Information Security

Data protection and information security are important, but are often managed and organised in different areas of the company. Probably the biggest formal difference is that the implementation of data protection is subject to strict legal requirements. With regard to information security, on the other hand, companies can introduce - or enforce - different approaches and concepts. You could also say that the main difference lies in the motivation to fulfil the legal requirements and enforce the interests of the company.

Despite these differences, the two areas often overlap in organisations. On the one hand, the data mentioned contains personal data and is therefore subject to data protection law. In any case, the company must observe and comply with the provisions of the Data Protection Act when collecting, processing and using the data. On the other hand, it is also in the company's interest to treat the relevant data confidentially and securely. External parties can ask at any time which personal data is stored and processed. Information security also plays an important role here, as it can regulate the organisational framework for information and data management in the form of an information management system.

Even within companies, there are always "internal" conflicts about information security and data protection. For example, when access data is stored on company computers. On the one hand, the storage of access data serves the purpose of information security. On the other hand, storing access data makes it possible to later determine who has authenticated themselves on which computer. As this is personal data for which a legal basis or consent is required and which is generally prohibited from the outset, there is a conflict of objectives.