Lesson 3
Managing Information Systems II
LO
1. You know that IS management in companies is subject to legal principles.
2. You can explain the difference between data protection and data security.
3. You can name and explain the obligations of a company in the area of data
protection.
4. You know some key aspects of the FADP and GDPR data protection laws.
5. You know what Cookies are and why they are relevant for data privacy and
data protection.
6. You can explain the difference between Privacy by Design and Privacy by
Default.
7. You can name risks in information security and assess their influence on IT
systems and information.
8. You know suitable measures to minimize risks for IT systems and
information.
9. You know two types of security that must be observed and can explain
them.
10. You know the tasks of IT security management and can describe the goals.
11. You can name risk areas in information security and assess their influence
on IT systems and information.
12. You know suitable measures to minimize risk areas of IT systems and
information.
13. You know the six primary IT security goals and can explain them.
14. You know organizational and technical measures to IT and Information
security.
1/7
, Lesson 3
1. Legal Principles IS
• more and more data about customers is being collected and processed
è data protection and data security are becoming more important
• merely online contact can hinder trust in building business transactions
General Conditions
• national and international legislation.
• all companies are subject to data protection legislation
Processing of Personal Data
• the storage and processing of personal data by companies and public
authorities, whether analogue on paper or digital with IT, is regulated by law
• the principles of legitimacy, good faith, transparency, and proportionality apply
• personal data is subject to the purpose limitation principle: data on natural and
legal persons may not be collected, processed, and stored arbitrarily
2. Data Protection and Data Security
3. Company Obligations
Register data collections: collections have to be registered
Ensure accuracy: collected or purchased data is correct; request to correct
inaccurate data
Purpose: used only for the indicated purpose (e.g. sending newsletter) or for the
purpose legally required
Duty to inform: collection and purpose must be clear
Sensitive personal data requires special protection: religious and political views,
health, race, etc. -> consent must be given explicitly for processing
Obligation to provide information: purpose and type of data must be
communicated to the people affected
2/7
Managing Information Systems II
LO
1. You know that IS management in companies is subject to legal principles.
2. You can explain the difference between data protection and data security.
3. You can name and explain the obligations of a company in the area of data
protection.
4. You know some key aspects of the FADP and GDPR data protection laws.
5. You know what Cookies are and why they are relevant for data privacy and
data protection.
6. You can explain the difference between Privacy by Design and Privacy by
Default.
7. You can name risks in information security and assess their influence on IT
systems and information.
8. You know suitable measures to minimize risks for IT systems and
information.
9. You know two types of security that must be observed and can explain
them.
10. You know the tasks of IT security management and can describe the goals.
11. You can name risk areas in information security and assess their influence
on IT systems and information.
12. You know suitable measures to minimize risk areas of IT systems and
information.
13. You know the six primary IT security goals and can explain them.
14. You know organizational and technical measures to IT and Information
security.
1/7
, Lesson 3
1. Legal Principles IS
• more and more data about customers is being collected and processed
è data protection and data security are becoming more important
• merely online contact can hinder trust in building business transactions
General Conditions
• national and international legislation.
• all companies are subject to data protection legislation
Processing of Personal Data
• the storage and processing of personal data by companies and public
authorities, whether analogue on paper or digital with IT, is regulated by law
• the principles of legitimacy, good faith, transparency, and proportionality apply
• personal data is subject to the purpose limitation principle: data on natural and
legal persons may not be collected, processed, and stored arbitrarily
2. Data Protection and Data Security
3. Company Obligations
Register data collections: collections have to be registered
Ensure accuracy: collected or purchased data is correct; request to correct
inaccurate data
Purpose: used only for the indicated purpose (e.g. sending newsletter) or for the
purpose legally required
Duty to inform: collection and purpose must be clear
Sensitive personal data requires special protection: religious and political views,
health, race, etc. -> consent must be given explicitly for processing
Obligation to provide information: purpose and type of data must be
communicated to the people affected
2/7
