Good data protection makes for good business
Data and algorithms are the new operating resources
As individuals, entrepreneurs and society at large, we are spending more and more time online leaving an ever-larger digital footprint. We transmit data that is condensed into profiles and reveals much about our personality as well as our political preferences and tastes as consumers. Whoever has access to that data can influence people, steal identities, and cause harm.
However, data is not only valuable from the point of view of the individual, but is also a fundamental production factor for businesses operating in the digital space. Where classic industrial companies consisted of plants, reactors, halls, and workshops, today algorithms, software and databases are the very means of production.
That's why protecting the technical infrastructure is not just important to comply with data protection requirements but furthermore is a fundamental element in safeguarding creation of value in a modern business. If company secrets are spied out, data leaks out, or ransomware paralyzes entire systems, this can easily spell the end of a company.
Data protection and a reliable corporate IT setup are one and the same thing.
IT Security as the basis for every company with electronic data storage
To protect not only personal customer, employee, and supplier data, but also company know-how, trade secrets and digital resources, sensible technical protection measures must be introduced to ensure the integrity, confidentiality, and availability of data. The existing safeguards need to be constantly checked for security gaps, and there must be processes in place to keep all systems up to date at all times.
This shows that companies practicing good technical data protection do also protect their business - they kill two birds with one stone. Data protection, properly understood, is not an "additional task," not a burden, not bureaucracy, not an extra to the actual business tasks. Rather, data protection is in itself an increasingly important and central task. And on top of that it is also important in order to be able to do business successfully in the digital sector in the European Union going forward. With watchdogs growing teeth and consumers taking those things more seriously, compliance with the General Data Protection Regulation (GDPR) and the associated safeguarding of data sovereignty in Europe can become a competitive advantage over other companies that do not comply or only partially comply with the legal requirements.
Technical data protection as a secure foundation
Of course, infrastructure protection alone is not enough for a company to operate successfully. Rather, it must also be ensured that the organizational framework conditions for data protection is complied with.
It is indeed important to discuss whether an employer has the right to ask employees about their vaccination status. This is about balancing fundamental rights and personal freedoms with the rights of third parties and the general public; such issues have to be negotiated again and again. Undoubtedly, it is also useful to have standards for the way in which paper should be shredded so that the individual parts cannot be reassembled into documents. Because yes: that is a procedure often used in industrial espionage. And without structured contracts for commissioned data processing of personal data, it is unclear who is responsible for what.
Above all these questions, however, the IT basis must not be forgotten, which is the foundation for all other measures: It is not enough to create only theoretical data protection through sophisticated lists and contracts. One must actually practice data protection embedded in the very fabric of the business.
In a similar vein: server location vs. cloud provider headquarters
While you are at it: Also check outsourced data storage in data centers, hosting companies, or the cloud for compliance. Make sure that the SaaS and data center providers have both their headquarters and servers within the European Union to be able to offer their services in a data protection compliant manner.