The provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (German BDSG) serve to protect individuals from any restriction of their personal rights – this has been clear since the 1983 Census Act. Therefore, the processing of personal data is only authorised provided it is permitted or ordered by a legal provision or with the consent of the data subject.

On the other hand, the acceptance of new information and communication technologies should be promoted. The free data flow is an important aim of the European Union and must also be sufficiently considered in the assessment of privacy cases.

In order to actually implement the provisions of the GDPR and the German BDSG, appropriate measures must be taken. This cannot happen “overnight” as many companies do not have a structured IT and office organisation from a privacy perspective. In general, the first step is to determine the status quo and, on this basis, the development of a structured and sustainable data protection management in accordance with legal provisions.