The following infographic is an overview of the data protection principles that apply to personal information collected through the internet and other services and platforms, including the use of personal data in relation to advertising, search, social networking, business applications, and other data protection matters.
It highlights the different types of data that can be collected and processed by a company, and the consequences of doing so, including where the data is stored and where it is used.
For further information about the data collection and use of online services and content, see our data protection guide.
More information about how data is collected and used by the online industry is available in our data privacy guide.
What you need to know about personal data collection, processing and use by companies and agencies Privacy and data protection laws vary across the European Union and its Member States, with varying rules for personal data collected via the internet.
For example, in Belgium, personal data can only be collected if the person has given consent, has given the company permission, and has given explicit permission.
For the purposes of this guide, personal information is collected only where it has been expressly authorized by the person.
Personal data can also be collected when the personal data relates to an identifiable individual (i.e. an individual’s name, address, phone number, date of birth, social security number, or medical condition).
However, where personal data is processed or transferred between companies, the transfer is only subject to appropriate legal obligations and is not subject to the personal information protection obligations applicable to the processing and transfer of other personal data.
If personal data are processed and transferred within the European Economic Area (EEA), the data can be subject to EU data protection law.
However, it is not covered by the same EU data privacy laws as those of the EEA Member States.
Personal information may be transferred between Member States only where the relevant data protection requirements and laws have been applied in the Member State in which the personal, health and safety data is to be transferred.
For more information, see the EU Data Protection Directive.
If the transfer of personal information takes place outside of the European Community, the EU Member State must apply its own data protection legislation.
For a more detailed explanation of the different data protection rules in each of the Member States of the EU, see this infographic.
When do you have to tell your boss about your personal information?
When you make a complaint about a personal data breach or other privacy breach, you must tell your manager as soon as possible.
The company must then provide you with the personal details you have given permission to receive and that they have applied to delete.
You may be required to pay a penalty.
This is the fee you are required to contribute to your company for the cost of the company’s response to the complaint.
If you are a non-EU resident, the company must also notify you of the payment.
When you want to complain about your data breach, it’s important to be specific.
You should be able to provide evidence that shows that you have not given consent to the data being used and that the data has been removed.
You can find out more about how to tell a company that you want it to delete your personal details.
You also need to make sure you can be sure that the company has complied with the legal requirements.
For information on how to be able of being sure you have complied with legal requirements, see what is required of you by law.
What should I do if I think my personal data has come into the wrong hands?
If you think your personal info has come in the wrong hand, you can take action by contacting the data controller in your jurisdiction.
The data controller must take the necessary steps to delete or erase the personal or other information in your data.
However this may take time.
For additional information, please see our Data Protection guide.
The relevant data controller is also responsible for the handling of any disputes you may have about your rights under data protection.
This includes dealing with the processing of your personal or sensitive information.
For your protection, you should ensure that the processing you want is done securely.
For any other enquiries, please contact the Data Protection Authority of your country.
The Data Protection Agency of the Netherlands is responsible for processing complaints and providing advice to data controllers and the authorities concerned.
Where applicable, the data controllers are also required to inform you of any requests for data to be processed.
For detailed information about your legal rights, see Data protection: how you can protect yourself.
What happens to my personal information after it’s been deleted?
Your personal data will be deleted if the processing has been stopped or the data that is transferred is no longer needed.
The following steps are needed for companies to delete data: Your data is deleted, and you can use the Delete option to delete the information.
The deletion will not affect your account and your privacy settings.