.

Data protection in general

Data protection refers to the protection of personal data against unauthorised or improper use. This includes all information relating to an identified or identifiable natural person, such as name, address, date of birth, telephone number, e-mail address, social security number, health data and financial data.

The aim of data protection is to ensure that personal data is collected, processed, stored, transferred and deleted in a proper and lawful manner. Data protection guidelines and laws define how organisations can collect, use and disclose personal data to ensure that the rights and freedoms of the data subjects are protected.


Data protection management system (DPMS)

A data protection management system (DPMS) is a framework that helps companies ensure compliance with data protection laws and regulations. It is a system that provides policies, procedures and controls to ensure that personal data is collected, processed, stored and deleted in accordance with applicable laws and regulations.

By implementing a DPMS, companies can ensure that they process personal data in accordance with applicable laws and regulations and protect the privacy of the data subjects.

A DPMS typically comprises the following components

  • Guidelines: A data protection guideline sets out the principles and procedures that a company must follow with regard to the protection of personal data.
  • Risk assessment: A risk assessment helps companies to identify and evaluate the risks associated with the processing of personal data.
  • Training and awareness: Employees should be regularly trained and made aware of the importance of data protection to ensure that they are aware of the risks and can act accordingly.
  • Management of consent: A DPMS should provide procedures for obtaining and managing consent for the processing of personal data.
  • Controls: Controls help companies to ensure that personal data is collected, processed, stored, transferred and deleted in a proper and lawful manner.
  • Monitoring and reporting: A DPMS should provide monitoring mechanisms and reporting functions to ensure that the company monitors compliance with data protection laws and regulations and can respond quickly to violations.


Categories of personal data

The legislator provides for personal data to be subject to different levels of protection. This means that some information must be protected more strictly than others. When you consider that, for example, a person's eye colour allows different conclusions to be drawn about them than their social security number, this is only understandable.

Personal data can be categorised in different ways, depending on the type of information they contain and how they can be used. Some of the common categories of personal data are (examples, not an exhaustive list)

  • Identity data: This includes information such as name, date of birth, gender, address, telephone number and e-mail address.
  • Financial data: Financial data refers to information that is needed to process payments or transactions, such as credit card or bank account numbers.
  • Health data: Health data can include information about a person's state of health, as well as medical treatments and diagnoses.
  • Geolocation data: Geolocation data refers to information about a person's location, such as GPS data.
  • Biometric data: Biometric data includes information about a person's physical characteristics, such as fingerprints or facial recognition.
  • Professional or academic data: Professional or academic data may include information about a person's professional or academic achievements, such as employers or school qualifications.

Of particular interest to both data subjects and processors are the special categories of personal data that are defined in Article 9 of the GDPR. The processing of this personal data is generally prohibited and only permitted under special conditions - GDPR Article 9 Nos. 2 to 4.  

  • racial and ethnic origin
  • political opinions
  • religious or ideological beliefs
  • trade union membership 
  • genetic data
  • biometric data for the unambiguous identification of a natural person
  • Health data 
  • Data on sexual life or sexual orientation


Data protection overlaps

Data protection overlaps are the interfaces between different data protection regulations, provisions and standards. The usual data protection overlaps may vary from country to country and from industry to industry, but here are a few examples:

  • Datenschutz und Datensicherheit: Datenschutz und Datensicherheit sind eng miteinander verbunden, daData protection and data security: Data protection and data security are closely linked, as the security of personal data must be guaranteed in order to ensure data protection.
  • Data protection and cybersecurity: Data protection and cybersecurity are also linked, as cyberattacks can pose a major risk of privacy breaches and the loss of personal data.
  • Data protection and compliance: Data protection regulations and standards must be in line with other legal requirements and industry standards to ensure compliance.
  • Data protection and marketing: Companies must ensure that they process personal data for marketing purposes in accordance with the applicable data protection laws and regulations.
  • Data protection and cloud computing: Cloud computing services must ensure that they process personal data securely and lawfully and comply with data protection standards.

It is important to note that data protection overlaps are not always clearly defined and that companies must ensure that they process personal data in accordance with all applicable data protection regulations and provisions.

 

Gesetzliche GrundlaLegal basis and further information

EU European Union

Data protection based on the EU GDPR European General Data Protection Regulation

European Data Protection Supervisor EDSB
https://edps.europa.eu/_de

European Data Protection Board EDPB
https://edpb.europa.eu/edpb_de

List of data protection authorities according to the EDPB
https://edpb.europa.eu/about-edpb/about-edpb/members_en


Austria

Austrian Data Protection Authority
https://www.dsb.gv.at/

Data protection laws

  • Das Datenschutzgesetz (DSG)
  • Telekommunikationsgesetz 2021 (TKG 2021)
  • Kirchliches Datenschutzgesetz (DatSchG)


Deutschland

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit bfDI
http://www.bfdi.bund.de

List of data protection authorities according to the BfDI
https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

Data protection laws

  • Bundesdatenschutzgesetz (DSAnpUG / BDSG) nat. spezifische Regelungen
  • Telekommunikation-Telemedien-Datenschutz-Gesetz TTDSG 
  • Landesdatenschutzgesetz (z.B. BayDSG) nat. spezifische Regelungen
  • Kirchliche Datenschutzgesetze (z.B. KDG bzw. DSG-EKD)