Main Content

The EU General Data Protection Regulation

Not irrelevant: Personal Data
Image: Staff Unit Information Security

What data is protected?

The General Data Protection Regulation protects personal data. This is information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Some of these data are special categories of personal data that require heightened protection. The rules governing the collection and processing of such data are much stricter. Such particularly sensitive personal data, according to § 9 paragraph 1 of the GDPR, are:

  • information about ethnic origin
  • political views
  • religious as well as ideological convictions
  • trade union membership
  • information about the health of a person
  • data on sexual life or sexual orientation

Why is my data worth protecting?

As you can see, the data to be protected are very sensitive and personal data. Many companies make millions of dollars in profits each year by collecting and selling your data. Most of the time, the collected data is used to target individualized advertising. In the wrong hands, however, this data can also be misused, for example for blackmail, document forgery or manipulation.

For this reason, increased care is required when handling personal data. Companies and public agencies that collect, store and process such data must protect it from unauthorized access. In addition, not all data may be processed or stored - and certainly not passed on - for any purpose.

How is my data collected?

Personal data is often disclosed far too lightly out of ignorance. Especially in today's digitized world, mass collection of personal data is becoming easier and easier for companies. Your smartphone is particularly well suited for tapping location data, contact data, messages or health data, to name just a few examples. But even when surfing the Internet, you leave more traces than you realize. From the point of view of data collectors, one premise applies here: The more data, the better. The amount of data collected has grown rapidly in recent years. Storage technologies that are becoming cheaper, processors that are becoming faster and algorithms that are becoming more sophisticated are making it easier, more profitable and more dangerous to link and analyze your data.

What rights do I have?

Since you are basically allowed to decide yourself about the disclosure and use of your personal data, these are protected by rights. The most important rights concern the duty to inform, the right to information and the deletion of data.

Personal data may only be collected if you actively give consent to the process.

According to article 15 of the GDPR, you have the right to inspect the data stored about you by companies and authorities

Incorrect, outdated, unlawfully stored or disclosed personal data must be blocked, corrected or completely deleted by the data collectors in a timely manner. You have the right to demand that these procedures be carried out if a breach of data protection is identified in this respect.


Data Protection Officer of the University

Dr. Rainer Viergutz

Phone: 06421 2826155