In principle, no data is sent to the authority. Also, your processing directory is not automatically transferred to the authority. The supervisory authority only requires that you document the processing operations of personal data and that you can provide this documentation to the authority upon request. The authority does not learn any specific data (such… […]
What can the supervisory authority require of me?
The authority may request access to all information necessary for , may point out alleged violations of the GDPR and may also prohibit a certain type of processing. The authority may inspect and conduct on-site data protection reviews. Among other things, this involves checking, whether the data are processed in good faith in accordance with… […]
I only have handwritten notes, does the GDPR apply to me?
Yes. Non-automated processed data is also subject to the GDPR. Once you have sorted data in any way, it is subject to the GDPR. This means that the data subjects have a right to information. Folders must be adequately backed up and data that is no longer needed must be disposed of. Appropriate means that,… […]
I only have a small business, do I have to implement the GDPR in the same way as a large one?
Yes. Whether or not you are affected by the GDPR does not depend on the size of your company, but solely on whether you process, store or otherwise use personal data (e.g. names of your customers, telephone numbers or email addresses) in any form. EPUs must also comply with the GDPR. The risk for small… […]
Am I affected by the GDPR?
Only if you use personal data exclusively in a private or family environment, you are not affected by the GDPR. The GDPR applies to the wholly or partly automated processing of personal data as well as to the non-automated processing of personal data which are stored or are intended to be stored in a sorted manner.)… […]
Can I wish my customers a happy birthday?
Yes, but … To congratulate on the birthday, you need the date of birth. When you ask for the date of birth from new contacts, you must specify that you want to use the date of birth for birthday wishes. In addition, the date of birth may not be mandatory, for example, for orders (unless… […]
May I continue to maintain my acquisition database?
Yes, but … You may continue to store data from potential customers/prospects. But you must document this processing in your (and, if applicable, in your privacy statement). However, under , you must inform data subjects within 30 days that you are processing the data and where you got it. This also applies to data you… […]