Skip to content

Information security

Finding security vulnerabilities: Five tips for companies

Firewalls are no longer enough to protect companies from data crime – information security management systems have now become indispensable.

Eine Frau mit Brille und Laptop steht in einem modernen Rechenzentrum zwischen hohen Serverracks mit blauer LED-Beleuchtung. Die professionelle IT-Umgebung zeigt die technische Infrastruktur für Datenverarbeitung und Cloud-Services.

23 January 2018

It always used to be the case that data protection was at the bottom of the pile when it came to software development. Privacy by Design is now set to change this. Thanks to the General Data Protection Regulation, this principle is even going to be mandatory for companies as of 25 May 2018. Jörg Schlißke explains what's behind the concept and how it will improve data protection for users.

 

#explore: What is Privacy by Design?
Jörg Schlißke: Privacy by Design means that data protection is already considered in the design and development of software and hardware for data processing. Pre-installed user-friendly settings are intended to ensure that the only data collected are those required for the processing purpose in question, so as to ensure as little interference as possible in the rights to protection of the users. In a contract with an online retailer, for instance, these might be name, address and bank account details.

#explore: And what does this mean for companies?
Jörg Schlißke: A company may only collect information from its employees which is indispensable to the implementation of the employment relationship. Data avoidance and data economy are the key words here. If a company develops data processing software, it needs to ensure in this development that, for instance, a deletion concept is implemented or data fields which are not absolutely necessary are anonymised or pseudonymised. This basic principle of necessity is already enshrined in the German Federal Data Protection Act (BDSG). Privacy by Design is closely associated with Privacy by Default, which literally means “privacy as a factory setting”. Devices and web services must accordingly be equipped with privacy-friendly default settings by the manufacturers. Until today, users have often been forced to go through the tedious manual procedure of opting out of the automatic use of their data, for instance for advertising purposes. This was the case, for example, with Facebook's update of its privacy policy in 2015.

#explore: Could you give us another example that describes this more precisely?
Jörg Schlißke: As an example for the implementation of the Privacy by Default principle we can mention tracking settings of internet browsers. Here, the browser automatically informs the websites visited that the user should not be tracked. If they want to, users can switch off this protective feature themselves and give their consent to being tracked - in other words, they can opt in. This strengthens the freedom of choice of the user. In future they’re going to be able to decide for themselves which data they provide to companies over and above the bare minimum necessary.

#explore - The Online Magazine by TÜV NORD

This is an article from #explore. #explore is a digital journey of discovery into a world that is rapidly changing. Increasing connectivity, innovative technologies, and all-encompassing digitalization are creating new things and turning the familiar upside down. However, this also brings dangers and risks: #explore shows a safe path through the connected world.

Learn More About #explore