Data protection and information security as two sides of the same coin.

Data protection is not possible without good information security. The hinge on both sides of the coin is the Technical Organisational Measures (TOM). These deposit in both as Privacy by Design and Privacy by Default. Other parallels in both spheres are risks, storage, and governance. Risks are handeled as a part of risk management of information security and as a part of data protection od data protection impact assessment (DIA), information is subject to retention periods. However, if information is also personal data, it is subject to deletion periods - together they form a mostly irresolvable contradiction.

Both sides must introduce minimum governance for their treatment: Control function (IPM or DPO), prioritised treatment by management, sufficient resources in terms of staff, technology and time. It is obvious to organise both topics in management systems: Information Security Management System (ISMS) and Data Protection Management System (DSMS). An ISMS should be set up according to the ISO 27001 standard, a DSMS precisely not according to the ISO 27701 standard. For data protection, the straightforward approach according to the GDPR is recommended. Both spheres remain in motion and offer space for new surprising solutions. 

Insights

Reference items
Blogpost

ISMS as a management tool for XAIT

With the help of certified information security management systems (ISMS), institutions can fulfil a large part of the xAIT requirements (BAIT, ZAIT, KAIT, VAIT).

22nd September 2022
Blogpost

DORA – Delta View

DORA is intended to transfer national regulations in the area of financial market regulation into uniform, harmonised EU law. This blog post focuses on the delta to current regulation, i.e.

25th October 2022

Contact our experts

Reference items

Expert EN - Moritz Treutwein

Moritz Treutwein
Senior Transformation Manager
Moritz
Treutwein

Moritz Treutwein is Senior Transformation Manager at CORE. His focus lies within Banking & Capital Markets, and his expertise includes the management and implementation of business unit expansions ...

Read more

Moritz Treutwein is Senior Transformation Manager at CORE. His focus lies within Banking & Capital Markets, and his expertise includes the management and implementation of business unit expansions in the context of IT implementation projects, core banking transformations, audit remediation, and the development of digital business models. Furthermore, he is the appointed information security officer at CORE.

Read less

Expert EN - Katrin Miller

Katrin Miller
Legal Expert Manager
Katrin
Miller

Katrin Miller is a Legal Expert Manager at CORE. Katrin brings extensive experience from data protection projects in companies. In particular, she has deep application knowledge in the areas of int...

Read more

Katrin Miller is a Legal Expert Manager at CORE. Katrin brings extensive experience from data protection projects in companies. In particular, she has deep application knowledge in the areas of intellectual property protection and artificial intelligence in innovation management.

Read less

Also interesting