Opinion on the individual chapters

 

None.

This Regulation shall apply to the processing of personal data wholly or partly by automatic means and to the processing otherwise than by automatic means of personal data which are stored or are intended to be stored in a filing system.

The user account and audit trail.

Processing of personal data in the course of activities within the Union, if the controller or principal is located inside or outside the Union.

All users who do not work on Union territory or territory associated under international law are not affected by the EU GDPR.

 

None.

The users are needed for the mapping of rights and identification in case of queries.
The audit trail is collected for the case of legal relevance.

The processing is lawful only if at least one of the following conditions is met:
(c) processing is necessary for compliance with a legal obligation to which the controller is subject.
(f) processing is necessary for the purposes of protecting the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Ad c)
Relevant if the audit trail is legally necessary.
Ad f)
For the person(s) responsible (the company), the traceability of actions (the audit trail) is of great interest because of the root cause analysis.

If the processing is based on consent, the controller must be able to prove that the data subject has consented to the processing of his or her personal data.

Since the processing is within the scope of the notified work of a user, specific consent is not necessary.
[see also § 17(1b)]

None.

 

None.

 

None.

 

None.

 

Since the personal data is part of the notified work, transparency is guaranteed.

 

Since the user access generated the audit trail himself, a duty to provide information is not relevant. The user account contains little more than the rights and preferences he needs for his work.

 

This is not relevant for PIM application data, as this can only occur for user data; unless a user account is created and possibly used without the knowledge of the data subject....

For PIM, this is only relevant for the information stored at the user account; the audit trail has been generated by the user himself.

 

This only affects the information at the user, since the audit trail data is generated by the user himself through his activities.

 

The right to deletion does not apply if there is a legal basis [employment contract] {1b} or in case of/for the defense of legal claims {3e}.

 

The right to restrict processing does not apply if the data would be needed to clarify legal claims {1c} or in case of objection to processing, content of § 21 (1) {1d}.

 

Here it must be clarified whether this is regulated in the company's information process.

 

Whether the individual has the right to data portability depends on several factors: What data is at issue, application data or user data, and is that data authorized for disclosure to unauthorized third parties.

 

See § 6 "lawful processing" and § 7 "consent".

 

Profiling is only possible to a limited extent in the PIM, since only access to specific revisions of a version is possible. Real profiling is only possible by reading out the DB directly.

 

The listed restrictions such as national security, national defense, public security, etc. can only be related to the personal data through the company data and the actions on it. Then § 7 applies.