Fact or fake? 8 Questions regarding the General Data Protection Regulation

(Part 4/4) In times of digitisation, countless opportunities are emerging for businesses, as well as completely new risks. “Data is the oil of the 21st century”, many people say. To further control the commercialisation of personal data and to limit incidents such as Cambridge Analytical and Facebook in the future, the European General Data Protection Regulation (GDPR) came into force on 25 May 2018. This regulation affects every member state of the European Union and is therefore binding for everyone. The impact of the GDPR on the handling of data is immense. Since the entry into force, however, there has been great uncertainty concerning the interpretation of the regulation. We will shed some light into this darkness and clear up with 8 common misunderstandings.

Does the company have to send the privacy policy to the applicant via post when processing data that has been transmitted with the application?

Yes. Before any kind of processing of data (i.e. storing, adapting, transforming) can occur, the affected person must be fully informed. Online, for example via an applicant portal, this can be achieved quickly, as the applicant can accept the privacy policy through the click of a button. On the postal route, however, the procedure is more time consuming. Only when the applicant has returned the signed privacy policy, the company may work with the data. The applicant’s risk of losing the position to another applicant is high. But as the postal service today is no longer the most common type of application, it can be assumed that this problem will not arise too often for companies or applicants.

Is the mounting of a bell sign including the name of the tenant through the landlord/property management compliant with data protection regulations?

Yes. The landlord has the right to provide a bell sign with the name of the tenant, however, the tenant has the right to object. In Vienna, a tenant complained about a lack of data protection due to the name badges on the doorbells. The property management now has to change the bell signs of 220.000 tenants. Any person that wants to have their name on the bell sign can do so themselves.

The Austrian Society for Data Protection (Österreichische Gesellschaft für Datenschutz) considers the mounting of a name badge in a public space without the consent of the affected person to be a violation of data protection regulations.

But the state representative for data protection in Bavaria gives the all-clear. Should a tenant demand to remain anonymous, neighbours do not have to fear to be anonymised too. The property management only has to remove the name badge of the opposing person.

Thomas Kranig, president of the Bavarian Office for Data Protection (Bayerisches Landesamt für Datenschutzaufsicht), criticises the discreditation of the GDPR through cases like this. The reaction of the property management is a “scare tactic or pursuit of media presence”, since there is no necessity regarding data protection regulations to anonymise the bell signs, he says.