Everyone should know these five terms for handling data
What is the difference between data protection and data security? And what does data sovereignty actually mean? For the secure handling of sensitive data, these terms should not only be known, but also firmly anchored in the IT strategy – in practice, however, things often look different. In this blog post, we give you an overview of the most important terms.
Popular working models such as working from home or ultra-mobile working with smartphones and tablets connect teams and (co-)workers worldwide. In addition to many advantages such as flexibility or work-life balance, this development also brings new challenges for the secure handling of data. For example, sensitive company and customer data must be available at all times and comprehensively protected at the same time. Security concepts, compliance specifications and legal requirements play a role here, which often get mixed up in everyday life. Here is an overview of the five most important concepts:
Data protection
Data protection refers to all measures to protect personal data from unauthorized access, misuse, manipulation or unauthorized disclosure. In Europe, the GDPR forms the legal framework and requires, among other things, the minimization of data collection, the requesting of consent, transparency in data processing and the deletion of personal data.
Data security
Data security describes the organizational and technical measures to protect all data – not just personal data – from loss, manipulation, unauthorized access or wilful destruction. This includes encryption procedures, firewalls, access rights, backups or corresponding security protocols. Data security is therefore also the basis for effective data protection.
Data sovereignty
Data sovereignty means that individuals or organizations or the data owners themselves can determine who can access the data, how it is used and where it is stored. Especially in an international context – with different laws and framework conditions – this can be a challenge.
Protection of secrets
The protection of secrets refers to the protection of confidential know-how and trade secrets against unauthorized acquisition, use and disclosure, which is enshrined in the German Trade Secrets Protection Act (GeschGehG) and is the implementation of an EU directive. Trade secrets – i.e. information that has an economic value due to its exclusivity or for which there is a legitimate interest in keeping it confidential – are often also protected by confidentiality clauses in the employment contract.
Secret protection
Confidentiality protection is particularly relevant for confidential, highly sensitive information, for example in public authorities or security-critical infrastructures. It ensures that sensitive data is only accessible to those who are actually authorized – with physical, technical and organizational measures, such as access restrictions or the classification of information. Depending on the level of protection required, the information is declared classified and assigned different levels of secrecy – VS-NfD, VS-Vertraulich, Geheim and Strictly Secret.
The correct organizational and technical handling of data is the basis for the increasingly widespread ultra-mobile working methods. Only those who have a solid foundation and meet the legal requirements can really benefit from New Work models and gain trust.