You'd like to find out more about the range of services offered by the msg group? Then visit the websites of msg and its group companies.

Current website

All msg websites
Range of services
Cybersecure Business Transformation
Governance & Compliance Excellence
Strategy & Organisation
Digital Trust
Service modules
Company
About us
Latest news
All news and topics
Career
Overview & Vacancies
Benefits

Message

Failed loading XML...

msg security advisors

Data Protection

GDPR - Transparency in Data Protection and Security

The General Data Protection Regulation (GDPR) has been in force since May 2018, and sanctions are now increasingly being imposed for violations. The financial penalties can be up to 20 million euros or 4% of the company's turnover. However, fines are only one aspect. If an incident becomes known, the loss of trust on the part of partners and customers weighs just as heavily, as they could refrain from current and planned joint business.

It is foreseeable that there will be further regulations addressing data protection and security. One of these will be the ePrivacy Regulation, which complements the GDPR by focusing on the protection of personal data in the area of electronic communications and aims to ensure the free movement of electronic communications data, devices and services. In addition, the Goods Trade Directive, which includes IoT devices, and the Digital Content Directive, e.g. for cloud services, will be transposed into national law by the EU member states.

The question of the specific "how?"

Although the General Data Protection Regulation specifies the rules precisely, the question of how to implement them often arises: How can suppliers and customers be involved? Or how do you deal with the order processing contracts?

The good news is: There are answers to these questions, and they are sustainable, practical and forward-looking.

At the beginning, however, the need for action in the company or organization must be determined. Our security check offers a gap analysis for the protection and the management of personal data and creates transparency regarding data protection and information security. Data protection needs a functioning data management.

How we can support you

Our holistic approach also considers sustainable and secure master data management. Individual recommendations for actions provide specific information regarding in which areas and how data protection and data management can be implemented in a better and more practical way to efficiently comply with the legal requirements.

ISO 27791 – Privacy Information Management

ISO 27701 (Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines) was publish in August 2019. SO 27701 is a not a new independent standard. It builds on ISO 27001 (information security management systems) and enhances this standard by data protection requirements for a data protection management system. This means that all requirements of ISO 27001 must be complied with for a successful proof of compliance.

In terms of content, ISO 27701 expands the requirements when defining the context of the organization. It is mandatory to include relevant data protection laws as well as corresponding court decisions. Likewise, aspects of the processing of personal data must be taken into account as part of the risk analysis. In addition, the standard provides the following guidance, among other things, as a supplement to ISO 27002, the guidance for implementing measures in annex A of ISO 27001:

Data protection in system design (privacy by design)
Expanding the guideline and directives to include data protection aspects
Data protection trainings for employees, event logging of personal data
Appointment of a person responsible for the data protection management system
Checking for data protection violations in case of security incidents
Encryption of special personal data (e.g., health data), for example

Due to specific requirements for a certification body according to Article 43 of the GDPR, an ISO 27001 certificate supplemented by ISO 27701 does not meet the GDPR requirements, at least currently, and is not proof of GDPR compliance. However, for companies that are already ISO 27001 certified, there are many synergy effects and advantages to be gained by setting up a data protection management system (DSMS).

How we can support you

Our experts provide support in the preparation , design and planning to the implementation to the certification of a DSMS. For this, we use tried-and-tested methods such as target/actual analyses or audit simulations. We work with a high level of detail and at the same time an eye for the big picture and the goals of our customers.

Your contact

Thomas Soens msg security advisors

Thomas Soens
Division Manager
msg security advisors

thomas.soens@msg.group

OWASP: These are the 10 biggest data protection risks

You would like to know more?

We are looking forward to your message!

Contact us!

Please fill out the form and we will contact you as soon as possible.

The field is limited to only letters and a hyphen (-).

The field is limited to only letters.

The field is limited to only numbers.

The field is limited to only letters,numbers and hyphens (/:.,!?-).

With this form collected individual-related data are exclusively used for internal handling and will be not forwarded to third parties. Please consider our data privacy statement.

I agree with the data privacy statement of msg advisors.

Contact

msg industry advisors ag
Robert-Bürkle-Str. 1
85737 Ismaning

+49 89 96 10 11 300
+49 89 96 10 11 113

advisors@msg.group

News from the msg group

The msg group

msg is an independent international group of companies with autonomous regional companies and subsidiaries and over 10,000 employees.

The msg group is active in over 34 countries in the banking, insurance, automotive, food, life science & chemicals, public sector, telecommunications, travel & logistics and utilities sectors. msg also develops integrated software solutions and advises its clients in all aspects of information technology.

Imprint
Privacy

Search
Menu (EN)
- Range of services
- Company
- Career
  - Overview & Vacancies
  - Benefits

Cookie settings

The msg security advisors uses cookies to provide an optimal website experience that is tailored to your specific needs. These includes cookies that are necessary for ensuring the smooth operation and the security of our web pages, as well as those used for anonymous statistical purposes, to help us reach our commercial business goals, or to display personalized content. You have the right to choose which categories you wish to allow. Please note that your decisions may affect which page functions are available while using our site. Further information can be found in our data protection information.

Required

Statistics

Hide details

Required

Required cookies are used to ensure the smooth operation of our web pages and to make them user friendly. They also enable security-related functions. Furthermore, these types of cookies help us identify whether you would like to remain logged in under your profile, thereby allowing us to make our services available to you even faster the next time you visit our site.
Statistics

In order to ensure continuous improvement of our content, structure and our website in general, we record anonymized data for statistical purposes. With your consent, data on your user behavior will be transmitted anonymously to Google Analytics. We use these cookies, for example, to determine how many times a specific page is accessed or the effect of certain pages of our web presence; we then use that information to optimize our site.