Austrian legislators have made use of the opportunity to establish derogating regulations from the GDPR (‘opening clauses’). Thus, in the Austrian Data Protection Act (DSG), a child’s consent to an offer from information society services is lawful if the child has already reached the age of fourteen (§ 4 (4) DSG). Under the broad concept of ‘image recordings’, legislators have made regulations on video surveillance in § 12 f DSG. Likewise, data processing standards for specific purposes (e.g. processing in the public interest for archiving, scientific or historical research purposes as well as for statistical purposes and in case of emergency) are included in the DSG.
A substantial difference to the GDPR is found in § 4 (4) DSG. According to this regulation, immediate erasure is not necessary if, for economic or technical reasons, it is only possible at certain times. In this case, processing of the personal data concerned shall be restricted by that time, with the effect as stipulated in Art. 18 (2) GDPR. It remains to be seen how the ECJ will assess this provision and whether it is compatible with the GDPR.
In the following, you will find the additions and derogations from the GDPR on the most important topics of personal data protection that companies need to know. If topics are not linked, there are no derogating or specifying provisions in the national data-protection law.
- Specific data protection law and official guidelines
- Material and territorial scope
- Legal principles
- Legal basis
- Sensitive data
- Information requirements
- E-marketing (new regulation by ePrivacy Regulation remains to be seen)
- Automated decision-making
- Rights of data subjects
- Processing on behalf of a controller
- Records of processing activities
- Data security
- Data breaches
- Data protection impact assessment (DPIA)
- Data protection officer
- Data transfer
- Supervisory authorities
- Sanctions and penalties
- Data protection for employees
- Archiving, scientific and historical research