The question of the difference between the terms privacy and data security often comes up in employee training. Because often the terms are used incorrectly in the heat of the moment or out of ignorance. This article is about the question of the difference between data protection and data security.
First of all, it should be emphasized that a clear definition and exact delineation of the two terms is not readily possible, since they can be interpreted differently depending on the context and the author. The following delimitation should serve as a guide:
According to the General Data Protection Regulation (GDPR), “guarantees every citizen protection against abusive data processing, the right to informational self-determination and the protection of privacy.” Data protection is therefore the right of every citizen, at the same time disregarding personal rights and privacy Fundamental rights of people are violated. There are certain rules for the processing of personal data. These are mainly in the Information privacy law and in the data protection laws of the countries. It is subject to the legal rule “Prohibition with reservation of permission”. This means that the collection, processing and use of personal data is generally prohibited, unless a legal permit or voluntary consent justifies it. Data protection is therefore about the central question of whether personal data may be collected and processed at all or not.
Data security is a term closely linked to data protection, which is to be differentiated from it. In contrast to data protection, data security concerns all data in the company, regardless of whether they have a personal reference or not. This term therefore also includes such data that have no personal reference, such as construction plans – no matter whether in analog or digital form.
Data security has the technical objective of sufficiently protecting data of any kind against manipulation, loss, unauthorized access by third parties or other threats. In the context of data protection in accordance with data protection laws including annex, the data security is to be ensured by the implementation of suitable technical and organizational measures. In this context, it is the task of data protection, for example, to ensure the data security of personal data. Data security is thus a desired state, which is to be achieved inter alia by data protection measures.
If the security of the data of a company is not sufficiently guaranteed, then this fact can have disastrous consequences for a company – even if no personal data are concerned (eg industrial espionage). In addition, this can be the cause of data loss.
Difference privacy concept and data security concept
Is the difference between data security and privacy clearer to you now? Then the question arises of the difference between a data protection and a data security concept.
Data protection concept
A data protection concept describes the information required for a data protection assessment for the collection, use, and processing of personal data. It documents the nature and extent of the collected, used and processed personal data and reveals the legality. It includes analog data as well as digital data.
Data security concept
A data security concept primarily serves the goal of information security and, in contrast to the data protection concept, takes into account all data, whether analog or digital, whether personal or not. Thus, a data security concept, on the one hand, is the sum of a data protection and an IT security concept and, on the other hand, additionally takes into account all analog, personal data.
As you can see, the two terms privacy and data security are closely linked. However, while data protection deals exclusively with personal data, data security includes data of any kind and independent of a personal reference. Data protection is an important aspect of data security, because to ensure the highest possible data security in your company, you must, among other things, implement data protection measures.
If you also want to create the highest level of data security in your company, then at least you need experts in the fields of data protection and IT security. That’s the only way you can consider any type of data. The IT Security Officer, together with your data protection officer, regularly analyzes your current IT organization, puts together appropriate measures and supports you as a partner in achieving data security.