The EU’s GDPR strengthens personal rights. This is a benefit for every individual since the concealed collection of personal data is prohibited. All individuals must give their explicit consent to the storage and analysis of their data, e.g. for profiling. However, the value added of learning management systems is gained through profiling in order to determine individual learning needs. What happens if the learner does not grant permission for this profiling?

Also, it has resulted in a lot of additional work for companies. The obligation to compile lists of processing operations; to gather and store declarations of consent documentation; to process requests for information; to document the purposes of the processing; and much more poses enormous challenges, especially for small and medium-sized enterprises.

In the past, if violations of Germany’s Federal Data Protection Act were not of a serious nature, they were punished with warnings and small fines. The EU’s GDPR, in contrast, demands severe and effective sanctions for non-compliance. What is the position of the national supervisory authorities of the various countries? How do they view their role in the regulation’s initial phase? The workshop will also provide answers to these questions.

Participants will get a review of the first eight months of the GDPR. What has changed? How has implementation been verified? Have there been any sanctions? What role does the ePrivacy Regulation play, and what do people affected and data protection experts foresee?