Starting on 25 May 2018, the General Data Protection Regulation or GDPR applies throughout the European Union. The GDPR stipulates how personal data may be processed and how they must be protected. You will find a summary of the basic information below.
What is the GDPR?
The GDPR is a regulation of the European Union. It applies directly in every member state, including in Austria. Every person whose data are processed can directly claim protection under the GDPR. Detailed information can be found here.
What does the GDPR govern?
The GDPR contains regulations about the processing of your personal data. The GDPR protects all information about you including your name, telephone number, investment, and hobbies. The principles in this regulation stipulate how your personal data may be stored and processed. Detailed information can be found here.
Why is the Austrian data protection law (DSG 2018) still in force?
The European Union has not only enacted the GDPR, but an entire “data protection package”. Part of this was also a new data protection directive. What is the difference between a directive and a regulation? Unlike a regulation, a directive must be implemented in national law. The GDPR also gives the member states leeway to govern individual aspects in greater detail than set forth in the GDPR itself.
Both of these aspects are being covered in Austria through the 2018 Data Protection Amendment Act, or the DSG 2018. We will of course also comply with the DSG 2018 when it is relevant for you and your relationship with us.
Why is the protection of my data so important?
Data protection is a fundamental right. Just as your right to freedom or security, your right to data protection is enshrined in the Charter of Fundamental Rights of the European Union. This EU Charter of Fundamental Rights applies to the relationship between you and government institutions.
The law also recognises that there must be a balance between the interests of entities processing personal data and the so-called data subjects in private and business affairs – for example between you and your bank. These rules can be found in the GDPR and DSG 2018.
Personal data say a lot about us and can reveal our hobbies, preferences, and wishes. And this is of course worth protecting. But we have to know your preferences in order to be able to offer you individualised service. One core element of data protection is that we find a way together in which we can and may process your data in your interests and under your supervision. Detailed information can be found here.
Where can I learn more about the GDPR and DSG 2018?
(All links as of May 2018)
The text of the GDPR can be found here:
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&
The text of the DSG 2018 can be found here:
https://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10001597&FassungVom=2018-05-25
The EU Charter of Fundamental Rights:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:12012P/TXT
You can find more information about your rights on the following web sites:
Austrian Data Protection Authority:
https://www.dsb.gv.at/
European Commission:
https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en
(All links as of May 2018)
It is important to clarify some basic terms so that we can talk about data protection. We have also included the Article designations of the GDPR so that you can look these definitions up if you wish to do so. Please note that the information provided here is only a summary. The full text of the GDPR and the respective articles can be found here:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU
What are personal data?
Personal data include all information that relate to an identifiable natural person (“data subject”). A natural person is considered to be identifiable when his or her identity can be determined directly or indirectly, for example by reference to a name or code number.
More information can be found in Article 4 (1) GDPR.
What does the processing of data include?
The term “processing” means any operation performed on personal data with or without the help of automated systems. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
More information can be found in Article 4 (2) GDPR.
What does “controller” mean?
The term “controller” refers to the natural or legal person, public authority, agency, or other body that decides on the purposes and means of processing personal data alone or jointly with others. One example of this is us as a management company.
More information can be found in Article 4 (7) GDPR.
What does “processor” mean?
The term “processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
More information can be found in Article 4 (8) GDPR.