“Is leitzcloud GDPR-compliant?”
This question has increasingly come to the forefront in recent years, and not without reason: since May 25, 2018, the General Data Protection Regulation has come into force across the entire EU. Therefore, leitzcloud must also comply with this regulation
Who does the GDPR apply to?
The GDPR is the General Data Protection Regulation that has applied to the entire EU since May 25, 2018. The regulations apply to companies based in the EU, but also to non-European companies that have an establishment in the EU or process personal data of EU citizens.
What are the objectives of the GDPR?
The aim is to create a uniform regulation across the entire EU, so that the differing standards of individual member states are avoided. In addition, the fundamental rights and freedoms of natural persons, their personal data, and the free movement of personal data are to be protected.
What is personal data?
Personal data is information that allows conclusions to be drawn about the identity of a natural person. This can be identified directly or indirectly through the assignment of identifiers such as a name, identification numbers, or multiple characteristics.
Besuchen Sie uns auf LinkedIn!
Lesen Sie mehr über die DSGVO und weitere spannende Themen auf unserer LinkedIn Seite.
Wir freuen uns auf Sie!
Summary of the EU General Data Protection Regulation
The following table is intended to provide an overview of the individual chapters and summarize the most important contents of the articles.
| Chapter number | Explanation |
|---|---|
| I. General Provisions | The first chapter sets out general provisions and objectives of the regulation and serves to protect natural persons in the processing of personal data and the free movement of data. In addition, the material and territorial scope is addressed and further terms are explained. |
| II. Principles | The 7 articles describe the principles for data processing. This includes, for example, the handling of personal data as well as the lawfulness of data processing. Example: Article 6 GDPR: Processing is only lawful if at least one of the following conditions is met: – Consent of the data subject – Processing is necessary for the performance of a contract – Processing is necessary to protect the vital interests of the data subject – etc. |
| III. Rights of the Data Subject | The third chapter of the GDPR addresses the rights of a data subject whose data is being processed. These include, among others, transparency, information obligations and rights of access, the rectification and deletion of data (“right to be forgotten”), etc. |
| IV. Controller and Processor | These articles explain the obligations of the controller as well as the designation of a data protection officer. The data processing agreement (DPA) in accordance with Article 28 GDPR defines the requirements for the contractual relationship |
| V. Transfer of personal data to third countries or to international organizations | The regulation governs the processing of data in third countries that are not part of the EU and ensures that the level of protection for natural persons is not undermined during transfers. |
| VI. Independence of supervisory authorities | Supervisory authorities review and monitor the implementation and compliance with the regulation. Authorities must be independent and must not be influenced directly or indirectly. |
| VII. Cooperation and consistency | The 7th chapter regulates the general cooperation between the individual supervisory authorities. In case of disagreements, the consistency mechanism is initiated and regulated by a binding decision of the European Data Protection Board. |
| VIII. Remedies, liability and penalties | As the chapter suggests, the articles address liability and penalties. In addition, the general conditions for imposing fines are outlined. These are decided based on the circumstances of each individual case. |
| IX. Provisions for specific data processing situations | The GDPR addresses provisions for specific data processing situations, such as freedom of expression and information, or the processing and access to official documents. |
| X. Delegierte Rechtsakte und Durchführungsakte | The European Commission is granted the authority to adopt delegated acts, transfer them, and define certain conditions for the transfer. In addition, a committee is established to support the Commission in its tasks. Delegated acts = non-legislative acts used to supplement and amend legal provisions. |
| XI. Final provisions | The final provisions primarily concern the relationship with other directives and existing agreements. The European Commission is required to produce a report every 4 years on the evaluation and review of the regulation and submit it to the European Parliament and the Council. |
Did you know?
The data processing agreement (DPA) mentioned in Chapter 4 can be found in leitzcloud in your customer portal, where you can sign it directly within the document.
What has changed for companies?
With the GDPR, the entire EU has been brought to a uniform level of data protection.
Scope: The regulation now also applies to non-European companies that operate on the European market or process personal data of EU citizens.
Fines: In particular, fines have increased significantly, so that depending on the violation, penalties of up to 4% of annual turnover or €20 million can be imposed.
Privacy by Design: “Data protection through system design” means that data processing procedures are already integrated into the system and are part of the standard.
Privacy by Default: “Data protection through privacy-friendly default settings” means that default settings must be designed to be privacy-friendly so that primarily less tech-savvy individuals are protected.
Notification obligation: Companies are subject to a notification obligation in the event of data breaches, which must be reported within 72 hours.
What has changed for consumers?
What additional rights have been granted to consumers?
Data portability: Consumers have the right to data portability, meaning they have the right to take their personal data to another provider—in a secure and commonly used format.
Consent to data processing: Such consent must always be given voluntarily and can be withdrawn at any time.
Right to rectification: Consumers have the possibility to have incorrect data corrected without delay.
Right to erasure: Data must be deleted as soon as the purpose no longer applies or consent is withdrawn.
Right of access: Consumer rights have been expanded; for example, they receive not only information about the purpose of data processing, but also about the duration.
Test the GDPR-compliant cloud solution for your company now!
Sources: Intersoft Consulting (accessed14.06.2021)
Datenschutzexperte.de (accessed 14.06.2021)
Datenschutz.org (accessed 15.04.2021)
