Since May 25, 2018, the General Data Protection Regulation came into force. Companies need to optimize their internal processes and processes. In particular, the human component in the context of data protection poses a risk for many companies. Careless and inexperienced employees are a particular weak point. However, the following mistakes can be avoided by sensitizing employees.