Data protection management

Data protection management is a method for systematically planning, organizing, managing and monitoring the legal and operational requirements of data protection .

target

The starting point is the idea of ​​providing companies and authorities with a system that can be integrated into business processes in order to anchor data protection in the long term and in a comprehensible manner within the organization. A data protection management system (abbreviation DSMS) can be set up in accordance with international management standards.

Systematic data protection management is important in order to be able to mitigate the accusation of negligence in the case of supervisory procedures that can result in fines, fines and even imprisonment (from May 25, 2018: Article 83 II of the GDPR ).

method

Usually it is first defined and determined which structures, roles and responsibilities are to be shown. The central element of a management system is the documentation. Accordingly, the organization of the data protection documentation must be structured according to good practice examples. In addition, a catalog of requirements should be available that combines legal requirements and essential information security requirements . Since the goal of management systems is usually a globally applicable standard, references to specific legal texts are omitted. However, due to its high standards , the Federal Data Protection Act can serve as an orientation framework. The establishment of a continuous management cycle supports e.g. B. the neat design of order data processing in accordance with Article 28 GDPR. The current management system is mostly based on the model of the PDCA cycle.

In practice, the systematics of a data protection management system can be integrated into an existing quality management system or an information security management system. In addition, accredited commercial providers now offer a certificate for a functioning management system following an appropriate audit process.