The Problem

A number of legal provisions and codes of conduct (complianceConformance with the rules - observing laws and regulations in companies, but also voluntary codes. ) apply for the data stored on a company network in Germany.

Besides HGB, KomTraG, the Federal Data Protection Act, EU data protection regulations, the Betriebsverfassungsgesetz (The Works Council Constitution Act) and other regulations, industry-specific compliance requirements must also be met in many cases.

These regulations normally include

  1. MDStVThe MDStV is the State Treaty on Media Services (Mediendienste-Staatsvertrag). The objective of this state treaty is to create uniform framework conditions in all states for the various usage possibilities of the following electronic information and communication services.
  2. MiFIDThe MiFID (Markets in Financial Instruments Directive) is a European Union (EU) regulation on harmonizing the financial markets in the domestic European market. The goal is to improve investor protection, increase competition and harmonize the European financial market.
  3. TDDSGThe Teledienstedataschutzgesetz (TDDSG) governs the protection of the data of those who use teleservices. A few of the aspects affected by the Teledienstedataschutzgesetz include the imprint on a page, collection of server statistics, all types of process developments, including contact forms in which users provide personal data.
  4. IFRSThe International Financial Reporting Standards (IFRS) are international accounting standards for companies that are published by the International Accounting Standards Board (IASB). They are intended to regulate the preparation of internationally comparable annual balances and financial statements independent of national legislation.
  5. TKGThe Telekommunikationsgesetz (TKG) is a German federal law that regulates competition in the area of telecommunications and ensures that the services offered are maintained.
  6. SOXThe Sarbanes-Oxley Act of 2002 (SOX) is a US federal law designed to improve the public capital market in the US following company balance scandals. The objective of the law is to re-instill consumer confidence in the accuracy and reliability of the financial data that companies publish.
  7. KWGKreditwesengesetz – The regulations of the KWG pertain to institutes and groups of institutes. Institutes in the sense of the KWG are credit institutes and financial services institutes. The KWG is referred to as “the law that governs the credit industry.”
  8. PCI-DSSThe Payment Card Industry Data Security Standard is a set of rules on payment transactions that pertain to carrying out credit card transactions that are supported by all of the major credit card organizations.
  9. BaFinThe Federal Financial Supervisory Authority (BaFin) brings together the supervision of banks and financial services providers, insurance undertakings and securities trading under one roof. It is an autonomous public-law institution and is subject to the legal and technical oversight of the Federal Ministry of Finance in Germany. -Verordnungen
  10. FINRAThe Financial Industry Regulatory Authority (FINRA) is the approval authority in the USA that is mainly responsible for overseeing people who have anything to do with the securities industry. The FINRA is an organization that regulates itself and is thus not directly a government authority.
  11. Basel IIThe sum of the equity capital requirements recommended by the Basel Committee on Banking Provisions aimed at ensuring adequate equity capital among institutions and creating uniform competitive conditions with respect to awarding credits and trading with credits. / Basel IIIThe reform package of the Bank for International Settlements (BIZ) on the existing bank regulation policy Basel II. It represents the reaction as of 2013 to the weaknesses of the previous bank regulations that became evident after the global financial and economic crisis that started in 2007.
  12. HIPAAThe Health Insurance Portability and Accountability Act says that all organizations in the healthcare industry must obey strict rules on protecting secrecy and the integrity of patient data.

Owners, Managing Directors and Board members of companies can be held personally accountable if it cannot be comprehensively proven that all of the relevant regulations and laws were followed and executed by the company’s IT department at the time that the damage occurred.

The growing use of mobile and often privately owned devices (BYODBYOD (Bring Your Own Device) describes the trend that calls for employees to bring their own devices to work more often and thus access servers. This development is becoming more and more common in modern workplaces and is no longer the exception. ) poses new challenges for companies when it comes to IT security issues. The appropriate security solutions must be found and integrated into the existing infrastructure.

Providing a company with the right level of security means establishing and maintaining an effective IT security strategy. Obviously this includes not only seamless administration of hardware and software, but also and even more importantly ensuring uninterrupted operation “24x7x365.“