1. 📌 Essentials

• Personalakte: collection of all employment-related documents.
• GDPR (EU-DSGVO): primary data protection regulation in the EU.
• Data categories: personal data and data (health, religion, criminal records).
• Data processing: automated (digital) vs. non-automated (analog).
• Employee rights: access correction, blocking, deletion of data.
• Employer obligations: ensure data security, appoint data protection officer (DPO).
• Data protection principles: processing only when legally permitted.
• Data handling tasks: archiving, updating, providing information.
• Data protection measures: access controls, monitoring, involving Betriebsrat.
• Data protection law violations: penalties, breach notifications.

2. 🧩 Key Structures & Components

• Personalakte — contains personal details, employment history, education, remuneration, employment documents.
• Data protection laws — GDPR (EU-wide), BDSG (German law).
• Data categories — personal data (name, address), sensitive data (health, religion, criminal records).
• Data processing — digital (automated) and manual (non-automated).
• Data protection officer (DPO) — required if ≥10 employees (automated) or ≥20 employees (manual).
• Technical and Organizational Measures (TOMs) — access controls, encryption, monitoring.
• Betriebsrat (works council) — involved in data security measures and monitoring.

3. 🔬 Functions, Mechanisms & Relationships

• Data must be processed lawfully, transparently, and for specific purposes.
• Employee rights enable control over personal data (access, correction, blocking, deletion).
• Data categories determine handling and protection level.
• Data processing flows from collection (personalakte) → storage → use → update or deletion.
• Data protection measures (TOMs) safeguard against unauthorized access.
• DPO oversees compliance and advises employer.
• Betriebsrat collaborates on data security and monitors implementation.
• Processing exceptions include contractual necessity, legitimate interests, or research.

4. 📊 Comparative Table

5. 🗂️ Hierarchical Diagram (ASCII)

Personal Management System
 ├─ Personalakte
 │    ├─ Personal Data
 │    ├─ Employment Documents
 │    └─ Education & Certifications
 ├─ Data Processing
 │    ├─ Automated (digital)
 │    └─ Non-automated (manual)
 └─ Data Protection Laws
      ├─ GDPR
      └─ BDSG
          ├─ Employee Rights
          └─ Employer Responsibilities

6. ⚠️ High-Yield Pitfalls & Confusions

• Confusing personal data with sensitive data; not all personal data is sensitive.
• Overlooking the DPO requirement for certain employee counts.
• Assuming all data processing is lawful; must check legal basis.
• Misunderstanding the role of Betriebsrat in data security.
• Ignoring the difference between automated and manual processing.
• Believing employee rights are optional; they are legally protected.
• Underestimating the importance of TOMs in data security.
• Confusing GDPR scope with national data protection laws.

7. ✅ Final Exam Checklist

• Know what constitutes personal data and sensitive data.
• Understand the purpose and limits of data processing.
• Recall employee rights under GDPR and BDSG.
• Identify when a Data Protection Officer is required.
• Describe the contents of a personalakte.
• Explain the role of TOMs in data security.
• Recognize the involvement of Betriebsrat in data protection.
• Differentiate between automated and manual data processing.
• Be aware of legal bases for data processing.
• Know penalties for data protection violations.
• Understand the importance of transparency and employee consent.
• Remember key data protection principles: lawfulness, purpose limitation, data minimization.
• Be familiar with typical data handling tasks: archiving, updating, providing info.
• Understand the hierarchy and flow of data within HR management.
• Recognize common pitfalls and misconceptions.