Half-knowledge or even ignorance is not only unsexy, but with Privacy for Companys even dangerous: Non-compliance with legal requirements can lead to severe fines and imprisonment of up to two years.

Privacy_Access
Contents Hide

Dangerous half-knowledge

Many entrepreneurs do not know how data protection works properly in practice. This applies to the self-employed and freelancers as well as to those responsible in small businesses up to SME.

Paragraph 9 of the Federal Data Protection Act (BDSG) contains eight so-called technical and organizational ones Measures, which are to be taken to ensure data protection:

As a complementary aspect of data protection, all these controls serve the higher-level Objective of data security. The conceptual proximity of the words access, access and access control alone suggests a defined view and care in everyday dealings. So it is advisable to deal with it a little more intensively.

Access control - "Who has to stay outside the door?"

In data protection, access control means taking measures to prevent unauthorized persons from gaining physical access to data processing systems. In the broadest Sinn this includes computers of all kinds - server, PC, emergencyebook, Smartphones, copiers, scanners and other devices that are suitable for processing personal data.

Unauthorized persons are all those who, due to the assigned to them Tasks do not have to stop at the corresponding devices. The aim is to rule out the possibility of unauthorized knowledge or influence from the outset.

The protection measures are to increase as the sensitivity of the data increases. Measures for access control of access control are:

Access control - “Use of the system only for authorized persons!”

While access control prevents physical access, access control prevents the use of the system. Access control prevents unauthorized use of data processing equipment.

Under no circumstances should companies disregard the vulnerability from outside via data connection (Internet) – a major gateway for cybercriminals and data thieves.

Unauthorized access to personal data can be prevented with the following measures, individually or in combination Combination, be prevented:

Access control - “Your, mine and our data!”

The access control ensures that only authorized persons have access to personal data, programs, and documents.

From the task assignment and the Organization of the company results in the respective authorization. What many people don't know is that the supervisor of an authorized employee does not automatically have access authorization.

Unauthorized reading, copying, changing or deleting of personal data during processing, use or storage should be expressly prevented. An access matrix is ​​used to document which authorization concept is used Employees which data and programs has access to. When using mobile data carriers and end devices (USB stick, emergencyebook, camera, etc.) access control is increased awareness to dedicate. In addition, data security should be guaranteed by using an appropriate encryption method.

Measures of access control are:

Access, access and access control are seamlessly linked to each other. In individual cases, therefore, each company must examine which of the individual measures is appropriate and feasible.

Not only because of the narrow terminology: In order to avoid costly misunderstandings in data security, care and expertise are required. External data protection officers offer expert support and secure handling of the technical and organizational measures as well as all other data protection-specific topics. Data protection and data security are professionally managed Hand in hand - to protect against punishment and above all to protect your own company.