This module is about two things that help us to protect personal data in our project:

1. Information security (also IT security): the technical protection of data.
2. Risk analyses: methods for determining the appropriate level of protection for personal data.

Teamwork

You will generally receive support from the relevant specialist departments for both topics: your IT department for information security and your data protection officer for risk analysis. Under no circumstances do you have to carry out these topics alone as part of your project. As a rule, both areas are implemented throughout the organisation by those responsible.  It is important that you have a basic understanding of which measures can support data protection. If your project involves high-risk data processing or has special IT security requirements, you should involve the aforementioned departments at an early stage.

If you work in a small organisation where these specialist departments do not exist, you should at least work through the following pages carefully so that you can get external help if necessary, as there are processing operations that should not be carried out without the help of a data protection officer or legal support.

Source: OpenClipart-Vectors on Pixabay

Definition: Information security

For laypeople, the difference between data protection and information security is often difficult to grasp, as the terms are very similar. However, we are talking about two very different things here:

• Data protection refers exclusively to the protection of personal data. The aim is to respect the human rights of the persons concerned.
• Information security refers to the protection of IT systems and the data processed in them. This also includes data that is not personal, such as your project documentation or all other project documents. It is more about the protection of organisational knowledge and intellectual property. 

In times of digitalisation, data protection has many overlaps with information security, as a lot of personal data is processed digitally.

Source: Clker-Free-Vector-Images on Pixabay

Definition: Risk analysis

A risk analysis can become part of your data protection documentation and is proof that you have analysed the processing in question and considered the risks for the data subjects. There are various formats for a risk analysis, which we present to you below. These include the threshold analysis and the data protection impact assessment. However, both of these are already very detailed analyses that are highly unlikely to be necessary in your project.

Source: Mohamed Hassan on Pixabay

Task

Check whether the topics of IT security and risk analysis have already been implemented and documented in your organisation. If documentation is available, you can use it in your project. If these topics have not yet been implemented, you should urgently contact those responsible and address their implementation.