Empfehlung für den CIO: GDPR als Chance und Mindestmaß an Datenschutz verstehen

Dieser “A CIO’s Guide to GDPR” trifft viele wichtige Aussagen und gibt aus meiner Sicht lesenswerte Empfehlungen. Man solle GDPR als Unternehmen aus eigenem Interesse als generelles Mindestmaß im Thema Datenschutz nehmen. Zugriff gerade auf personenbezogene Daten sollten als Standard erst einmal ausgeschaltet sein. Dies erfordert für viele Einsatzgebiete gerade auch in Vertrieb und Marketing ein noch stärkeres Umdenken. Matthias ReinwarthSenior Analyst von KuppingerCole, schreibt:

….GDPR has been designed to clarify the foundation for doing business with individuals living in the EU. It empowers the individual to decide what level of privacy they prefer on a per-use-case basis.
… It rather defines an entry level of compliance every organization should meet in its own interest. Moreover, every CIO should take GDPR requirements as a constant reminder to rethink data protection, security, and privacy as a benefit to both the organization and its customers and employees. …
With that approach, GDPR does not impose the presumed incredibly high level of compliance many CIOs fear. It rather defines an entry level of compliance every organization should meet in its own interest. ….
As a basic rule: The highest level of privacy is recommended to be the default setting for each and every configuration entry. …
So “privacy by default” means that additional access rights and extended processing of existing data needs to be “switched on” explicitly … , rather than allowing everything by default and then having to “switch off” access as an afterthought to protect customers, employees or other identities.

über A CIO’s Guide to GDPR – EM360˚

Weitere Informationen zu den Beratungsangeboten der IBM finden Sie hier.

(Stefan Pfeiffer)

Leave a Reply