New rules in data protection

The European General Data Protection Regulation, GDPR, was implemented in Austria. The most important rules for consumers include the following:

Picto Datenschutz Information

The right to information:

Whenever companies save personal date, they are obliged to inform the concerned person - whether they collect the data themselves or receive it from third parties. The companies have to state who collects which data when, where, how, why and how long it will be stored. If there is any additional data from third parties, the source has to be stated. The same applies when data is forwarded to third parties.


The right of access:

Every EU citizen is entitled to be informed about any storage of data regarding his person. Within a month after his application, the data collector has to provide the requested information and send a copy of all collected data free of charge. The application can be in written form or even orally. What is important is that the applicant provided prove of his identity.

Picto Datenschutz Löschen

The right to erasure:

A decision about this so-called "right to be forgotten" claim was already reached in 2014, due to a lawsuit against Google before the European Court of Justice (CJEU). With the new GDPR, it was now implemented EU-wide. Every concerned consumer has the right that any personal data stored by a company is erased. Data collectors are obliged to delete data that is no longer needed for the initial purpose - or immediately if the concerned person withdraws his consent.

Picto Datenschutz Korrektur

The right to rectification:

If data about your person is wrong, you have the right to request a correction or completion.

Picto Datenschutz Widerspruch

The right to object:

You can object to any processing of your personal data for marketing purposes or for any other reasons linked to your individual situation.

Picto Datenschutz Verarbeitung

The right to restriction of processing:

You can request a data collector to limit his actions - e.g. if you are not sure whether the collected information is correct or if you think that the processing is unlawful.

Picto Datenschutz Übergang

The right to data portability:

A company has to follow your request to forward your personal data to another company. This may be helpful when you change your phone provider or insurance.

The minimum age to give a legally valid consent to the processing of personal data is 16 years according to the GDPR. However, member states can determine a lower age limit. In Austria, it is the completed 14th year. It is therefore harder for Teenagers to use services like WhatsApp or Instagrem.

Picto Datenschutz Vertragsalter

The GDPR foresees strict rules regarding data security. Breaches like hacks have to be reported within 72 hours, to the data protection authority as well as all concerned consumers whose data is affected. Furthermore, companies and organisations have to make sure that all collected data is stored safely. Otherwise they will be fined.

Picto Datenschutz

Austria's special solution

In Austria, companies will receive a warning before they are punished. Any fines need to be proportionate. Furthermore, the Austrian law allows exceptions and relaxed provisions for science, media and authorities.

The most important tips for your data

Protect your computer.

Keep your operating system and programmes current with automatic updates, use Antivirus software and firewalls and encode your WIFI connection.

Never reveal too much about yourself.

What you don't give away yourself, can't be disseminated by others. Be cautious with photos, videos and texts on social media. The internet never forgets. Once published data is hard or even impossible to erase.

Keep personal data secret.

Address, phone number, passwords etc. are of no concern to strangers. Wherever possible, use a nickname instead of your real name.

Use secure passwords.

Secure passwprds are a combination of at least eight letters, numbers and special characters. Use different passwords for different accounts. They should not be linked to each other or to your person.

Pay attention to the encryption of your data.

Only URLs with a "https" at the beginning mark a secure connection to a server. Make sure that any website where you submit personal data is secure.

Be careful with e-mails.

E-mails from an unknown sender, with links and attachments, are a risk. In case of doubt, don't click on links, don't open attachments and scan your computer with a current Antivirus software.

Pay attention when using public computers.

Don't let anyone peak over your shoulder when you enter your personal data. Don't save login data and always make sure to logout when leaving the PC.

It doesn't always have to be Google.

The big search engines, especially Google, collect data regarding your search entries. If you want to reduce such data collection, you should regularly change the search engine you're using for online research.

Delete cookies.

On most websites, you leave traces in the form of "cookies". You can delete them in your browser setting or block them categorically.

Ultimately delete hard disks.

Before you sell or dispose your devices, you should delete all data for good, so that it can't be restored (e.g. with a data shredder). This applies to computers and notebooks as well as tablets and smartphones.

Printer-friendly versionPrinter-friendly version