DATA PROTECTION, THAT REALY PROTECTS DATA!
The digital era
Today, we live in a digital era, where information is stored and transmitted mainly in digital form in a virtual world. As a result, we all leave an even larger digital footprint. Our IT gadgets such as smartphones, PCs, cars, smart home devices, etc. produce and collect countless data about us and our behavior every day. Without sufficient encryption, this data can be breached and analyzed by criminals through man in the middle Attacks. For this reason, data protection has become highly important and paramount in today’s world.
In addition, almost every interaction with companies and authorities is now documented and stored in digital form. This data reveals all private sometimes even confidential company information. And most people are probably not happy about this practice.
Data exchange from and about customers is standard!
In the economy, the adaptation of products and services to customer requirements through information from and about potential and existing customers is standard.
Every company has an interest in finding out more about their customers and “learning” from them. In the digital environment, many people are not aware that their data is collected, the implications of their data collection, and what happens with the collected data later on.
In IT security training, you can increase your user awareness and better protect yourself and your data.
If data is processed without encryption, the information may also become available to third parties. Therefore, personal data must be specially protected. This requires IT security measures, e.g. encryption during data transmission and storage. Such measures are referred to as technical and organizational (data protection) measures (TOM).
Handling of data protection
Main principles of data protection:
- Personal data must only be processed lawfully.
- Personal data must only be collected for a specific, explicit and legitimate purpose.
- Personal data processed must be adequate, relevant and limited to what is necessary in relation to your processing purpose.
- You must clearly state what this purpose is, and only collect data for as long as necessary to complete that purpose.
The basis of data protection in Germany
In order to protect against improper data processing, laws have been enacted within the framework of data protection with the aim of protecting preventing the misuse of data by third parties.
In the digitally networked society today, data protection is intended to counteract the existing trend of being the “transparent human being,” – the transition towards a surveillance state and the risk of data monopolies by private companies.
The basis of data protection in the EU
The European Union states about data protection,” The protection of natural persons in relation to the processing of personal data is a fundamental right. ” (Art. 1 para. 1 Directive 95/46/EC).
- Protection of the right to informational self-determination
- Protection of personal rights during data processing
- Protection of privacy
Technical and organizational measures
TOMs (Technical and Organizational Measures) describe all data protection measures that ensure the security of personal data (data security), such as the use of firewalls, the regular updating of systems and applications, as well as the constant checking for weaknesses in these security measures. For effective protection, it is important that technical solutions and organizational processes are in sync with each other to provide effective data protection.
The necessary solution EDPS basic mandate
Activities as External Data Protection Officer
- Consultation on obligations under the GDPR
- Monitoring compliance with GDPR and BDSG
- Advice on data protection impact assessment and monitoring of implementation
- Cooperation with regulatory authorities
- Contact person for regulatory authorities
Our appropriate Solution Operational Mandate
TOMs (Technical and Organizational Measures)
- Creation of concept for data security
- Offer support and advice in the implementation of necessary or recommended measures
- Documentation of the data protection measures
Processing Directory (VdV)
- Assistance in creating a directory of processing activities
- Recording of all processing of personal data
- Support for risk assessments of processing operations
Order processing (AV)
- Evaluation of contractual relationships
- Review of contractors
- Documentation of order processing
Data Protection Management (DS-M)
- Structuring the data protection organization by defining responsibilities
- Creation of guidelines for internal data protection
- Providing consultation for management and training of the employees
What should you expect ?
Privacy checks !
As part of its statutory duties, BayLDA regularly carries out data protection checks, both on an ad hoc and unadvised basis. Incident-related audits are usually carried out on the basis of complaints or specific indications of possible data protection violations. Random checks are carried out at the discretion of the Board of Management in all regions of Bavaria, irrespective of the sector. The BayLDA usually conducts these random checks as so-called focused checks at individual companies on-site, as checks in a written procedure, or as online checks automatically via the Internet. Furthermore, the BayLDA also participates in supra-regional examinations
Source: Bavarian State Office for Data Protection Supervision