Sök

Frequently asked questions about working life What personal data on employees and job applicants can an employer process? The employer may only process personal data that is directly necessary with regard to the employee's employment relationship,...

Frequently asked questions on data protection and the coronavirus What does health data mean? Health data refers to information about an individual’s health, diseases, disability or treatment. Health data belongs to the special categories of perso...

Data Act and powers of the Data Protection Ombudsman The EU Data Act (DA) sets out how data generated by connected products can be shared. Most of the regulation became applicable on 12 September 2025. The Office of the Data Protection Ombudsman m...

Frequently asked questions about health care Rectifying patient records How can I rectify my patient records? If there are errors in your patient records, you can ask for their rectification. The rectification request is made to the health care un...

6.8.2025 | We have put together answers to frequently asked questions about alcohol and drug testing in the workplace on our website. We also added information on what employers should consider when collecting personal data from employees and job applicants.

Frequently asked questions about information systems Can the customer of the company be entitled to log data by virtue of the right of access? Article 15 of the General Data Protection Regulation provides for the data subject's right of access to ...

Binding corporate rules Binding Corporate Rules (BCR) refer to common binding rules on the transfer of personal data to third countries within companies in the same group of undertakings or group of enterprises engaged in a joint economic activity...

Processors A processor is an individual or an organisation that processes personal data on behalf of a controller. Processors operate according to the controller’s instructions and under its supervision. The controller determines the purposes and ...

Processor's record of processing activities Organisations are obligated to draw up a written description of their personal data processing. This description is called a record of processing activities. The obligation to draw up a record of process...

News We completed the guidance on the alcohol testing of employees and processing of personal data in the workplace Type: News item Categories: Publication date: 6.8.2025 Keywords: Showing 1 - 1 / 1 Common topics What is personal data? Know your r...

Scientific research FAQ Learn more about scientific research on our website Scientific research and data protection . Does scientific research always require consent for the processing of personal data? No. Personal data can be processed for resea...

Controller's record of processing activities The obligation to draw up a record of processing activities applies to all organisations with more than 250 employees. Smaller organisations are also required to draw up the record if the personal data ...

Record of processing activities Record of processing activities is a written description of organisations personal data processing. The obligation to draw up a record of processing activities applies to all organisations with more than 250 employe...

Processors’ responsibilities Processors are governed by the General Data Protection Regulation if they are established in an EU Member State they are not established in an EU Member State but their personal data processing activities relate to the...

Claiming damages for violations of the GDPR Data subjects are entitled to damages if a controller or processor of personal data violates the EU General Data Protection Regulation and the violation causes material or immaterial damage to the data s...

Data protection officers A data protection officer is an expert within the organisation, who monitors the processing of personal data and provides advice on compliance with data protection regulations. The data protection officer monitors complian...

Processing of special categories of personal data As a rule, the processing of personal data belonging to special categories is prohibited. Such data reveals the person’s ethnic origin political opinions religion or philosophical beliefs trade uni...

When is the processing of personal data permitted? Legal bases for processing personal data The processing of personal data always requires a legal basis, which must be determined before the start of processing. Once the processing of personal dat...

Frequently asked questions about Data Protection Officers More information about data protection officers and instructions for organisations and managers that have designated a data protection officer Do the Data Protection Officer's name and cont...

Frequently asked questions about direct marketing Electronic direct marketing includes direct marketing via automated calling systems, as well as direct marketing implemented using email, text, sound, voice or picture messages. Traditional direct ...