Securing data processing
According to the requirements of the General Data Protection Regulation, every form of data processing must be protected by technical and organizational measures. Implementing this requirement is not easy in practice, but requires comprehensive planning. This is particularly true when introducing a new processing operation. The basic requirement for safeguarding every processing operation is set out in Article 32 of the General Data Protection Regulation. This states that the selection of specific security measures must be based on the expected risk and its probability of occurrence, but also on the circumstances of the data processing and the implementation costs.
What my Defense-In-Depth approach
The Defense-In-Depth approach is the multi-layered design of a security system to defend against attacks. The decisive factor here is that no single, isolated security measure is taken. Rather, multiple measures must be combined in such a way that if one measure fails or is overcome, the other measures compensate for the gap and continue to ensure the security of data processing.
This system was developed for military purposes, with a different objective in detail, and then applied to the concept of information security.
However, this risk-based approach can also be applied when planning comprehensive protection of data processing operations.
Data protection supervisory authority recommends defense-in-depth approach
In its annual report presented on August 31, 2021, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia now points out the fundamental importance of the defense-in-depth approach for securing data processing. Thus, using a number of practical examples, it explained that errors leading to a breach of personal data protection can occur at any time. According to the state commissioner, this could happen even without the intention of those responsible. For this reason, the defense-in-depth approach has become established in practice. (https://www.ldi.nrw.de/mainmenu_Aktuelles/Inhalt/26_-Bericht/26_-Bericht-LDI-NRW.pdf P. 156)
If you have any questions regarding the technical and organizational safeguarding of your processing operations, please do not hesitate to contact your team at aigner business solutions GmbH. Simply use our contact form for this purpose. You can also reach us by phone at our headquarters in Hutthurm on +49 (0) 8505 91927 – 0 or at our branch office in Munich on +49 (0) 89 413 2943 – 0.
Jan Schwemler absolviert bei der aigner business solutions GmbH eine Ausbildung zum Kaufmann für Büromanagement. Jan hat in der Wirtschaftsschule Passau kaufmännische Abläufe erlernt. Nun lernt er die Umsetzung in der Praxis kennen. Seine Kreativität, Talent für Bildbearbeitung und Leidenschaft für Videoschnitt darf er in unserer Marketingabteilung einbringen. Nicht zuletzt durch seine Mitarbeit dürfen sich unsere Kunden und Follower stets über neue interessante Inhalte auf unseren Social Media Kanälen und in unseren Newslettern freuen.