Data protection and information security as two sides of the same coin.

Data protection is not possible without good information security. The hinge on both sides of the coin is the Technical Organisational Measures (TOM). These deposit in both as Privacy by Design and Privacy by Default. Other parallels in both spheres are risks, storage, and governance. Risks are handeled as a part of risk management of information security and as a part of data protection od data protection impact assessment (DIA), information is subject to retention periods. However, if information is also personal data, it is subject to deletion periods - together they form a mostly irresolvable contradiction. Both sides must introduce minimum governance for their treatment: Control function (IPM or DPO), prioritised treatment by management, sufficient resources in terms of staff, technology and time. It is obvious to organise both topics in management systems: Information Security Management System (ISMS) and Data Protection Management System (DSMS). An ISMS should be set up according to the ISO 27001 standard, a DSMS precisely not according to the ISO 27701 standard. For data protection, the straightforward approach according to the GDPR is recommended. Both spheres remain in motion and offer space for new surprising solutions. 

Insights

Reference items
Whitepaper

Time to end the debate: leverage data protection

Data protection and trust together serve as the raw material for a successful digital economy. There exist clear potential for opportunities in the active, technology based design of compliance with legal requirements.

29th September 2020

Contact our experts

Reference items

Expert EN - Dr. Waldemar Grudzien

Dr. Waldemar Grudzien
Expert Director
Dr. Waldemar
Grudzien

Dr. Waldemar Grudzien is an Expert Director at CORE. Waldemar has 26 years of professional experience and is familiar with the special challenges of compliance-driven IT transformations. He acts as...

Read more

Dr. Waldemar Grudzien is an Expert Director at CORE. Waldemar has 26 years of professional experience and is familiar with the special challenges of compliance-driven IT transformations. He acts as an external data protection officer and external information security officer during the set-up and transformation phases of organisations.

Read less

Expert EN - Nadine Hofmann

Nadine Hofmann
Expert Manager
Nadine
Hofmann

Nadine Hofmann is an Expert Manager at CORE. Nadine studied aerospace engineering. Her consulting expertise focuses on technical data protection and information security with an emphasis on IAM and...

Read more

Nadine Hofmann is an Expert Manager at CORE. Nadine studied aerospace engineering. Her consulting expertise focuses on technical data protection and information security with an emphasis on IAM and SIEM, management of risks and DSGVO. She supports our clients in structuring and setting up financial compliance systems as well as accompanies organisations through the ISO 27001 certification process.

Read less

Expert EN - Patricia Hartl

Patricia Hartl
Transformation Associate
Patricia
Hartl

Patricia Hartl is a Transformation Associate at CORE. Patricia holds a Bachelor of Science in Economics and Social Sciences from the Vienna University of Economics and Business. Her main focus is o...

Read more

Patricia Hartl is a Transformation Associate at CORE. Patricia holds a Bachelor of Science in Economics and Social Sciences from the Vienna University of Economics and Business. Her main focus is on projects with a focus on digital transformation, payment market and information security. Patricia's experience at CORE includes strategic planning and implementation of ISO 27001, TISAX and GDPR requirements as well as multifunctional projects with a focus on IT and digital transformation strategy development.

Read less

Also interesting