Would you like to find out about other exciting topics in the industry?



Definition of DSGVO

The abbreviation DSGVO stands for Datenschutz-Grundverordnung, which translates to General Data Protection Regulation (GDPR) in English. It refers to a comprehensive data protection regulation introduced in the European Union (EU). The GDPR came into effect on May 25, 2018, with the aim of strengthening the privacy and protection of personal data for EU citizens. It sets the rules that companies and organizations must follow when processing, storing, and safeguarding personal data.


The Datenschutz-Grundverordnung (DSGVO) defines its scope concerning the processing of personal data. This regulation has broad applicability and applies to all organizations and businesses, regardless of their size, that process personal data. The scope is not limited to data processing activities within the European Union (EU) but also extends to cross-border data flows. This means that the DSGVO applies to data processing operations both within the EU and beyond its borders, as long as EU citizens are affected by the data processing.

Territorial Scope

The territorial scope of the DSGVO extends far beyond the geographical borders of the EU. The regulation applies to organizations and businesses based in the EU, regardless of their location, when they process personal data. Furthermore, the DSGVO's scope also extends to companies and organizations outside the EU that offer services to EU citizens or monitor the behavior of EU citizens. This expanded territorial scope aims to ensure the protection of personal data across national boundaries.

Material Scope

The DSGVO extends its material scope to all aspects of processing personal data. It regulates the collection, storage, use, and transmission of personal data and establishes high data protection standards. The regulation aims to ensure the integrity and protection of personal data by setting clear requirements for those responsible for data processing.

Principles of the DSGVO

The DSGVO is based on a set of fundamental principles that guide the processing of personal data:

Lawfulness and fairness: Data processing must be based on a lawful basis and ensure transparency and integrity in processing.

Purpose limitation: Personal data may only be processed for predetermined, explicit, and legitimate purposes and may not be used for other purposes.

Data minimization: Only data necessary for processing may be collected, and processing must be limited to what is necessary.

Accuracy: Personal data must be accurate and kept up to date, with appropriate measures taken to correct inaccurate data.

Storage limitation: Data may only be stored for as long as necessary for processing purposes and must be deleted thereafter.

Integrity and confidentiality: The security and confidentiality of personal data must be ensured through appropriate technical and organizational measures to prevent unauthorized or unlawful processing, loss, or destruction.

Claims and Objectives of the DSGVO

Information Obligation: Companies must provide transparent information about how they process personal data, including details on the purpose of processing, the duration of storage, and the rights of the individuals concerned.

Consent: Companies must obtain the explicit consent of individuals before processing their data. This consent must be given voluntarily, be specific, and be informed.

Rights of Data Subjects: The DSGVO strengthens the rights of individuals concerning their data, including the right to access, rectify, erase, and object to the processing of their data.

Objectives and Goals of the DSGVO
Data Protection by Design and Default: Companies are required to integrate data protection into their business practices from the outset and establish standard data protection measures.

Data Breach Notification: Companies are obligated to report data breaches to data protection authorities and affected individuals within 72 hours.

Tips for Implementation in the Company

Create Clear Data Protection Policies: Companies should develop clear data protection policies and ensure that their employees and customers understand them. This includes establishing procedures for obtaining and documenting consent, data deletion, and the protection of personal data.

Conduct Data Protection Impact Assessments: When processing sensitive data or engaging in high-risk activities, a data protection impact assessment is required. This helps identify potential data protection risks and take appropriate protective measures.

Appoint a Data Protection Officer: In some cases, companies are required to appoint a data protection officer. This is especially important for larger organizations or those operating in sensitive sectors. The data protection officer is responsible for ensuring GDPR compliance within the organization.


DSGVO in a Nutshell

The General Data Protection Regulation (DSGVO) is a significant law that strengthens the protection of personal data in the European Union and has worldwide implications for business practices. Companies and organizations must adhere to the DSGVO to safeguard the data protection rights of citizens and avoid potential legal consequences. Compliance with the DSGVO requires careful planning and implementation of data protection measures to ensure the privacy and lawful handling of personal data.


Latest from our blog

Digital Asset Management (DAM) vs. Google Drive and Dropbox

Explore the difference between digital asset management (DAM) and cloud storage such as Google Drive and Dropbox. This article highlights the benefits of DAM, offers a comparison with conventional cloud solutions and helps you to find the ideal option for effectively managing your digital content.

schedule 15 min

Asset Integration Tool at ZEG: A perfect start to automation

Naming assets is a challenge that should not be underestimated when it comes to automated processing and synchronization with the PIM. In this article, you can find out why this is the case and how our customer ZEG achieves an improvement in quality with our Asset Integration Tool (AIT).

schedule 6 min


PXM for Dummies

Your guide to product experience management. Give you an edge in e-commerce.