GDPR – Flying without wings?

Credit information, marketing data and data protection in Europe

Download GDPR White Paper

Ensuring that the data processing complies with the legal requirements


Protecting the rights of data subjects


Maintaining appropriate data protection processes

The tracks have been laid

The tracks have been laid

New data privacy laws for Europe

The 25th May 2018 was “Data Protection Day”. Following a two-year transition period, on this date the European General Data Protection Regulation (GDPR) came into force. By this date, all data processing procedures had to be switched over completely to the new laws. The purpose of the GDPR is the standardisation of the data privacy standards in all European countries.

Which data does the GDPR apply to?

The GDPR regulates the way personal data is handled within Europe. Legal entities are generally not affected. Personal data means not only data containing the name of a person, but also pseudonymised data and similar information, which at first glance appears encrypted, but which can be (re)assigned to a person by the processor. Typical examples of this include customer numbers, credit card numbers, as well as online and device identifiers (IP addresses, cookie IDs).

Does the GDPR also apply outside of Europe?

Does the GDPR also apply outside of Europe?

Yes; the scope of application of the GDPR includes not only companies, which are located within the EU, but also those, which are located in a third country, but which offer their services to EU citizens or which process data of EU citizens. Therefore, if the processor has its registered office abroad, this does not protect it against the application of the European data privacy laws (any more).

What are the requirements of the GDPR?

The requirements of the GDPR are similar to those of the current Swiss Data Protection Act in many respects. However, in a number of points the GDPR go even further, setting great value on the following obligations:

  • To ensure that the data processing complies with the legal requirements. It must be ensured that each data processing procedure is backed by a legal basis, that appropriate technical protective measures have been implemented and that this can also be proven;

  • To protect the rights of data subjects. Initially this includes the obligation to ensure transparency of the data processing procedures by properly informing the data subject and responding to any requests for information. Furthermore, provided that the relevant requirements are met, any rights to rectification, blocking, erasure, object or transfer of data, must be complied with immediately;

  • To incorporate data protection in all data processing procedures, right from the development stage, by implementing appropriate technical measures and privacy-friendly default settings;
  • To maintain appropriate data protection processes and, in particular, to keep up-to-date, accurate documentation of the data processing activities.
What data protection means to us

What data protection means to us

To us, data protection is both a business principle and a measure for establishing trust. It is a business principle as our customers rightfully expect us to only transfer data to them that has been collected and processed according to law. It is a measure for establishing trust as we would hardly be able to successfully collect information for our database from the data subjects if, with respect to the further handling of this data, we had a reputation as an opaque “black box”. Therefore, we take data protection compliance very seriously, both at national level and within the Bisnode Group, irrespective of whether the regulatory requirements are based on national laws such as the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) or on European regulations such as the GDPR.

Find out everything about how we implement the GDPR in our free, comprehensive brochure!

Download the GDPR White Paper

(German-language only)

Protect what is important to us

Download the GDPR White Paper!

Obtain detailed information on the European General Data Protection Regulation, which came into force on 25th May 2018, following a two-year transition period. Find out how we at Bisnode have your best interest at heart with respect to GDPR.

  • GDPR at a glance
  • Bisnode and the GDPR
  • Bisnode customers and the GDPR
  • Implementation recommendations
  • Share this article with your network