Data Protection and Information Security Management

Welcome to the website of the Data Protection and Information Security Management Unit!

Here you will find a lot of useful information on the topics of data protection management (DSM) and information security management (ISM). Before you contact us directly, feel free to take a look around the website first. We offer you various information material on the following pages.

Special attention should be paid to the following services, which may provide you with a quicker response than contacting us by :

FAQ (Frequently asked questions about data protection)

Fundamentals of Data Protection Law (Introduction to Data Protection Law)

Documents (samples, templates, legal texts for download or retrieval)

Data protection management

The staff unit is the contact for all organisational questions of data protection as well as for operational data protection. It is therefore mandatory to involve it in:

  • the establishment of new and the modification of existing activities of personal data processing (e.g. introduction and/or modification of systems and data processing procedures),
  • the planning of research projects in which personal data are to be processed,
  • the creation of a register of processing activities (in which all personal data processing activities must be recorded), and
  • other documents related to data protection law (e.g. contracts with external service providers, cooperation agreements, joint data processing with other organisations, regulations, service instructions, service agreements, etc.) and
  • the so-called data protection impact assessment.

In addition, the staff unit is the direct contact for:

  • the reporting of data protection breaches,
  • requests for information pursuant to Article 15 of the Data Protection Regulation,
  • communication with the State Commissioner for Data Protection (supervisory authority),
  • training and awareness-raising measures, and
  • fundamental, organisation-related data protection issues.

Information Security Management

In addition, the Information Security Unit and the Information Security Officer, Mr Galow (see above for contact), are assigned to the staff unit. Information security refers to the "properties of information-processing and -storing (technical or non-technical) systems that ensure the protection goals of confidentiality, availability and integrity ".

It is therefore mandatory to include it in:

  • fundamental questions of information security,
  • the further development and adaptation of security objectives and strategies,
  • the creation and development of regulations and guidelines on information security, and
  • the development of technical and organisational measures.

The Information Security Officer advises all organisational units of the University on information security issues. In addition, he monitors and reviews the technical and organisational measures for information security at the University on behalf of the Presidential Board.

In particular, he is the direct contact person for information technology security incidents.

Data Protection Officer

The Data Protection Officer is not bound by instructions, is obliged to maintain confidentiality, monitors compliance with data protection regulations at the University and advises the staff unit and the organisational units on data protection issues. In particular, he is the contact person for:

  • confidential enquiries and/or complaints regarding data protection for all members and affiliates of the University,
  • questions concerning the rights of data subjects, and
  • general questions on data protection.

The best way to contact the Data Protection Officer is via the functional email address:

 

Internetkoordinator (Changed: 2021-07-09)