With the BDSG, Germany has taken on a frontline role in data protection, and this became the foundation of today's GDPR.
The history of German data protection begins with the first State Data Protection Act of Hesse. This was passed in 1970 to protect citizens from the impairment of their privacy through illegal collection, storage, transfer and processing of data. Afterwards as early as 1995, European directives for the protection of natural persons with regard to the processing of personal data and the free movement of such data were passed, which had to be transposed into national law.
Since the 1990s, data protection law has had to adapt to digital data storage and global networks, and the Federal Republic of Germany necessarily began implementing the BDSG in 2001. After this implementation, alterations and enhancements were quickly added. These included the Data Protection Directive for Electronic Communication in 2002 and the amendment of the Telecommunications Act in 2004.
The European Parliament then proposed the basic data protection regulation at the beginning of 2014.Two years later, it came into force on May 25, 2016, and is valid in all European member states after a 2-year transition period since may 2018.
Two years later, it came into force on May 25, 2016, and after a 2-year transition period, it is valid in all European member states since May 2018.
Thus, the current Data Belt Ordinance (DSGVO), which came into force in 2018, shows companies how they must handle personal data, and is still being worked out today.
Data protection law of the persons concerned
One of the provisions of the DSGVO is the lawful processing of personal data. The Data Protection Act DSGVO has many rules, more than any other country to protect its citizens and their data.
The following are data protection rights of those concerned:
- Data protection right to information (Art. 15 DSGVO)
About processed data, where they were collected, where they are sent, etc. Be informed in accordance with data protection laws.
- Right of rectification (art. 16 DSGVO)
Incorrect data must be corrected at the request of the data subject.
- Data protection right to deletion (Art. 17 DSGVO)
The person concerned may request that the data collected be deleted. Especially if the processing of the data is no longer necessary. This data is required if a tax retention obligation applies.
- Right to limitation (Art. 18 DSGVO)
If data are required or non-erasable, the responsible person should restrict these data.
- Data protection right of opposition (Art. 21 DSGVO)
The data subject is allowed to object to the processing of his personal data. Especially if information is used for direct marketing purposes. With the exception of important reasons on the part of the data controller or if these data are used to establish a legal claim.
- Right to data transferability (Art. 20 DSGVO)
Everyone has the right to have his personal data made available by a responsible person, which the person concerned can in turn make available to others without hindrance.
- Data protection right to not exclusively automated decisions (Art. 22 DSGVO)
Interested parties have the right to request that decisions which affect them are not exclusively automated.
- Data protection right to appeal to a supervisory authority (Art. 77 DSGVO)
According to the Data Protection Act, the data subject is entitled to contact a supervisory authority directly if there is any suspicion of inappropriate data processing.
- Right to consult the Data Protection Commissioner (Art. 38 DSGVO)
Data subjects are permitted to consult the data protection officer of the controller with questions in accordance with the DSGVO and concerning the processing of their personal data.
These rules, and more apply to protect the data of citizens of the European Union under the DPA above all, and are often the most difficult for a company to comply with within the 30-day period. If the specified deadline is not met, or if the above rights are violated, a fine is imposed under the DSGVO for violation of the DSGVO. One of the first cases in Germany, the company Deutsche Wohnen SE, was fined over 14 million euros for storing data in an unerasable archive system without having checked whether the storage of the data was permissible or even necessary. This is one of the many examples of why one should administer a proper system and consult data protection experts in order to keep the collected data organized according to DSGVO regulations.