Germany

Privacy |Data Protection- Legal IT-Security Requirements for the not public sector in Germany including applicable EC General Data Protection Regulation (“GDPR”), status September, 2018
IT security shall mean: technical and legal measures for the IT infrastructure to realize and to react in case of a danger.
Security for personal data shall mean: safeguarding the availability, confidentiality and the integrity of data.
Safeguarding shall mean: the quality of the IT system to fulfill demands within a reasonable time.
Confidentiallity shall mean: only authorized people get access to data.
Integrity of data shall mean: the characteristics of data and information keep unmodified.
Technical and Organisational Measures ( “TOMs”) are in the center of legal IT security measures concerning privacy. In many places of law the data controller is required to implement TOMs to guarantee security for human personal data and
- to look for,
- to balance,
- to implement ( privacy by design, privacy by default ),
- to document,
- to monitor,
- and if necessary to adopt the technical and organizational measures for the security of personal data.