When taking an overall look at the topic of “data protection”, its requirements and regulations, the importance of data security becomes very clear. Together with the IT security associated with it, it’s an essential base for accomplishing true data-security.
Data-protection is primarily implemented by technical and organizational measures. In turn, these measures ensure that the principle of “regulatory duty” is achieved. A duty that requires enterprises in Germany to act in compliance with the law as specified in the respective regulations. And to set up the technical and organizational structures required to uphold this compliance at all times.
Or, looking at it from a different angle: The IT systems used for data-security are – from a legal point of view – only installations. Yet, the enterprises operating them are fully responsible for operating them according to all relevant regulations. If this cannot be guaranteed, these installations must be taken out of service until proper “control” is restored.
Expressed in very simple terms: “You should not operate any technical installation that may be of risk to the public.”
If for example, a company runs a webshop with an insufficient password regime, they literary play with fire. To collect, use and control personal data safely, IT systems that are always functioning flawless are essential.