"In the age of rapid digitalization and a data-driven economy, conscientious handling of information is essential," says Helko Kögel, Director Consulting at Rohde & Schwarz Cybersecurity. In this context, he advises companies to use the upcoming General Data Protection Regulation as an opportunity. This is because business and processes in line with the EU GDPR can strengthen customer trust and underpin the necessary transparency towards third parties.

The required proof that a company complies with data protection regulations should also be an advantage. "This necessary condition of the regulation represents a great benefit for the company," says Kögel and explains: "The data protection officer quickly obtains an overview of the ongoing processing of personal data via a risk-based management system and can build his data protection audit on this." In addition, in the event of an audit by the responsible data protection supervisory authority, the procedure directory can be submitted at any time.

Security of data processing

Specifically, the modernization of data protection is to be ensured by several principles. These focus on the lawfulness, purpose limitation and storage limitation as well as the accuracy of personal data. A key aspect of the EU GDPR is the security of data processing. In order to ensure integrity and confidentiality, companies must take measures during data processing to prevent data manipulation and unintentional damage. When selecting suitable technologies, the probability and severity of the risk to the rights of the data subjects play an important role. "Above all, the assessment of the risk according to a defined methodology - the technical term is data protection impact assessments - represents an increased requirement for companies," emphasizes Kögel. Another challenge is the extended information and disclosure obligations towards data subjects as well as a general expansion of data subjects' rights.

To meet these challenges, Kögel recommends the introduction of an information security management system (ISMS). This establishes procedures and rules that ensure that the required information security in the company is first defined, then implemented and continuously improved. In order to meet the increased requirements of the EU GDPR, a broad-based portfolio of IT security solutions is also required that are interlinked at all levels. This includes setting up secure networks, monitoring, endpoints, applications and clouds. "The data protection officer and, in some cases, the IT security officer are always responsible for initiating and implementing the above-mentioned measures," concludes Kögel. cs

Embedded World, Hall 4, Stand 218