If you turn your attention to the big GDPR spotlight, you will see a legal landscape that is both broad and deep – full of rules and regulations that guide us through the digital age. But do they provide enough protection or are they just waves of red tape? GDPR rules in Denmark, or as we also like to abbreviate it to — GDPR, is our time's armor against data abuse and online excesses.
Who hasn't had a 'wow' moment where personal information is shared widely without a second thought? In 2024, however, it is crystal clear that GDPR must be synonymous with data protection, without taking away the digital magic. Many may think "what is GDPR?” in short: a handbook in digital etiquette. Others may believe that “GDPR fines” – it's just something the competitors take care of. But let it be said, both big and small have to keep their tongues in their mouths when it comes down to it processing of personal data.
One might be tempted to think that GDPR is like a digital sword in the stone; only the most noble enterprise can pull it free. But don't forget, Arthur became king because he knew his own limitations – the same principle applies in the realm of GDPR. So, remember GDPR Danish is not just a question of legal texts, it is a question of corporate culture.
With 2024 upon us, it is essential to keep up to date with “what is the personal data act?”, because GDPR is like a good glass of red wine – it only gets better over the years, and GDPR in Denmark 2024 will appeal to all digitally aware citizens.
Key points
- GDPR is more than just an acronym soup; it is the foundation for data protection in the EU.
- GDPR fines can be salty, so it is important to have a handle on data ethics and legislation.
- 2024 offers continued GDPR-sharpened focus – do you know the rules?
- Everyone deserves to treat and be treated with respect – including your data.
- Informed consent is the king of the data mountain – make sure your users know how to abdicate.
What is GDPR and its purpose?
When we speak GDPR Danish, then we dance on the line between the tight choreography of data protection and the digital pirouettes of modern companies. We dive into this universe to understand, What does GDPR mean? - The General Data Protection Regulation - and what tunes it plays for both individuals and companies.
GDPR basics
From Aarhus to Aalborg everyone knows the data protection act exists to orchestrate a world where processing of personal data takes place under the most proper and decent conductor's baton. GDPR is that conductor and its notes are written to protect! It is not just individual notes that are protected, but a whole symphony of them sensitive personal data, from the more obvious such as name and address to the deeply personal such as health data.
The purpose of the Data Protection Act
It is about giving the individual a place in the jury box. The Data Protection Act is there to ensure that citizens' data does not become a free buffet for data-hungry companies. The security in processing of personal data is therefore not a question of 'maybe', but a resounding 'must'!
Personal data coverage under GDPR
An enchanting aspect of the GDPR is its scope; it covers every imaginable – and unimaginable – scenario where personal information is collected, analysed, criticized and sometimes praised. The list above sensitive personal data is as long as a summer day in Skagen and includes everything from your digital footprints to the most private – your DNA.
"GDPR is not just a sign in front of the company - it is a fundamental script for responsible data handling".
GDPR rules for companies in the EU
Navigating through the cryptic sea of GDPR rules can feel like a walk through a labyrinth in the dark for many business leaders — but fear not! Lighting the torch of clarity, we see how EU data protection rules draws a map that not only leads to compliance, but also to a strengthened bridge of trust between companies and customers. So, What does GDPR mean?- the specific rules for our heroic companies in the EU? They must be knowledgeable captains who steer their ships with factual insight into the passages of data they transport.
GDPR for businesses puts a sharp focus on the many hats that the company wears: from data collector to data defender. It is a dance with duties, where every step must be well thought out. The obligations extend beyond just the EU's borders; If your company travels outside the EU, the data must be packed in GDPR-approved packaging before dispatch.
GDPR is a compass rose in the troubled waters of the digital age. It is not enough to have a GDPR course set – the company must also be able to navigate according to the stars that the obligations designate.”
To give a clear illustration of those GDPR obligations companies face, and the surrounding rights know processing of personal data, let's dive into a table that outlines this delicate balance:
| Data point | Obligation |
|---|---|
| Purpose of data collection | Must be clearly defined and legitimate |
| Relevance of data | Only what is necessary may be obtained |
| Data Protection Officer | Designated for specific treatment activities |
| Data transfer outside the EU | Follow procedure for adequate protection |
To be in accordance with GDPR effect in the EU is not a one-off business. It requires ongoing attention and maintenance. The company must, for example, assess whether a Data Protection Officer must be appointed and ensure that all data surfaces can be safely navigated, both within the EU's digital borders and in the global data waters.
- Focus on timely and accurate information for customers
- Clarity in communication of the purpose of the data collection
- Strict sailing when it comes to the transfer of data to third countries
With a warm twinkle in the eye, one could say that GDPR acts as a verbal safety net: it is the net that catches the company should it stumble in the digital circus.
The definition of personal data – What is protected?
When we talk GDPR personal data, it is not just a series of dry words on a piece of paper. It is an essential dance between identity and anonymity, a ballet of bits and bytes. To boost the understanding of processing of personal data under GDPR, we must separate the sheep from the goats and define which pieces of data require the armor of privacy.
It's not just the direct ones identifiable information such as name and contact details that are under the GDPR's protection umbrella. We also find online identifiers like IP addresses, which in the hands of a skilled detective can reveal more than you think. Remember that your digital footprints on the Internet are as unique as those in the snow. Therefore, everything from your physical to your financial profile is taken care of under the GDPR's wings.
What is the Personal Data Act so more precisely? Yes, it is a guidebook for how data should be treated with respect and not just as a commodity that can be traded and exchanged. The law's mantra is transparency and honesty, because only with clarity can trust flourish.
And when we delve into the more sensitive personal data, the law's grip tightens. We're talking race, political views, heartfelt beliefs—anything that could open the door to discrimination if it got into the wrong hands. Here requires GDPR protected information a fine balance acrobatics, like only the most agile data processors can and should perform.
GDPR mantra: Protecting you from data abuse, that is our noblest duty.
Companies and organizations are on stage in the spotlight when we speak processing of personal data. It's their imagination, and GDPR wrote the script. Therefore, every step, every action, for every single piece of data must be carefully considered - so that the audience can breathe easily and confidently.
- Transparency in data collection
- Respect for the individual's privacy
- Persistent safeguards for data
With this play of GDPR personal data each company plays its part, and as in any good play, the outcome depends on the ability of each individual actor.
Who is covered by the GDPR?
When we dive into the complex GDPR rules, we find that they cast a wide net over a diversity of companies. This therefore includes both those planted in the fertile soil of the EU and those that germinate in the international soil with the processing of data related to EU citizens. It is a game of jurisdiction that requires a watchful eye international data protection – a game where the rules are constantly evolving and expanding.
Companies within and outside the EU
Whether you are sitting in a high-tech office in Copenhagen or in a startup workshop in Silicon Valley, GDPR cannot be avoided. I repeat: GDPR outside the EU is no exception. The digital era knows no boundaries, and it does GDPR in the EU nor. With a manual in international data protection and a clear understanding of GDPR rules, companies worldwide are better equipped to not only comply with the law, but also to build bridges of trust between them and their users.
EU citizens' data protection globally
The virtual world must not become the Wild West, where personal data flutters like tumbleweed. EU citizens and GDPR stands as a redoubt and reminds us of the importance of preserving civil rights, also online. When someone from the EU shares data on the Internet, global companies commit to respecting these rules like a knight respects his codex. So whether it's a webshop in Beijing or a social media site in São Paulo, the EU's magnificent flag of data protection must fly in the wind wherever EU citizens' data gets a digital foothold.
The roles of the Data Controller and the Data Processor
In the cosmic GDPR universe, they form data controller and data processors a special system that ensures a harmonious interaction in the galaxy of processing of personal data. If your company's satellites are to float safely into orbit within the right directions of data protection legislation, you need to know the main players in this game. The spotlights here are pointing at it data controller, which directs traffic in the data traffic, while the data processor performs the navigation according to the given route.
Personal data responsibility is a serious affair and requires more than just a nice title on the business card. Both data controller and data processors must put on the armor of compliance, which protects against data breaches and ensures GDPR's starry intentions. However, this is not a duo-duel but a pas de deux – together to create a secure data protection waltz.
Let's ditch the discreet role of the doormat and jump into the bright light of the floodlight; the following table highlights roles and responsibilities:
| Roles | Responsibility | Specifications |
|---|---|---|
| The Register manager | Defines the purpose of data collection and determines processing methods | Establishes the framework for how data must be handled safely and legally |
| The data processor | Processes data on its behalf data controller | Implements the technical and organizational security measures that GDPR prescribes |
Like a well-choreographed ballet between data potentates, is GDPR roles to ensure that every nut tower and castle yard in the kingdom of the personal data realm respects citizens' right to privacy.
Rather obsessed, without a clear view of these roles the very foundation of data protection will sway like a house of cards in an autumn storm. With an almost detective-like accuracy data controller and data processors therefore keep a log of any data stream they entrust to them by GDPR's tight compass.
- The Register manager must ensure validity in purpose and means.
- The data processors must maintain a telescope in order to handle data gracefully.
- Together they must form an alliance to strengthen the foundations of data protection.
Data transfers outside the EU and EEA
Cross-border data pulses can give even the most robust data protector heart palpitations. When information leaves the safe harbor of the EU and the EEA, requirements arise international data protection in force – and for companies it is a balancing act on the GDPR's tightrope.
Data protection requirements for international transfers
To make sure that international data transfer not become synonymous with digital anarchy, GDPR has set towering standards. Transfers of personal data do not fall outside the scope of the EU and the EEA without a solid basis. Remember that every byte is subject to the GDPR's protective umbrella, just as a hawk prince's land extends through his sheriffs.
Effect of GDPR outside Europe
Oh, the labyrinthine web of globalization! But even outside the European borders stands GDPR outside the EU strong as a digital Bedouin, securing citizens' data against sandstorms of misuse. A feat that requires more than just binoculars; here the company must have both a compass and a GPS to handle it GDPR data transfers with the finesse prescribed by law. And remember – it's not about sneaking around GDPR, but about being in it GDPR compliance, regardless of where your cables are buried.
In this global solitaire, you must always be one step ahead, so play your cards wisely and thoughtfully! Below is a table filled with the important talismans that must be taken on the journey:
| The destination of the data transfer | GDPR requirements |
|---|---|
| Country with EU adequacy assessment | Transfer safely, but stay alert |
| Country without recognized adequacy level | Binding Corporate Rules or Standard Contractual Clauses |
| In case of special exceptions | Be astute – obtain express consent |
Oh yes, the international legal certainty – a delicacy that must be handled with the same precision as when Miss Confidential juggles the portfolio apples. Only with maneuvers that would make an oriental merchant envious can one navigate the global GDPR minefield.
Processing of sensitive personal data
When it comes to sensitive personal data, GDPR tightens the rules. It is a protection tango that requires fine steps to ensure the integrity and privacy of the individual. In this section we will unfold the details of the processing of these sensitive data, outline the tight cross of prohibitions and explore the necessary exceptions that the GDPR allows.
Exceptions for processing sensitive data
As you know, there are exceptions to almost all rules, and GDPR is no exception. Although there is generally one ban on data of a sensitive nature, there are special situations where this data can come into play. This could, for example, be with express permission from the data subject, or if the processing is essential for significant societal interests and is based on a legal basis. These GDPR exceptions is created to accommodate the necessary nuances in a complex society.
Prohibition of certain types of data
Despite the openings for necessary exceptions, a strict grip is kept in the GDPR protection of sensitive information. This prohibition applies to data dealing with such intimate aspects of a person as race, sexual orientation and health information, where to process this data without a clear and lawful basis would be to enter the stage of privacy without invitation.
Google Consent Mode V2 as a solution to GDPR
When it comes to balancing streamlined advertising and strict data protection in a GDPR world, can Google Consent Mode version 2 (v2) turns out to be the golden ratio. This new tool from Google enables advertisers to navigate the intricacies GDPR rules, while at the same time respecting user's consent and stays the course on the changeable sea of advertising.
Integration of Google services and user consent
With CookieYes' integration of Google Consent Mode V2 opens the door to a new era of user consent, where transparency and freedom of choice go hand in hand. Advertisers can now sense the subtle nuances of user's consent, allowing fine-tuning of the data they collect. It's a passage where advertisers and users meet in the middle – respecting the right to privacy without giving up the vital data that drives the advertising industry.
Advertising and personalization under GDPR
It is no longer enough to shout loudly and hope that your message catches the user's attention. GDPR consent now requires every voice from the company to be fine-tuned and personally attuned. Google Consent Mode V2 is like a maestro too advertising under GDPR, directing each pixel and cookie to compose a symphony of relevance and respect for the user's privacy.
GDPR was a revolution, but not an end. With Google Consent Mode V2, we continue to declare our allegiance to data protection, but with the familiar tune of innovation and momentum.
At the intersection between the need to protect personal data and the advertiser's desire to reach potential customers, Google Consent Mode V2 has opened up a dialogue where both parties can thrive. CookieYes' support for this update marks the beginning of a worldwide evolution where user's consent is again at the center of digital advertising. And who knows, maybe the future will offer even more innovative solutions that can embroider on this tapestry of data protection and targeted marketing.
Rights according to GDPR
The person is not a product, and in the eyes of the GDPR, the dignity of the data is unassailable. But what does this shield cover? GDPR rights actually? They involve fundamentals data protection rights, which gives individuals sovereignty over their own digital footprints. These rights are designed to equip us with the tools to navigate, manage and eventually reclaim our data should the need arise.
Access and portability
Imagine a key – a key that unlocks the gate to your data. Right of access is the key. It allows any person to request access to the information held by organizations. The right to data portability runs close alongside, giving you the power to move your data from A to B – digital breakaway kingdom, if you will. Data must be transportable like a hiker's backpack, ready to take the journey on to a new digital landscape.
Correction and removal of data
If errors have crept into the nooks and crannies of the data, GDPR will leap to your defense, armed with a right to rectification. Erroneous data? They can be directed around the corner. But what if data has lost its relevance? Must outdated information dance forever through the virtual rivers? No. Here comes right to erasure in - also known as 'the right to be forgotten'. This right cleanses the data philosophy of the past and ensures that you can erase traces that no longer reflect your current reality.
The right to have personal data deleted forms an island of silence in the digital noise. Both companies and individuals navigate significant rights that protect and preserve the core of personal data – theirs right to privacy.
GDPR gives you the power to stand at the helm of your digital ship – to maintain the course or change the direction of your data.
Requirements for companies when handling personal data
When navigating the complex landscape of GDPR, there are certain ports where every business should drop anchor. To secure GDPR compliance are there specific GDPR requirements, which every company – large or small – must comply with. These requirements are not designed to be burdensome, but rather beacons that guide businesses into safe harbor when handling personal data.
One transparent data collection is the cornerstone of GDPR legislation. Companies must clarify why they collect data, how they use it, and not least how they protect it. This duty of information emphasizes the company's obligation to protect data and creates trust between company and consumer.
It is essential that companies establish procedures that are tailored to meet the individual rights set out by data protection laws. These procedures must handle requests for access, correction and deletion of personal data in an efficient and respectful manner.
| GDPR obligation | How to ensure compliance |
|---|---|
| Data collection and use | Transparency and clear communication |
| Right to access and erasure | Implementation of internal processes |
| Transfer of data internationally | Ensuring adequate data transfer agreements |
| Data security and incident response | Robust security measures |
In order to be GDPR compliant, it is also required that the company ensures data security. This implies having the right technical and organizational measures in place to prevent data breaches. Should a breach occur, the company must have protocols in place to respond quickly and effectively.
Not all GDPR regulations can be measured in numbers and codes; some of the strongest tools in companies' handling of data lies in the human factor – employee training, a culture characterized by data protection and an understanding of the deeper value of personal information. Through such a holistic approach, the company can really set sail towards GDPR's coveted horizon.
- Transparency in the collection and use of personal data
- Respect for the individual's rights and freedoms
- Data incident preparation equated with a proactive defense strategy
As an example of the subtle art of balancing the GDPR tightrope, companies can take inspiration from technologies that support these obligations and serve as the vanguard of personal data defense. In this context, a proactive approach is not just desired, but a necessity.
For businesses, good GDPR practices not only hold value in legal compliance, but also as a bastion of user trust and loyalty.
Sanctions and fines under the GDPR
When it comes to GDPR compliance, the consequences of not playing by the rules are both severe and costly. Companies must understand that GDPR fines and GDPR sanctions is not only a possible financial burden, but also a test of their corporate responsibility. Let's explore how these fines affect businesses and what happens when GDPR is ignored.
Importance of GDPR fines for corporate responsibility
We are not talking about small change when companies have to fork out after violating the GDPR rules. The fines reflect the importance of personal data and ensure that corporate responsibility is not just a nice word on paper. The heavy-handed penalties rest on a clear expectation that companies establish a culture where data protection is embedded in their daily operations. It requires consideration and the systematic incorporation of secure data protection practices.
The consequences of ignoring GDPR
Inadvertent or deliberate ignoring the GDPR is a high-stakes gamble that can result in a devastating GDPR penalty. Companies not only risk massive financial losses, but also suffer from the potential loss of reputation that can follow. At a time when consumers place a high value on privacy and data security, a scandal surrounding a data breach can cause lasting damage to customer trust.
| Violation type | Potential Fines | Extra Consequences |
|---|---|---|
| Lack of consent for data processing | Up to 20 million Euro or 4% of the global turnover | Damage to reputation, loss of customer trust |
| Not reporting data breaches | Up to 10 million Euro or 2% of the global turnover | Lawsuits, customer withdrawal |
| Data processing without sufficient security | Varying fines depending on the specific case | Investments in new security systems |
It is important to remember that these sanctions and fines are designed to motivate companies to operate in accordance with the law, and not as a punishment to destroy them. But the consequences show that there is a lot at stake for companies when it comes to GDPR compliance.
Appointment of a Data Protection Officer (DPO)
With the introduction of GDPR, the word is Data Protection Officer have become part of the daily conversations in many companies. This title carries a significant meaning because a DPO ensures that companies not only comply with the rules, but also maintain a bastion for users' rights. To elucidate the role and importance of a DPO, here we unfold the rules and the constructive cooperation dynamics with data protection authorities.
Conditions for handling data protection
Not all companies are required to have one Data Protection Officer, but when there is regular and systematic monitoring of personal data, or if you process sensitive personal data, it is not just a smart idea, but a GDPR mandated necessity. Far from being a signal cannon in the canteen, this role focuses on advising, monitoring and, above all, protecting. One DPO is the company's built-in compass that points towards the north star of GDPR compliance.
The cooperation with the data protection authorities
An important part of the DPO's work is to act as the company's point of contact for them data protection authorities, which is responsible for enforcing the GDPR. This often requires a close cooperation with data protection authorities, where communication must be exactly like the way a violinist tunes his violin – with precision, attention and fine-tuning to the regulatory melodies.
It is essential that the appointment of a DPO is not seen as a formal proforma, but as a value-creating position that resonates through all the company's data flows. Carrying the title of DPO is not just wearing a name tag — it is carrying the torch for data protection in a digital era.
The DPO's presence in a company is as crucial as the sun is to the day – without it, the dark clouds of non-compliance will quickly gather.
Your rights as a user under the GDPR
With the introduction of GDPR, we have seen a shift towards a more powerful role for the individual user in the digital landscape. Now more than ever, people like you and me – ordinary consumers – have user rights under the GDPR, which are both essential and expedient. These rights are the foundation of ours right to privacy, and they allow us to have voice and control over our digital footprint.
A core feature of the GDPR is the ability to request right to access data. This acts as an open door where you can step in and see exactly what is being stored about you in the digital data battleships. If something feels skewed or redundant, GDPR assists with the right to object to the processing of your personal data, a digital handbrake if you wish.
Not only do you have the power to say "stop", you also have the right to demand deletion of data, known as the 'right to be forgotten'. This is your personal eraser that can erase your tracks when they are no longer relevant – a tool to control your digital footprint.
In addition, it ensures the essential GDPR user consent an era of informed consent, which equals power. This initiative calls for clear language and transparency on the part of the companies, to ensure that you as a consumer understand the agreements you enter into in cyberspace. It's a mindset that tickles not only law enforcement, but also the phenomenon we know as ordinary consumer rights.
| Right | Importance | How it empowers you |
|---|---|---|
| Data Insights | The possibility to see exactly what personal data companies have about you. | Gives you control and understanding of your digital presence. |
| Protest against treatment | Can object to the processing of your data. | Empowerment in situations where you feel your data is being misused. |
| Deletion of data | The right to have personal data removed from company systems. | Gives you the power to 'clean up' your data history as needed. |
| User consent | The necessity of your explicit consent before your data is processed. | Ensures that you have a clear and unambiguous voice in your data relationships. |
This digital revival under GDPR means that you as a user can now navigate the waters of the internet with renewed confidence and wisdom. It is now in your hands – or more precisely, in your clicks – to decide how your digital saga will be written. So use yours user rights under the GDPR wisely, and don't let your data dreams become digital duels.
With GDPR, every user's right to privacy is guaranteed on the internet, giving everyone a spear in the fight for data rights.
Consent and transparency in user data
Highlighting the value of is the essence of digital ethics and legality under GDPR user consent and data transparency. This two-sided coin of trust and understanding is essential for each company's commitment to GDPR data handling. It's a digital chivalry that gives users the power to not just join in the dance, but also to stop the music if the notes aren't to their liking.
Shaped choices and clear communication are the cornerstones of the castle-shadowed landscape of users' privacy.
Companies are faced with the task of making the consent process as seamless as a summer breeze. That means consent forms swimming in legal jargon and ulterior motives are more passé than a floppy disk.
- Consent must be as easy to withdraw as it is to opt-in.
- The requirement for transparency means that a user must be able to look under the hood of the data collection at any time.
- GDPR consent is not an enigmatic cryptogram; it is an open book, ready to be read and understood.
The digital world is a kaleidoscope of data, where the clarity of each piece of information is as important as the content itself.
| Element of user consent | Characteristics | Benefit for the user |
|---|---|---|
| Volunteering | No pressure on the user | Sense of control and autonomy |
| Specification | Detailed about what is agreed to | Avoidance of "consent traps" |
| Enlightened | Full understanding of the consent process | Clear decisions |
| The ability to withdraw | As easy as giving consent | Freedom to change your mind |
Taking a satirical look at this topic, one could say that in the world of GDPR, consent is not a mad flight — it is an elegant waltz, step-by-step, transparent and harmonious. It culminates in a transparency that not only shows the way, but illuminates it with certainty and faithfulness.
Thus, companies must navigate these waters with grace and consideration, unfolding each paragraph of the GDPR as a modern tale of data transparency and respect for users' privacy — an adventure where user's consent is the hero himself.
Conclusion
In a digital age where personal data flows like a still-flowing river through servers across the globe, GDPR stands as an unshakable dam against breaches. This GDPR guidance has served as a compass that has pointed us towards understanding the complex landscape of data protection 2024. With legislation such as the personal data act in Denmark, which strikes with seven-inch nails, companies will have to reevaluate their practices—not just to parry fines, but to dance to its tunes of transparency and protection.
The introduction of Google Consent Mode V2 is a great ballerina on the GDPR stage, allowing a more fine-tuned data management. It should serve as a guide for the companies that can now implement this tool to choreograph their interaction with the users' data – a pas-de-deux between the consumer's wishes and business ambitions. With GDPR implementation as a narrative that continues to unfold, not only compliance will be the focus, but also innovation within the framework of ethics and responsibility.
It is clear that the route mod data protection 2024 is characterized by a willingness to adapt and an understanding of the role of both companies and users in the digital ecosystem. GDPR in Denmark remains a valid and authoritative guideline for navigating towards secure data harbours. So businesses, fasten your digital life chains – GDPR is not a storm that can be avoided; it is the climate that shapes our digital behavior.
FAQ
What does GDPR mean?
GDPR stands for General Data Protection Regulation, and it is an EU regulation that aims to strengthen and harmonize the protection of personal data for all individuals in the EU.
How does GDPR affect Danish companies?
GDPR affects Danish companies by requiring them to secure personal data securely and transparently. Companies must comply with rules on consent, rights for the individual and reporting of data incidents.
What does the term "personal data" cover under the GDPR?
Personal data covers any information that can identify a person either directly or indirectly, including name, address, photograph, email, bank details, IP address, etc.
Who must comply with GDPR?
All companies and organizations that process personal data about citizens in the EU, including companies outside the EU that offer goods or services to, or monitor the behavior of, EU citizens.
What is a Data Protection Officer (DPO)?
A DPO is a person appointed to assist the company in monitoring internal compliance, inform and advise on data protection obligations and acts as a link between the company and the supervisory authorities.
What happens if you do not comply with the GDPR?
Non-compliance can result in heavy fines, up to 4% of annual global turnover or 20 million euros – whichever is higher. Significant damage to the company's reputation can also occur.
When to obtain consent under GDPR?
Consent must be obtained before processing of personal data and must be voluntary, specific, informed and unambiguous. It should be as easy to withdraw consent as it is to give it.
What is sensitive personal data?
Sensitive personal data includes race, ethnic background, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information and sexual orientation.
How to handle data transfers outside the EU?
In the case of data transfers to countries outside the EU, a sufficient level of protection or special agreements such as Standard Contractual Clauses must be ensured, unless it is a country with an EU-approved data protection level.
How does Google Consent Mode V2 help with GDPR compliance?
Google Consent Mode V2 allows companies to respect users' choices of privacy settings by adjusting how Google services respond to the absence or given consent and still allow some analytics and advertising work.
What rights do I have under the GDPR?
You have right of access to your data, to have incorrect information corrected, information deleted, limit processing, data portability and object to certain forms of processing of your personal data, including profiling and direct marketing.
How can I request insight into the personal data a company has about me?
You can submit an official request to the company – typically called a Subject Access Request (SAR) – in which you request all the information they have about you and how they process it. The company must respond within a specific time frame under GDPR.