The European General Data Protection Regulation (GDPR) will increase the level of the regulatory requirements for the IT security measures for the processing of personal data to be “state of the art”. In addition, a process for evaluating and testing the effectiveness of technical and organizational measures regularly must be established. The GDPR delegates all decisions about security measures to the processer and gives almost no detailed requirements. Furthermore, all decisions regarding security measures must be documented in detail.
The risk management for data protection takes a new perspective: not the damages to the institution are relevant but the potential risks to the rights and freedoms of the data subjects.
The talk will discuss the new requirements to It-security and to the transparent documentation in detail.