Privacy
Legislators in Germany (and Europe) have created a comprehensive legal framework that serves to safeguard the fundamental right to informational self-determination. In the process, a few simple principles have been implemented:
Personal data is all data that describes a person. This also includes data that can be indirectly related to a person (personal data). For example, a car license plate number can be seen as personal data if a person usually uses the car.
- Sensitive data (specially protected data): Data about attitude, political views, religion, health, etc.
- Potentially discriminatory data: Age, gender, origin, etc. In certain areas, this data can potentially lead to discrimination.
- Performance or behavior data: Data that is suitable for performance or behavioral control of employees necessitates the involvement of the staff representatives on the basis of the Staff Representation Act.
- Data with low purpose limitation: Data fields for non-specific "remarks," photos. Open comment fields must not be used for personal purposes, as they can be used to store any data. If possible, such fields should be omitted.
The processing of personal data is generally prohibited unless
- a legal basis permits the processing or
- there is a legally valid consent of the data subjects.
Data must always be collected from the data subjects with their knowledge, but not from third parties without the knowledge of the data subject.
In any case, as little data as possible should be processed.
Technical and organizational measures shall be taken to prevent unauthorized processing.
Personal data must be deleted as soon as the purpose for which it was collected no longer exists or it is no longer required for that purpose. (In some cases, statutory retention periods must be observed here).
- Information, inspection
- Objection for special reason
- Information
- Correction, blocking and deletion
- Compensation
- Appeal to the state commissioner for data protection
- Information from the register of procedures