Data protection and information security as two sides of the same coin.

Data protection is not possible without good information security. The hinge on both sides of the coin is the Technical Organisational Measures (TOM). These deposit in both as Privacy by Design and Privacy by Default. Other parallels in both spheres are risks, storage, and governance. Risks are handeled as a part of risk management of information security and as a part of data protection od data protection impact assessment (DIA), information is subject to retention periods. However, if information is also personal data, it is subject to deletion periods - together they form a mostly irresolvable contradiction.

Both sides must introduce minimum governance for their treatment: Control function (IPM or DPO), prioritised treatment by management, sufficient resources in terms of staff, technology and time. It is obvious to organise both topics in management systems: Information Security Management System (ISMS) and Data Protection Management System (DSMS). An ISMS should be set up according to the ISO 27001 standard, a DSMS precisely not according to the ISO 27701 standard. For data protection, the straightforward approach according to the GDPR is recommended. Both spheres remain in motion and offer space for new surprising solutions. 

Insights

Reference items
Blogpost

ISMS as a management tool for XAIT

With the help of certified information security management systems (ISMS), institutions can fulfil a large part of the xAIT requirements (BAIT, ZAIT, KAIT, VAIT).

22nd September 2022
Blogpost

DORA – Delta View

DORA is intended to transfer national regulations in the area of financial market regulation into uniform, harmonised EU law. This blog post focuses on the delta to current regulation, i.e.

25th October 2022

Contact our experts

Reference items

Expert EN - Liubov Khomutovskaya

Liubov Khomutovskaya
Legal Director
Liubov
Khomutovskaya

Liubov Khomutovskaya is a Legal Director at CORE. Her expertise focuses on drafting and negotiating IT contracts with German, European, and US partners. She has extensive experience in negotiating ...

Read more

Liubov Khomutovskaya is a Legal Director at CORE. Her expertise focuses on drafting and negotiating IT contracts with German, European, and US partners. She has extensive experience in negotiating IT outsourcing contracts in various industries, including the banking sector and the media industry.

Read less

Expert EN - Muskaan Multani

Muskaan Multani
Transformation Fellow
Muskaan
Multani

Muskaan Multani is a Transformation Fellow at CORE and has a background in
background in business law and strategic consulting. As a legal consultant and through various internships during her dur...

Read more

Muskaan Multani is a Transformation Fellow at CORE and has a background in
background in business law and strategic consulting. As a legal consultant and through various internships during her during her studies, she has already worked on various projects in the compliance accompanied. She is responsible for supporting project teams and clients with and clients in business-critical technology transformations.

Read less

Also interesting