In almost all cases, personal information is particularly sensitive information. Typical
examples include information about personal or material circumstances of an identified or
identifiable natural person. If the protection of personal data is not adequately ensured, there
is the risk that the social or financial standing of those concerned will be impaired.
For example, personal data may be misused when an organisation collects too much personal
data, has collected it without legal cause or the consent of the individual, uses it for a purpose
other than the permitted one for which it was collected, deletes personal data too late or gives
it to third parties without authorisation.
Examples:
• Personal data must only be processed for the purpose it was collected or stored for the
first time. It is therefore not permissible to use log files, in which the login and logout of
users on IT systems are only documented for access control, in order to check
attendance and behaviour.
• People who have access to personal data could give it to third parties without
authorisation. For example, an employee working at the reception of a hotel could sell
the login data of guests to advertising firms.