Law: Federal Act on the Protection of Individuals With Regard to the Processing of Personal Data (Data Protection Act (DSG) BGBI. I No. 165/1999) (last amended in 2019) and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')
Regulator: Austrian data protection authority ('DSB')
Summary: In Austria, both the national DSG and the GDPR apply with regards to privacy issues. The DSG complements the GDPR, tailors its provisions to the particular national context, and provides the legal basis for the structure and powers of the DSB. The DSB is an active authority and has issued substantial fines, including, for example, a fine of €18 million against the Austrian postal service for violating the GDPR. The DSB and the Austrian Chamber of Commerce ('WKO') regularly issue guidance on privacy issues, including on data subject access requests, cookies, direct marketing, and the right to be forgotten. Alongside the GDPR and the DSG, Austria also ratified Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data ('Convention 108').