In order to ensure the protection of personal data, the issue of data security certainly plays a central role. Important keywords in this context are privacy by design and privacy by default.
Definition
The term privacy by design refers to data protection through technology design. This means that when developing new technologies, appropriate solutions conforming to data protection must be ensured. For example, important data protection principles, such as data minimization, must not be ignored when developing new software programs and devices.
Privacy by default stands for privacy through appropriate default settings. The person responsible must ensure by appropriate default settings that only those personal data are processed, which are absolutely necessary.
Are you still not sure what data protection by design and default actually means? Let’s have a look at a few examples:
Example
Privacy by design: Integration of deletion concepts in software for data processing or the use of pseudonymisation (replacing personally identifiable material with artificial identifiers) and encryption (encrypting messages so that only those authorised can read them).
Privacy by default: For example, a provider of a social network must ensure that personal data of users are not published from the start by presetting its app. Persons who use the app should not first have to change the settings from “public” to “private”.
But what can be done concretely to improve data security? You will now get to know some suitable measures at a glance:
Definition of data protection objectives
TOMs – technical and organizational measures
Let us now take a look at the individual measures a little closer:
Essential data protection objectives are considered to be
Integrity: Data is true to the original and has not been damaged or changed by unauthorized parties.
Availability: Data is available to authorized persons when and where they need it. The data processing systemis to a certain extent tolerant of malfunctions and errors.
Confindentiality: The data is only accessible to authorized persons.
The GDPR requieres that the controller and the processor must implement appropriate technical and organisational measures (TOMS) in data processing to ensure a level of protection adapted to the risk.
As you already know, the GDPR obligates to privacy by design and default.
However, the precise measures to be taken to protect personal data are ultimately the responsibility of the data controller and the processor. Examples of TOMs are pseudonymisation and encryption of data, information and training of staff or automatic back-ups.
The following example shows how data protection measures can be put into practice.
Example
Suppose you are employed by a company that uses a customer database. This customer database is located on a server. In order to ensure an adequate level of protection for the personal data of customers, the following data protection measures, for example, would be conceivable:
Access to all customer data is only possible with password and user name.
The room in which the server is located is locked with a
Every use is logged, both log in and log out as well as changes to data records. A person is assigned to each login.
Read and write rights are only distributed as required.
If possible, customers are not recorded under a real name, but under a user ID.
Regular back-ups are made, which are also tested for integrity at certain time intervals.
All TOMs are reviewed on a quarterly basis.
Employees receive clear instructions on how to handle personal data, basic training on data protection and regular specific data protection notices by e-mail.
In order to ensure the protection of personal data, the issue of data security certainly plays a central role. Important keywords in this context are privacy by design and privacy by default.
Definition
The term privacy by design refers to data protection through technology design. This means that when developing new technologies, appropriate solutions conforming to data protection must be ensured. For example, important data protection principles, such as data minimization, must not be ignored when developing new software programs and devices.
Privacy by default stands for privacy through appropriate default settings. The person responsible must ensure by appropriate default settings that only those personal data are processed, which are absolutely necessary.
Are you still not sure what data protection by design and default actually means? Let’s have a look at a few examples:
Example
Privacy by design: Integration of deletion concepts in software for data processing or the use of pseudonymisation (replacing personally identifiable material with artificial identifiers) and encryption (encrypting messages so that only those authorised can read them).
Privacy by default: For example, a provider of a social network must ensure that personal data of users are not published from the start by presetting its app. Persons who use the app should not first have to change the settings from “public” to “private”.
But what can be done concretely to improve data security? You will now get to know some suitable measures at a glance:
Essential data protection objectives are considered to be
The GDPR requieres that the controller and the processor must implement appropriate technical and organisational measures (TOMS) in data processing to ensure a level of protection adapted to the risk.
As you already know, the GDPR obligates to privacy by design and default.
However, the precise measures to be taken to protect personal data are ultimately the responsibility of the data controller and the processor. Examples of TOMs are pseudonymisation and encryption of data, information and training of staff or automatic back-ups.
The following example shows how data protection measures can be put into practice.
Example
Suppose you are employed by a company that uses a customer database. This customer database is located on a server. In order to ensure an adequate level of protection for the personal data of customers, the following data protection measures, for example, would be conceivable:
-
Add a note