EU General Data Protection Regulation (EU GDPR) and Data Protection Amendment Act of 2018 (DSG): Data protection applies to all processing activities with personal data.

Processing activities are:

• Electronic processing of personal data (such as Excel spreadsheets, etc.) 
• Non-electronic file systems (organised according to personal information, such as lists of names, etc.)

Personal data is:

• Direct personal data (name, location data, online identification, etc.) 
• Indirectly personal data, if the data can be assigned to a person with the help of further information or technical aids (pseudonymous data, IP address, genetic data, etc.)

Pseudonymous data is:

Personal data that can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organisational measures to ensure that the personal data is not assigned to an identified or identifiable natural person. Caution: Pseudonymous data is subject to data protection!

Pseudonymous data is:

Data that cannot be assigned to a person. Anonymous or anonymised data is excluded from data protection.