the german data privacy law and it security
play

The German Data Privacy Law and IT Security Stefan Schumacher - PowerPoint PPT Presentation

Aug 17, 2023 •537 likes •905 views

Data Privacy Laws Directory of Procedures small and medium-sized enterprises The German Data Privacy Law and IT Security Stefan Schumacher sicherheitsforschung-magdeburg.de stefan.schumacher@sicherheitsforschung-magdeburg.de DeepSec In Depth

  1. Data Privacy Laws Directory of Procedures small and medium-sized enterprises The German Data Privacy Law and IT Security Stefan Schumacher sicherheitsforschung-magdeburg.de stefan.schumacher@sicherheitsforschung-magdeburg.de DeepSec In Depth Security Conference Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  2. Data Privacy Laws Directory of Procedures small and medium-sized enterprises About Me Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  3. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  4. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Research Programmes Social Engineering / Security Awareness Psychology of Security Didactics of Security/Cryptography Construction of Security in Individuals (qualitative research) IT security in (very) small enterprises Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  5. Data Privacy Laws Directory of Procedures small and medium-sized enterprises ToC Data Privacy Laws 1 Directory of Procedures 2 small and medium-sized enterprises 3 Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  6. Data Privacy Laws Directory of Procedures small and medium-sized enterprises History debates about privacy and data processing in the 1960s computers became powerful and affordable governments wanted to collect and analyse data data, information and knowledge is power population was not happy with this scientific and political debate begun leading to data privacy laws Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  7. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Data Privacy Laws first law introduced in 1970 in Hesse federal law in West Germany since 1977 1981 introduced in all West German federal states based on the concept of informational self-determination Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  8. Data Privacy Laws Directory of Procedures small and medium-sized enterprises informational self-determination ... in the context of modern data processing, the protection of the individual against unlimited collection, storage, use and disclosure of his/her personal data is encompassed by the general personal rights of the German constitution. This basic right warrants in this respect the capacity of the individual to determine in principle the disclosure and use of his/her personal data. Limitations to this informational self-determination are allowed only in case of overriding public interest. Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  9. Data Privacy Laws Directory of Procedures small and medium-sized enterprises informational self-determination administration/companies are not allowed to gather data about me administration/companies are not allowed to process data about me administration/companies are not allowed to share data about me unless you are legally allowed to or I agreed to it (written, with certain limitations) Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  10. Data Privacy Laws Directory of Procedures small and medium-sized enterprises main concepts of data protection prohibition with reservation of authorisation (by law or the person affected) data reduction and data economy necessity appropriation: data is only allowed to be processed for the purpose it was collected. eg. a mail order company cannot use address and banking data for marketing purposes Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  11. Data Privacy Laws Directory of Procedures small and medium-sized enterprises main concepts of data protection prohibition with reservation of authorisation (by law or the person affected) data reduction and data economy necessity appropriation: data is only allowed to be processed for the purpose it was collected. eg. a mail order company cannot use address and banking data for marketing purposes Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  12. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Thomas Hobbes Leviathan And Covenants, without the Sword, are but Words, and of no strength to secure a man at all. Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  13. Data Privacy Laws Directory of Procedures small and medium-sized enterprises supervision federal data protection officer for federal agencies federal states data protection officers for agencies of federal states who also supervise companies companies have to have an internal data protection officer depending on the number of employees and/or type of data processed Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  14. Data Privacy Laws Directory of Procedures small and medium-sized enterprises supervision shut down and confiscate the IT system supervisors can give out monetary penalties companies can get the money back from the board/executives but also help with IT security methods Lidl had to pay 1.46m Euro Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  15. Data Privacy Laws Directory of Procedures small and medium-sized enterprises supervision shut down and confiscate the IT system supervisors can give out monetary penalties companies can get the money back from the board/executives but also help with IT security methods Lidl had to pay 1.46m Euro Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  16. Data Privacy Laws Directory of Procedures small and medium-sized enterprises in company data privacy officer checks the data privacy measures of the company reports directly to the board/executive has no power to direct cannot be fired has to be reliable and skilled typically an external consultant Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  17. Data Privacy Laws Directory of Procedures small and medium-sized enterprises ToC Data Privacy Laws 1 Directory of Procedures 2 small and medium-sized enterprises 3 Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  18. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Directory of Procedures required if personal data is processed directory or list of all procedures that process personal data e.g. application process, personal records, email, disciplinary warning letters public part has to be handed out to anyone who wants one internal part describing security measures only for supervisors Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  19. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Directory of Procedures describes the process the involved staff source of personal data object of data processing people/organisations that receive personal data Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  20. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Directory of Procedures What data is there? Where does it come from? Is it illegal gathered data? Is the data correct? Who entered illegal/incorrect data? Where and how is it processed? Who has access to the data? Are there external companies involved? Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  21. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Technical Organisational Measures required in the internal version, not to be published describes all technical and organisational measures to secure data different terminology than used in IT sec (unfortunately) developed by government officials and lawyers, so it’s legalese Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  22. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Technical Organisational Measures physical access control (server room is locked, document files are locked away) access control (user/password, 2FA) user access control/role-based access control (ACLs, roles/groups, categories for data) disclosure/transfer control (external backups are encrypted and stored in a vault) Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

  23. Data Privacy Laws Directory of Procedures small and medium-sized enterprises Technical Organisational Measures input control (who entered data? who is responsible for mistakes) commission control (external data processor have to follow your orders and conform to the BDSG) availability control (backups, redundant systems, hot standby, UPS) segregation control (data collected for different purposes has to be stored and processed segragated, eg. clients ./. potential clients) Stefan Schumacher sicherheitsforschung-magdeburg.de The German Data Privacy Law and IT Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much easier if there were someone we could all TRUST with our data Be8er data mining -- using MORE data, while respec@ng users PRIVACY

888 views • 35 slides
Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data Protecting Personal Data Privacy & Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned Did you know... 77 percent of all Americans feel their personal health information privacy is very important, and 84 percent said they

769 views • 50 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel

Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel

Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel DECEMBER 8, 2019 Data Privacy vs. Data Security Data Privacy Data Security How data is collected & How data is stored & used

465 views • 23 slides
CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt // http://yxiao.info i i f Outline Outline What is Location Privacy Basic Techniques Private Information Retrieval Probabilistic

415 views • 24 slides
CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory University Today Meet everyone in class Course overview Why data privacy and security What is data privacy and security What we

810 views • 70 slides
Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special

Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special

Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special Counsel, Data Privacy GTC Law Group Distinguished Fellow, Ponemon Institute The Universe of Current Privacy Concerns n The Privacy world is today

698 views • 40 slides
GTC Data Privacy & Security Training November 3, 2017 Hosted by 1 SPECIAL THANKS TO ....

GTC Data Privacy & Security Training November 3, 2017 Hosted by 1 SPECIAL THANKS TO ....

GTC Data Privacy & Security Training November 3, 2017 Hosted by 1 SPECIAL THANKS TO .... EMILY CHANG ASSISTANT GENERAL COUNSEL, DIRECTOR 2 GTC DATA PRIVACY & SECURITY GROUP gtclawgroup.com 3 PLEASE GIVE YOUR QUESTION CARDS TO:

984 views • 34 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference control Anonymization problem Anonymization notions and approaches (and how they fail to work!) k-anonymity l-diversity t-closeness

741 views • 51 slides
Global Privacy and Data Security Developments2013 By Katherine Ritchey, Mauricio Paez,

Global Privacy and Data Security Developments2013 By Katherine Ritchey, Mauricio Paez,

Global Privacy and Data Security Developments2013 By Katherine Ritchey, Mauricio Paez, Veronica McGregor, and Maria Sendra* Privacy and data security continue to be a focus for corporations, regulators, law enforcement, and consumer groups

282 views • 10 slides
Li Xiong CS573 Data Privacy and Security

Li Xiong CS573 Data Privacy and Security

Li Xiong CS573 Data Privacy and Security Security Engineering by Ross Anderson, 2001 Its function is to control which

422 views • 40 slides
Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology Transactions Practice Groups November 14, 2017 Linda Rhodes Joe Pennell Brad Peterson Partner Partner Partner 202-263-3382 312-701-8354

313 views • 29 slides
CCPA - How To Do It Tanya Forsheit, Chair, Privacy & Data Security Group, Frankfurt Kurnit

CCPA - How To Do It Tanya Forsheit, Chair, Privacy & Data Security Group, Frankfurt Kurnit

CCPA - How To Do It Tanya Forsheit, Chair, Privacy & Data Security Group, Frankfurt Kurnit Klein & Selz Beth Hill, General Counsel & Chief Compliance Officer, FordDirect Maggie Mansourkia Mobley, Advisor, Privacy Matters Privacy &

524 views • 26 slides
Key Benefits Issues During Current Pandemic Ma rc h 2 5 , 20 20 Cl ien t W eb ina r B R I A N

Key Benefits Issues During Current Pandemic Ma rc h 2 5 , 20 20 Cl ien t W eb ina r B R I A N

Key Benefits Issues During Current Pandemic Ma rc h 2 5 , 20 20 Cl ien t W eb ina r B R I A N M O R R I S , P r e s i d e n t J A S O N C O G D I L L , B e n e f i t s A t t o r n e y This Session Update on developments in Congress

292 views • 16 slides
HEALTH CARE REFORM BASICS Source: Blue Cross Blue Shield of Michigan Blue Care Network

HEALTH CARE REFORM BASICS Source: Blue Cross Blue Shield of Michigan Blue Care Network

HEALTH CARE REFORM BASICS Source: Blue Cross Blue Shield of Michigan Blue Care Network Health HealthCareReformBasics.com Provided to you by: Bonnie Fierens, RHU LIC Doyle & Ogden Insurance Advisors What is health care reform?

540 views • 14 slides
Solving vehicle Routing Problem using Quantum Annealing Pawe Gora Faculty of Mathematics,

Solving vehicle Routing Problem using Quantum Annealing Pawe Gora Faculty of Mathematics,

Solving vehicle Routing Problem using Quantum Annealing Pawe Gora Faculty of Mathematics, Informatics and Mechanics University of Warsaw & Quantum AI Foundation CEO & Founder Krakw Quantum Information Seminar (Webinar)

733 views • 61 slides
5 th Meeting of the International Comparison Program (ICP) Governing Board December 13, 2019

5 th Meeting of the International Comparison Program (ICP) Governing Board December 13, 2019

5 th Meeting of the International Comparison Program (ICP) Governing Board December 13, 2019 Washington, DC Global Release Event ICP Global Office, World Bank Communication Strategy: Pre-release Activities Output Audience Message Vehicle

660 views • 12 slides
The Business of Linux How individuals can get in the game. Presented by: Karlie Robinson Owner,

The Business of Linux How individuals can get in the game. Presented by: Karlie Robinson Owner,

The Business of Linux How individuals can get in the game. Presented by: Karlie Robinson Owner, Webpath Technologies & Jargon & Concepts The fundamental question in any presentation is... How Fast Should We Go? First... A mile-high

520 views • 36 slides
First Quarter Highlights and Financial Results Fiscal 2021 Forward Looking Statements You

First Quarter Highlights and Financial Results Fiscal 2021 Forward Looking Statements You

First Quarter Highlights and Financial Results Fiscal 2021 Forward Looking Statements You should be aware that certain written and oral statements made by management may constitute forward -looking statements within the meaning of the

207 views • 18 slides
Smarter Resources Smarter Business - Energy and Materials program Overview > About SV and

Smarter Resources Smarter Business - Energy and Materials program Overview > About SV and

Smarter Resources Smarter Business - Energy and Materials program Overview > About SV and programs for business > Funding opportunities energy and materials > Questions About Sustainability Victoria > Our vision:

305 views • 16 slides
Prepared by Dr. Robert Cloutier Mary A. Bone Question 1 Please tell us about yourself.

Prepared by Dr. Robert Cloutier Mary A. Bone Question 1 Please tell us about yourself.

MBSE Survey 2 INCOSE International Workshop Jacksonville, Florida Presented January 21-22, 2012 Prepared by Dr. Robert Cloutier Mary A. Bone Question 1 Please tell us about yourself. (Optional) International Responses Australia,

621 views • 28 slides

More recommend