Since 25 May 2018 onwards, the General Data Protection Regulation, also known as the GDPR, applies throughout the European Union. The GDPR stipulates the way in which personal data are to be processed and how they must be protected.
What is the GDPR?
The GDPR is a regulation of the European Union. It applies directly in all of the member states including Austria. Every person whose data are processed is able to refer to and invoke the GDPR.
What is regulated by the GDPR?
The GDPR contains legal provisions regarding the processing of your personal data. Whether it concerns your name, your telephone number, your bank account transactions or even your hobbies – all are protected by the GDPR. The principles which it stipulates regulate the ways in which your personal data are permitted to be saved and processed.
Why does the Austrian Data Protection Act continue to apply (DSG)?
The European Union hasn't just enacted the GDPR, it has also enacted a full “data protection package”. This package also included a new data protection directive. How does a directive differ from a regulation? In contrast to a regulation, it is necessary for a directive to be implemented into national law first. In addition to this, the GDPR provides the member states with the scope to structure certain aspects on a more detailed basis than the GDPR itself.
Both of these have taken place in Austria with the Data Protection Act (Datenschutzgesetz), in short DSG.
Why is the protection of my data so important?
Data protection is a fundamental right. The same as your right to liberty or security, your right to the protection of your data is anchored in the Charter of Fundamental Rights of the European Union. The EU Charter of Fundamental Rights covers your relationship with governmental institutions.
It is legally acknowledged, however, in both the private and commercial spheres, that there must also be a balancing of interests between the Data Processor and what are referred to as the “data subjects” – i.e. between you and your bank, for example. This is stipulated in both the GDPR and the DSG.
Our personal data contains a lot of information about us: it can also refer to our hobbies, our preferences and our aspirations. Such things are naturally worthy of protection. Yet we can only improve our individual service for you if we are aware of your preferences. A key element of data protection is that we work with you to find a way of being able to process your data in your interests and under your supervision.
Doesn't banking secrecy apply, anyway?
Yes, information of which we become aware due to the business relationship is protected by Austrian banking secrecy - according to Art. 38 of the Austrian Banking Act. The GDPR also applies.
Good to know: The banking confidentiality arrangements can only be dispensed with in writing – refer to Art. 38 para. 2, clause 5, Austrian Banking Act. In this case, “in writing means”:
- the provision of a handwritten signature on “ink and paper” for example, or
- a qualified electronic signature, e.g. in the form of a “mobile phone signature” or
- strong customer authentication in digital banking, for example CardTAN or s Identity in George.
Where can I find out more about the GDPR and the DSG?
(All links are valid as of March 2023)
A consolidated version of the GDPR is available here:
A consolidated version of the DSG is available here:
The EU Charter of Fundamental Rights:
Further information about your rights is available on the following websites:
Austrian Data Protection Authority https://www.dsb.gv.at/