Once you have employees, you will keep a personnel file on them and process the data from the employees in the course of payroll. Through this processing of data, employees also fall under the GDPR. What else to keep in mind here is that you will probably not only process “normal” personal data from your… […]
What is the GDPR anyway and which companies does it affect?
The GDPR contains rules on the protection of individuals with regard to the processing of personal data. The GDPR has been in force since May 25, 2018 and is therefore applicable to all companies that are based in Europe or offer products and/or services to customers in Europe. However, not only companies are affected, but… […]
Are there any technical or organizational requirements that I need to meet?
The GDPR requires appropriate measures and also measures that are state of the art. However, this does not prescribe exactly what should be done, cf. . However, adequate here means that at least an up-to-date firewall, virus scanner and malware protection are required. Encryption of data should also be standard. You should also test your… […]
What to do in case of a data breach?
As soon as you notice a personal data breach, you must inform the data protection authority within 72 hours. The exception to this is when the personal data breach is not likely to result in a risk to the rights and freedoms of individuals. You must then be able to demonstrate what technical and organizational… […]
What is personal data?
Personal data is any information relating directly or indirectly to an identified or identifiable natural person. As soon as data such as names, location data, customer numbers, etc. can be directly or indirectly attributed to a natural person, this data is considered personal data – .
What impact will the GDPR have on my company?
That depends entirely on your company. Many companies will certainly need to take additional security precautions in terms of software and hardware; for others, these security precautions may already be in place and not too much more needs to be done. However, data protection should be taken seriously in any case. Since the entry into… […]
What risk do I run if the GDPR is not complied with?
If the GDPR is not complied with, damages from the following areas may occur: Damage due to avoidable data loss, Penalties by the authority (reasonable and effective, up to 20 million euros or 4% of annual worldwide turnover), Claims for damages by affected parties (including attorney’s fees for enforcement), Damage to the company’s reputation if… […]
I am a small business owner and only issue invoices to my customers, I also do not have a customer database, am I affected by the GDPR?
Yes. See“Am I affected by the GDPR“.
Does the GDPR also affect me if I only store names and email addresses?
Yes. See“Am I affected by the GDPR“.