Skip to main content
All CollectionsResourcesData Sources and Data Storages
What are data sources and data storage locations?
What are data sources and data storage locations?
Updated over 3 months ago

When it comes to data protection in companies and compliance with the GDPR, both data sources and data storage locations are of central importance.

Data sources are the systems or locations from which personal data originates. These typically include employee data, such as personnel files and application documents, as well as customer data collected via orders, support requests or usage data on websites and apps. In addition, information from business partners and suppliers can also be an important source of data as contractual partner data. Online data collected through cookies, tracking tools or web forms, as well as external sources, e.g. from marketing companies or data brokers, also play a role. With the increasing use of IoT devices and sensors, device data is also becoming increasingly relevant.

Data storage locations include both physical and digital storage options. Companies often store their data on internal physical servers operated in their own data centres. However, cloud storage, e.g. via services such as Amazon Web Services (AWS), Microsoft Azure or Google Cloud, is becoming increasingly popular as it offers more flexibility. Databases, whether in SQL or NoSQL form, are used for the structured storage of customer data, transactions or personnel information. In addition to these centralised storage solutions, companies often use network drives or platforms such as SharePoint to store documents. Local devices such as PCs, laptops or smartphones used by employees also often contain personal data. Backups - either physical or cloud-based - are another important storage location, as are physical file folders in which personal data is archived in paper form.

With regard to the GDPR, companies must ensure that the processing and storage of personal data is lawful and transparent. Data may only be used for the purpose for which it was collected (purpose limitation) and companies are obliged to take technical and organisational measures to ensure data security. In addition, personal data may only be stored for as long as it is necessary for the original purpose (storage limitation). Access to this data must be restricted to authorised persons in order to prevent misuse.

By handling data sources and storage locations correctly and complying with the GDPR requirements, companies ensure that personal data is processed and protected in accordance with data protection regulations.

Related Articles
In some cases, I don't have a data storage location or an external recipient. How should I proceed?
Why are data storage locations and data sources considered the same resource?
Can data storage locations also be data sources?
What does the linking of a data storage location/product with an external receiver mean?
What are Assets
Did this answer your question?