Regardless of their training as lawyers, our employees have an above-average technical understanding and can therefore optimally provide a link between technology and law.
So close and yet so far
Data protection and information security have many points of contact. According to Art. 32 GDPR, the controller must ensure the security of processing. These measures shall be selected taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. In this context, measures to ensure information security usually also serve to ensure the security of processing. It therefore makes sense to think about and plan processing security and information security together from the very beginning.
Recognized standards such as the ISO 27000 series, but also less complex standards such as VdS 10000, which is tailored to the needs of SMEs, help in the selection of measures and provide security in implementing measures that are necessary according to the state of the art, but also economically sensible.
We therefore also advise you on information security issues between the technical and legal spheres and work with your IT experts to plan the right technical measures for your IT infrastructure. We are also happy to support you with an information security management system that is closely linked to data protection and complies with recognized standards.
This is how lexICT supports you:
We offer you concrete and risk-oriented advice so that your measures meet the requirements of the GDPR and ensure secure and economically sensible protection.
The documentation of your IT security concept is important in order to be able to demonstrate to the supervisory authorities in an emergency that you have an appropriate protection concept. We provide assistance in this regard.