Textseite
Classification of data
Abschlussbedingungen
Risk classes
From a data protection perspective, data can be categorised into different risk classes. The assignment to a risk class determines how worthy the data is of protection and which measures are necessary for processing (storage, access rights, etc.).
We have already looked at this topic in detail: the decisive factor is the type and amount of data to be processed. As a reminder: business e-mail addresses, which may be published on the company's website anyway, are less risky than personal data such as the address, telephone number or date of birth of a training participant, for example.
Attention, now it gets very special!
The following analyses and measures are usually handled by the relevant specialist departments and are the responsibility of the organisation's management throughout the organisation. You should have little to do with the topic in your project. However, a certain sensitivity to the topic does not hurt, as many of the measures must also be taken into account in everyday project work.
Protection groups
In information security, data and information is categorised into so-called "protection groups". The German Federal Office for Information Security recommends the classes "normal", "high" and "very high" for classification purposes.- Normal: The impact of damage is limited and manageable.
- High: The impact of the damage can be considerable.
- Very high: The impact of the damage can reach existentially threatening, catastrophic proportions.
Classification according to ISO standards
There are various approaches to determining the need to protect personal data. The measures are defined in various ISO standards, including ISO 27701 "Security Techniques", which is an extension of ISO 27001 and 27002 and specifies how data protection and information security measures are to be linked.
Germany is quite advanced in this area. With its Standard 200-2, the German Federal Office for Information Security provides a comprehensive methodology for the effective management of information security.
- German: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_2.html?nn=128640
- English: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi-standard-2002_en_pdf.html?nn=128640
You can find an example of the categorisation here: https://www.sec4you.com/klassifizierung-iso-27001/
GDPRism ist ein Projekt der Organisationen Medienkompetenz Team e.V. und Educommart und wurde kofinanziert durch das ERASMUS+ Programm der Europäischen Union.
Von der Europäischen Union finanziert. Die geäußerten Ansichten und Meinungen entsprechen jedoch ausschließlich denen des Autors bzw. der Autoren und spiegeln nicht zwingend die der Europäischen Union oder der Europäischen Exekutivagentur für Bildung und Kultur (EACEA) wider. Weder die Europäische Union noch die EACEA können dafür verantwortlich gemacht werden
