The comprehensive new provisions on data protection are based on the General Data Protection Regulation (DSGVO), which created a uniform data protection law for all EU Member States. The EU regulation gives the legislators of the individual Member States a degree of latitude.
In Austria, this was applied by the resolution of the "Data Protection Adaptation Act 2018". From 25th May 2018, the EU General Data Protection Regulation (DSGVO - Regulation (EU) 2016/679) and the Austrian Data Protection Act (DSG - as amended by the Data Protection Amendment Act 2018) will apply in Austria. The regulation means more protection for citizens' personal data.
As of 25th May 2018, undertakings must keep a record of all their data-processing activities as controllers and/or processors (data processing directory). This is to be continually updated. The scope of the documentation requirement is lower for the processor than for the person responsible. The responsible person is obliged to provide certain persons, whose data he collects, with certain information.
If there is an infringement of the protection of personal data, the person responsible is on principle obliged to report this violation both to the data protection authority and (if the risk is likely to be high) to the person concerned.