Datenschutz für Einsteigerinnen und Einsteiger

1. 00:00Welcome to part 3 of the course Data Protection for Beginners.
2. 00:06Today we will deal with with the rights of data subjects.
3. 00:09I will first say something briefly about the meaning of the data data subjects' rights and then present the three most important ones.
4. 00:17On the one hand, there is the right to information, the the right to erasure and the right to rectification.
5. 00:22Yes, what are data subject rights?
6. 00:25These are the rights of each individual vis-à-vis the data controller.
7. 00:31These have a considerable relevance.
8. 00:34According to the legislator or according to the intention of the legislator, they are the basis of informational self-determination,
9. 00:42serve information and transparency and are one of the central pillars of the GDPR.
10. 00:49Important here, tip from practice: There are significant fines for non-compliance.
11. 00:56So please take the Please take the rights of data subjects seriously.
12. 00:59Once again a legal legal basis for you to look at.
13. 01:05Article 15 of the GDPR regulates the right of access of the data subject. clearly that the person has a right of access.
14. 01:16and states to what this right to information relates to.
15. 01:19On the one hand, to the purpose, categories, recipients, the the existence of a right of rectification or erasure,
16. 01:27the existence of a right of appeal and information on the origin of the data. information on the origin of the data.
17. 01:31In addition, there is the question of profiling, but this is not so relevant in practice.
18. 01:37Yes, how can this request of the persons concerned happen?
19. 01:41It can happen both orally and in writing.
20. 01:44Important as a company, when I receive such a request, I first have to check the identity of the seeker.
21. 01:50So I have to be sure that it is actually the person they are claiming to be.
22. 01:57On the one hand, I can do this by means of a customer number, via the customer password or by presenting a copy of an identity card.
23. 02:05Important when you give the information, you must of course pay attention to this,
24. 02:09that you do not inadvertently give out data of other persons which may also be contained in these documents.
25. 02:16How do you have to give the information?
26. 02:18I would recommend for documentation purposes that you always do it in writing so that in writing, so that you can also prove it,
27. 02:23that you have complied with the obligation to provide information.
28. 02:26In principle, the data subject also has a right to a copy of the data free of charge.
29. 02:31However, there is also a dispute as to how extensive this right to a copy is designed.
30. 02:39Can you deal with when you are confronted with it.
31. 02:43What is the processing time?
32. 02:46You must immediately process a corresponding information claim to be processed, answered.
33. 02:51At the latest within one month at the latest.
34. 02:56In order to make this a little bit more binding, I have I have presented this here, how it normally works.
35. 03:02So you might have a former a former client or a former employee.
36. 03:07They will either contact your company data protection officer directly or an employee of the company. Data Protection Officer or to an employee of the company.
37. 03:13If the request goes to a member of staff, it would make sense to it would make sense to design it that way according to the internal guidelines,
38. 03:20that he always has to involve the data protection always have to be involved.
39. 03:23He then gives an employee the the employee to fulfil the right to information.
40. 03:30The employee then checks the identity, searches for the data the data, removes the data that does not belong in it and gives the
41. 03:38then gives the relevant information to the person concerned.
42. 03:42I would recommend, if you have a company, to have an appropriate process, a procedure for responding to these requests.
43. 03:51establish. Another affected right is the right to erasure.
44. 03:57This follows from Article 17 of the GDPR.
45. 03:59It is also called the right to be right to be forgotten.
46. 04:03This means that you have a right to request that relevant data that is no longer necessary be deleted.
47. 04:12Or data that would be collected on the basis of consent where the consent has been withdrawn, or
48. 04:18in general, these data have been processed unlawfully.
49. 04:24This right to erasure, that has been most debated in the revision of the GDPR.
50. 04:31Shortly before, or some time before, there was a landmark decision of the European Court of Justice.
51. 04:37That was the so-called Google-Spain decision, where the European Court of Justice massively upgraded this right to be forgotten.
52. 04:46It was about the fact that a concerned Spanish citizen wanted that search results be deleted for information about him.
53. 04:54This information was correct, it was correctly available on the internet.
54. 05:00In fact, however, the ECJ still said that in the case it could be required that no search results be displayed for it.
55. 05:09This was surprising for many and also led to the fact that Google then revised its algorithms accordingly.
56. 05:21Yes, what is the procedure?
57. 05:24Again, there is a request to to the person in charge from the persons concerned.
58. 05:29Here again the identity is checked.
59. 05:32Then it must be checked whether a reason for deletion actually exists.
60. 05:36So as I said just now, data is no longer necessary or the consent has been revoked.
61. 05:42Then I still have to check whether an Article 17, paragraph 3.
62. 05:48For example, the right to freedom of expression may be
63. 05:52and information may justify the
64. 05:54data should still be used.
65. 05:58And depending on the result I come to after this check, it is either that that I either find that there is no entitlement to deletion.
66. 06:05I must then give reasons for this, must then also inform the person affected must then also inform the person concerned how he can complain about it.
67. 06:11Or I come to it, there is a right to deletion.
68. 06:14Then, of course, I must do this immediately and also other recipients of the information
69. 06:21about it, and of course also the person concerned himself.
70. 06:27As a last right there is also right of rectification.
71. 06:30This is the already mentioned Schufa case, for example.
72. 06:37I can have an interest in having information about me, personal information, corrected. about me, personal data, be corrected,
73. 06:45so that I can then also get the corresponding I would like to have.
74. 06:50That was it on the subject of data subjects' rights.
75. 06:53In the next part, I will talk more about employee data protection in the next part.

To enable the transcript, please select a language in the video player settings menu.