You shouldn’t lose sight of data protection not only when selecting the software, but also during operation. Operation that is as data protection compliant as possible also includes appropriate technical and organizational measures and their regular checking and adjustment. The appropriateness of this is based on the need for protection of the processed data. In addition to the protective measures taken internally, the manufacturer’s security updates must also be imported as soon as possible after they have been published. With modern cloud solutions, security gaps (e.g. Microsoft 365) are discovered again and again, in which the manufacturers themselves offer timely measures to close the gaps.
The implementation of the measures begins with the introduction of the software and ends … never? As long as the software is in use, it must be checked at regular intervals whether it is first of all still compliant with data protection, whether the software has been further developed and thus complies with the current security standards and, last but not least, whether it is reliably imported internally. An alternative must be found at the latest when the software manufacturer itself no longer provides security updates. In the fast-moving IT environment, it is essential to avoid possible security gaps by continuously developing the software solutions used.