What are personal data?

Personal data means any information relating to a natural person that reveals the physical, mental, physiological, economic, cultural or social characteristics, relationships and affiliations of that person. Thus, all data that are even indirectly attributable to a natural person or through which a person can be identified must be considered personal data. Under the law, personal data are divided into ‘ordinary’ and special categories of personal data. Examples of ordinary personal data are name, place of residence, an image, a security camera recording, a TV clip where the person can be identified, etc.

Special categories of personal data reveal racial or ethnic origin, political views, religious or philosophical beliefs, genetic data, biometric data, health data or data concerning a person’s sex life or sexual orientation. The processing of such personal data is very strictly regulated. Exceptional cases in which special categories of personal data may be processed at all are, according to the Personal Data Protection Act and the General Data Protection Regulation (GDPR), for example, situations where processing is necessary for important public interest, such as to prevent a threat to public order or national security. Processing of personal data on grounds of public interest is allowed, for example, to prevent a humanitarian disaster or to protect the life and health of persons in the event of a natural disaster.[LH1] 

Does the new data protection regulation apply to you and your company?

Companies that should review their principles of processing personal data:

• Real estate companies (e.g. estate agencies)
• Financial and insurance companies (e.g. banks, lenders, insurers)
• Mail order and online retailers (e.g. online shops)
• Companies engaged in administrative and assistive activities (e.g. travel agencies, debt collection agencies)
• Health and social welfare providers (including general medical care, family medical centers, nursing care, dental care)
• Information and communications companies (e.g. web portals, magazine publishers, telecoms)
• Professional, research and technology firms (e.g. advertising agencies, market researchers, polling companies)
• Accommodation establishments (e.g. hotels, motels, guest houses)

Services offered by LMP Law Firm:

Data protection audit

We help clients conduct a personal data protection audit to identify potential weaknesses and risks in the company’s data protection policies and processes and to provide solutions to eliminate or reduce risks.

A data protection audit is an important process that gives companies and organisations an overview of their data protection activities. An audit helps remedy any data protection weaknesses and thus ensure compliance with relevant laws and regulations. In addition to compliance, the audit will also help ensure a timely response to data breaches.

The audit is broken down into various topics:

1. Evaluation of data protection processes and documents

We evaluate the existing data protection processes and practices of the company or organisation. This allows us to identify potential weaknesses and risks and recommend improvements. We also analyse the company’s existing data protection documents, such as data protection terms, privacy policies and personal data processing agreements, to ensure that they comply with the applicable laws and regulations.

2. Data protection training

We offer training sessions and seminars to help organisations better understand data protection rules and their impact on business operations. Such training helps organisations to better design and implement their data protection practices.

3. Planning data protection oversight

We help organisations draw up a data protection oversight plan to ensure the consistency and improvement of their data protection practices.

4. Preventing data breaches

We advise clients on how to respond to data breaches (data leakage incidents or data protection violations). We explain to customers their obligations and responsibilities in the event of data protection breaches and help develop a plan for responding to breaches in a timely and effective manner and for eliminating breaches.

Drafting data protection terms and privacy policies

We provide comprehensive support and advice in drafting data protection terms and privacy policies to ensure compliance with relevant laws and regulations. Our specialists help clients understand the impact of data protection terms and privacy policies on their business by conducting a thorough analysis of the company’s data protection practices. Based on the above, our specialists can advise on how to improve the company’s data protection terms and privacy policy.

We also help clients adapt their documents to comply with the applicable laws and regulations. Sound and clear data protection terms and privacy policies build trust and protect the business against data risks.

Data security

Our specialists advise on preventing data leakage, implementing security measures and managing data protection breaches. Our knowledge and experience help prevent data breaches and ensure data security and customer trust.

What should you do if you suspect that a company is not handling your personal data correctly?

Under the GDPR, every individual has the right to know who is processing their personal data, when and why. Everyone also has the right to prohibit the processing of their personal data by a company.

Therefore, if you suspect that a company is not handling your data correctly, e.g. shares the data with third parties or does not keep the data safe, we recommend that you first contact the company that you suspect is in error and tell them about your concerns. If the company does not provide a sufficiently clear answer or if you are not satisfied with their answer, you can contact the Data Protection Inspectorate, who will help you find out whether the company has breached the requirements of the GDPR. Our attorneys can advise and guide you on the next steps. Among other things, we can help you file a claim and seek compensation if you have suffered damage due to the misuse of your personal data. It’s important to remember that the GDPR is the European Union’s comprehensive data protection framework that protects individuals’ rights when their personal data are processed, and any breach must be taken seriously.

You can read more about data protection in our advice section.