Standard data protection model

from Wikipedia, the free encyclopedia

The standard data protection model (SDM) is a method with which the conformity of the requirements of data protection law and the technical and organizational functions of personal procedures can be checked. The purpose of the SDM is to convert normative requirements into functional requirements or to make technical and organizational functions verifiable based on legal standards. This is, technically speaking, a "lossy transformation", the success of which must ultimately be judged legally. The SDM is tailored to the requirements of the GDPR.

First of all, the SDM should lead to at least nationwide coordinated, transparent and traceable advisory and review activities by the data protection authorities; and secondly, give organizations a tool to set up and operate personal procedures independently.

The essential component of the SDM consists of a concept of seven elementary guarantee goals on the one hand, which are derived from Article 5 of the GDPR. The guarantee objectives are to ensure availability, integrity, confidentiality, transparency, intervenability, non-linkability, supplemented by the general guarantee objective of " data minimization ". And on the other hand, standard protective measures are assigned to each of these guarantee goals.

In contrast to information security, the need for protection applies to the persons affected by processing activities, not to the processing activities or business processes.

history

The Conference of the Federal and State Data Protection Authorities (DSK) adopted the concept of the guarantee objectives - at that time still "protection objectives" - as part of the modernization of data protection law in 2010. The DSK then accepted the operationalization of the protection goals by the SDM in October 2014, but had not yet published the model itself; In October 2015, the SDM was finally published for the first time in a trial version in the form of a 40-page SDM manual. Version SDM-V1.1 followed in April 2018, still as a test version. In November 2019, the DSK then unanimously adopted the final version of the consolidated SDM-V2; in the DSK's press release on the SDM-V2, the DSK recommends "those responsible in business and administration, the SDM for planning, introducing and operating personal processing apply ". A reference protection measure catalog is being developed by the Technology Working Group (AK-Technik) or by the SDM sub-group of AK-Technik (UAGSDM). As the owner of the model, the DSK decides on Germany-wide consensus updates of the model and its reference measures.

literature

  • Rasmus Robrahn, Kirsten Bock: Protection goals as optimization requirements . In: DuD - data protection and data security. Volume 42, Issue 1, 2018, pp. 7–12.
  • Martin Rost : Standardized data protection modeling. In: DuD - data protection and data security. 36th volume, issue 6, 2012, pp. 433–438.
  • Martin Rost: The order of the protection goals . In: DuD - data protection and data security. Volume 42, Issue 1, 2018, pp. 13–18.
  • Eva Schlehan: The methodology of the standard data protection model in the field of public security and justice . In: DuD - data protection and data security. 42nd volume, issue 1, 2018, pp. 32–26.

Web links