Whitepaper: GDPR & Authorization Management
The EU-wide General Data Protection Regulation (DSGVO) will become binding on the 25.05.2018 together with the new Federal Data Protection Act (BDSG), which has already entered into force on 30.06.2017. As a specialist for access rights in large companies, we are faced with the question of what effects the DSGVO now has on authorization management.
To this end, we initiated an exchange of information with lawyer Horst Speichert, who specializes in data protection, internet law and IT law. Out of our work highly interesting webinars for the DSGVO 2018 and their practical implementation of data protection on the file server. As the essence of this cooperation, Hr. Horst Steins summarizes the relationship between DSGVO and authorization management in a white paper, which we would like to make available to you herewith.
- Safety of processing
"According to this, apart from data protection guidelines and the obligation of data secrecy, a complete administration and documentation of access authorizations is required." - risk approach
"Thus, special measures and tools are required to make the actual accessibility of individual users visible and evaluable." - Proof of proof regarding IT security
external auditors, data protection officers, approved codes of conduct, certification procedures - documentation requirements
"Excerpt from a description of the procedure regarding the authorization concept" - High fines
"... which in the future will make it possible to impose fines that we previously only knew from antitrust and competition law." - Conclusion and outlook
"An individual, well thought-out authorization concept not only relieves the IT department, but also facilitates the work of the data protection officer."
