Data protection and information security as two sides of the same coin.

Data protection is not possible without good information security. The hinge on both sides of the coin is the Technical Organisational Measures (TOM). These deposit in both as Privacy by Design and Privacy by Default. Other parallels in both spheres are risks, storage, and governance. Risks are handeled as a part of risk management of information security and as a part of data protection od data protection impact assessment (DIA), information is subject to retention periods. However, if information is also personal data, it is subject to deletion periods - together they form a mostly irresolvable contradiction.

Both sides must introduce minimum governance for their treatment: Control function (IPM or DPO), prioritised treatment by management, sufficient resources in terms of staff, technology and time. It is obvious to organise both topics in management systems: Information Security Management System (ISMS) and Data Protection Management System (DSMS). An ISMS should be set up according to the ISO 27001 standard, a DSMS precisely not according to the ISO 27701 standard. For data protection, the straightforward approach according to the GDPR is recommended. Both spheres remain in motion and offer space for new surprising solutions. 

Insights

Reference items
Blogpost

ISMS as a management tool for XAIT

With the help of certified information security management systems (ISMS), institutions can fulfil a large part of the xAIT requirements (BAIT, ZAIT, KAIT, VAIT).

22nd September 2022
Blogpost

DORA – Delta View

DORA is intended to transfer national regulations in the area of financial market regulation into uniform, harmonised EU law. This blog post focuses on the delta to current regulation, i.e.

25th October 2022

Contact our experts

Reference items

Expert EN - Muskaan Multani

Muskaan Multani
Transformation Associate
Muskaan
Multani

Muskaan Multani is a Transformation Associate at CORE and has a background in
background in business law and strategic consulting. As a legal consultant and through various internships during her ...

Read more

Muskaan Multani is a Transformation Associate at CORE and has a background in
background in business law and strategic consulting. As a legal consultant and through various internships during her during her studies, she has already worked on various projects in the compliance accompanied. She is responsible for supporting project teams and clients with and clients in business-critical technology transformations.

Read less

Expert En - Artur Burgardt

Artur Burgardt
Managing Partner
Artur
Burgardt

Artur Burgardt is Managing Partner at CORE. He focuses, among other things, on the conceptual design and implementation of digital products. His focus is on identity management, innovative payment ...

Read more

Artur Burgardt is Managing Partner at CORE. He focuses, among other things, on the conceptual design and implementation of digital products. His focus is on identity management, innovative payment and banking products, modern technologies / technical standards, architecture conceptualisation and their use in complex heterogeneous system environments.

Read less

Also interesting