IT security checks and data protection solutions in perfect harmony

The synergy of data protection and information security according to BSI IT-Grundschutz

Holistic security by computer scientists and fully qualified lawyers

The DATUREX GmbH is your competent partner for the Interlocking of data protection according to the standard data protection model (SDM) and information security according to BSI IT baseline protection. As a nationwide operating and internationally consulting company we support Companies, organizations and authorities with our interdisciplinary team of IT specialists and data protection experts specialized fully qualified lawyers.

We are specialized in Complete integration of the standard data protection model into BSI IT baseline protection and develop holistic security concepts that optimally fulfill both technical and legal requirements. Our integrated data protection management systems and information security management systems (ISMS) combine GDPR compliance and BSI standards.

Why data protection and IT security only work together

Data protection without information security is like a safe without a lock. In the digital business world, both disciplines must go hand in hand. The DATUREX GmbH understands this symbiosis and, as TÜV-certified data protection auditors, IHK/TÜV-certified data protection officers and BITKOM-qualified IT-Grundschutz practitioners, offers you the perfect combination of:

Technical expertise (computer scientist):

• Information security management according to BSI IT-Grundschutz
• Technical and organizational measures (TOM)
• IT security architectures and hardening concepts
• Penetration tests and vulnerability analyses

Legal competence (fully qualified lawyers):

• Data protection according to GDPR (Art. 32 - Security of processing)
• Data protection management systems (DSMS)
• NIS-2 Directive Compliance
• Drafting contracts and minimizing liability

Only through this interdisciplinary approach we can offer you a robust overall concept that is both technically state-of-the-art and legally watertight.

Our integrated information security and data protection services

1. integrated BSI IT baseline protection and SDM baseline check

Our Combined IT baseline protection and SDM check combines the best of both worlds. Computer scientists and lawyers work hand in hand to evaluate your technical systems and legal processes holistically. With over 300 detailed test points from 24 categories, we offer Companies, authorities and organizations a comprehensive security analysis. This audit is based on BSI standards 200-1, 200-2 and 200-3 as well as the standard data protection model V3.0 and takes into account all relevant articles of the GDPR and the BDSG.

Scope of the integrated audit:

• Over 300 practical test points from 24 categories
• Evaluation of your technical and organizational measures (TOM) in accordance with Art. 32 GDPR
• Analysis of the IT basic protection modules and SDM components
• Inspection of all SDM warranty targets pursuant to Art. 5 para. 1 lit. f GDPR
• Review of the Records of processing activities according to Art. 30 GDPR
• Combined vulnerability analysis from the perspective of information security and data protection
• Evaluation of the Accountability pursuant to Art. 5 para. 2 GDPR

Your benefit through integration:

• 360-degree safety report on information security and data protection
• Interlinked recommendations for action based on Art. 24, 25, 32 GDPR
• Synergy effects through coordinated solutions
• An action plan for both areas in accordance with § 66 BDSG
• Cost-optimized budget planning by avoiding redundancies
• Double liability minimization through seamless compliance in accordance with Art. 82, 83 GDPR

2. ransomware protection with integrated data protection emergency management

Protect your organization from blackmail Trojans and comply with GDPR reporting obligations at the same time!

Ransomware attacks are not only information security incidents, but often also reportable data breaches. Our BSI-compliant ransomware check-up combines technical protective measures with legal emergency processes, taking into account the SDM warranty objectives:

Technical test areas (computer scientists):

• Backup strategy and integrity (3-2-1 rule)
• Network segmentation and access controls
• Patch management and vulnerability management
• Endpoint Protection and anti-malware solutions

Legal test areas (lawyers):

• 72-hour reporting obligation in accordance with Art. 33 GDPR
• Information for affected parties in accordance with Art. 34 GDPR
• Documentation requirements in accordance with Art. 30 GDPR and § 70 BDSG
• Liability minimization in accordance with Art. 82 GDPR
• Claims for damages according to § 83 BDSG
• Contract design with service providers in accordance with Art. 28 GDPR

Integrated result:

• Comprehensive emergency plan for information security and data protection
• SDM-compliant recovery processes
• Coordinated processes for emergencies
• Legally compliant technical measures
• GDPR-compliant incident response

3. integrated information security and data protection guidelines according to SDM

Create a consistent set of rules for data protection in accordance with SDM and information security!

A functioning Information security management system (ISMS) and Data protection management system (DSMS) require coordinated guidelines. Our team of information security experts and specialized fully qualified lawyers will develop a coherent set of guidelineswhich combines technical BSI requirements and SDM warranty objectives:

Integrated policy portfolio:

• Combined security and data protection guideline according to BSI and SDM
• Processing directories in accordance with Art. 30 GDPR with SDM-compliant protective measures
• Authorization concepts taking into account Art. 25, 32 GDPR
• Deletion concepts in accordance with Art. 17 GDPR and SDM intervenability
• Order processing contracts in accordance with Art. 28 GDPR with information security requirements
• Joint Controller Agreements in accordance with Art. 26 GDPR
• Incident response for Art. 33, 34 GDPR and Section 65 BDSG (notification of data protection breaches)
• Data protection impact assessment according to Art. 35 GDPR
• Awareness programs in accordance with Art. 39 GDPR and § 7 BDSG
• Data subject rights management according to Art. 12-22 GDPR
• Emergency management with consideration of the 72-hour reporting obligation

Advantages of integrated information security and data protection guidelines:

• No contradictions between information security and data protection requirements
• SDM-compliant implementation of all warranty targets
• Standardized terminology for all employees
• Legal certainty through legal expertise
• Technical feasibility through IT competence
• Audit capability for both areas simultaneously
• Increased efficiency through coordinated processes

Synergy between ISMS and DSMS according to SDM

Many companies, authorities and organizations treat information security and data protection as separate silos - a costly mistake. The DATUREX GmbH shows you how the two disciplines reinforce each other:

Practical examples of synergy:

• Access controlInformation security secures systems, SDM regulates authorizations
• EncryptionTechnical implementation meets SDM warranty target Confidentiality
• Deletion conceptsIT implements what SDM intervenability specifies
• Incident Response: A process for information security incidents AND data breaches
• DocumentationCommon procedure directories and risk analyses
• Audits: Combined tests save time and money

4 NIS-2 compliance through combined expertise

The NIS-2 Directive requires both technical and organizational measures - precisely our strength! Our interdisciplinary team of IT specialists and lawyers makes abstract EU requirements practicable and legally compliant. In doing so, we seamlessly integrate the requirements of the standard data protection model.

Scope of the NIS-2 Check:

• 35 structured test groups from information security and data protection
• Over 260 detailed checkpoints
• Analysis of the current NIS-2, BSI IT-Grundschutz and SDM maturity levels
• Integrated gap analysis for all three sets of rules
• Identification common fields of action
• Synergetic implementation strategies for authorities, companies and organizations

Deliverables with added value:

• Visual fulfillment report for management and supervisory authorities according to § 8a BSIG
• Over 260 specific recommendations for action from a technical and legal perspective
• Integrated implementation roadmap with TOMs in accordance with Art. 32 GDPR
• Double proof of compliance for NIS-2, GDPR and BDSG
• Synergetic monitoring concept in accordance with Art. 5 para. 2 GDPR (accountability)

Integrated security concept: ISMS meets data protection management system according to SDM

The DATUREX GmbH pursues a holistic approach to securitywhich seamlessly combines BSI IT baseline protection and the standard data protection model (SDM). As a pioneer in the Full integration of the SDM into the BSI IT-Grundschutz develops our interdisciplinary team of computer scientists and fully qualified lawyers integrated management systemsthat optimally combine both worlds:

Our SDM-BSI synergy methodology:

1. Joint structural analysis: Recording your IT landscape AND data processing processes in accordance with Art. 30 GDPR
2. SDM assurance objectives in IT baseline protectionIntegration in accordance with Art. 5, 25, 32 GDPR:
   
   
   • Availability (Art. 32 para. 1 lit. b GDPR)
   • Integrity (Art. 32 para. 1 lit. b GDPR)
   • Confidentiality (Art. 32 para. 1 lit. a GDPR)
   • Transparency (Art. 5 para. 1 lit. a, Art. 12 GDPR)
   • Intervenability (Art. 16-18, 21 GDPR)
   • Non-linkability (Art. 5 para. 1 lit. b GDPR)
3. Dual modelingBSI IT-Grundschutz building blocks + SDM reference measures
4. Integrated safety checkTechnical measures + SDM components according to § 64 BDSG
5. Holistic risk analysisInformation security risks and data protection impact assessment in accordance with Art. 35 GDPR
6. Interlinked action planTOMs in accordance with Art. 32 GDPR and BSI standards
7. Coordinated implementation: Computer scientists and lawyers in tandem
8. Continuous optimizationISMS and DSMS in the PDCA cycle

Standards, compliance and integrated certifications

Thanks to our holistic approach, we prepare you optimally for all relevant certifications and legal requirements:

• ISO 27001 certification with SDM integration
• BSI IT baseline protection incl. Art. 32 GDPR conformity
• TISAX® for the automotive industry
• Combined GDPR and BDSG compliance (Art. 5-83 GDPR, §§ 1-84 BDSG)
• NIS-2 conformity according to § 8a-8d BSIG
• Industry-specific requirements (e.g. § 11a EnWG, § 75f SGB V)

Our expertise for your organization

DATUREX GmbH advises nationwide and internationally various organizations:

Company:

• Start-ups and SMEs
• Medium-sized companies
• Large companies

Public sector:

• State authorities
• Local authorities
• Public facilities

Critical infrastructures:

• Energy supplier
• Healthcare
• Financial service provider

Other organizations:

• Non-profit organizations
• Associations and clubs
• Educational institutions
• Research institutes

Why DATUREX GmbH?

• Dual competence: Computer scientists and fully qualified lawyers under one roof
• Fully integrated approachesSDM seamlessly integrated into BSI IT-Grundschutz
• Integrated management systemsISMS and data protection management systems from a single source
• 360-degree security: Technical and legal aspects in harmony
• Comprehensive qualificationsBSI IT-Grundschutz practitioners (BITKOM), data protection officers (IHK/TÜV), data protection auditors (TÜV)
• Nationwide presenceConsulting throughout Germany
• International expertise: Cross-border consulting
• Versatile expertiseExperience with companies, authorities and organizations
• Synergy effects: Holistic solutions from a single source
• Pragmatic solutions: Practice-oriented instead of theory-heavy

Investing in your digital security

The Interlocking of Data protection according to SDM and information security according to BSI IT baseline protection is a Necessary investment for every modern organization. Our integrated approach not only saves you costs, but also creates a legally compliant overall concept.

Cost savings through integration:

• Avoidance of duplication and redundancies
• Efficient processes through coordinated measures in accordance with Art. 25 GDPR (Privacy by Design)
• Joint audits and inspections in accordance with Section 69 BDSG
• Synergetic use of resources

Risk minimization through a holistic approach:

• No security gaps between information security and data protection
• Legally compliant technical implementation in accordance with SDM specifications and Art. 32 GDPR
• Technically sound legal documentation in accordance with Art. 30 GDPR
• Seamless proof of compliance for all supervisory authorities in accordance with Art. 58 GDPR

Avoidance of typical errors:

• Information security without data protection → GDPR fines in accordance with Art. 83 GDPR (up to EUR 20 million or 4% of annual turnover)
• Data protection without information security → Violation of Art. 32 GDPR
• SDM without IT baseline protection → Lack of technical implementation of TOMs
• IT baseline protection without SDM → Incomplete data protection compliance in accordance with Art. 5 GDPR
• Separate systems → Double costs and compliance gaps
• Isolated consideration → Breach of accountability pursuant to Art. 5 (2) GDPR

Start your integrated information security and data protection strategy now!

Let's take your IT security to the next level together. DATUREX GmbH offers you:

• Free initial consultation at Integrated data protection and IT security
• Holistic security concepts from information technology and law
• Combined management systems (ISMS + DSMS)
• Interdisciplinary team of experts of computer scientists and fully qualified lawyers

Contact us today and secure your consultation appointment!

Benefit from the synergy of data protection and information security.