Data protection rules apply when you “process” personal data. It is crucial to be aware of when you process personal data because you will often have obligations according to the data protection rules and be responsible for the protection of the data.
Processing may include any processing of personal data, including the collection, registration, organization, systematization, storage, adaptation or modification, retrieval, search, use, disclosure by transmission, dissemination or any other form of entrustment, alignment or interconnection, limitation, erasure or destruction.
If only one of the above-mentioned forms of processing takes place, it will still be a processing subject to data protection rules.
Data controller or processor?
When you as a private company, public authority, natural person, institution or any other body process (e.g. collect, record, disclose or delete) personal data about other persons, it is important that you are aware of your role in the processing. Read more about data controllers and processors here.
Processing’s that are exempted from data protection rules
Data protection rules do not apply to the processing of personal data by a natural person in a purely personal context. This may include, for example, correspondence and the provision of a list of addresses or social networking activities and online activities carried out as part of such activities.
Authorities investigating or prosecuting criminal acts, such as the police, public prosecutors or courts, are also generally excluded from the scope of the General Data Protection Regulation. The processing of such information is regulated by the Danish Law Enforcement Act.
Finally, the data protection rules do not apply to controllers established outside the EU. However, there are a number of exceptions to this.