§ 50 BlnDSG
Requirements for the Security of Data Processing
(1)The controller and the processor shall, taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing, and the likelihood and severity of the risks to the rights of the data subjects associated with the processing, implement the necessary technical and organisational measures to ensure a level of protection appropriate to the risk in the processing of personal data, in particular with regard to the processing of special categories of personal data.
(2)The measures referred to in paragraph 1 may include, inter alia, the pseudonymisation and encryption of personal data, insofar as such means are possible in view of the purposes of the processing. The measures pursuant to paragraph 1 should result in 1. the confidentiality, integrity, availability and resilience of the systems and services related to the processing being ensured on an ongoing basis, and 2. the availability of and access to personal data being restored rapidly in the event of a physical or technical incident.
(3)In the case of automated processing, the controller and the processor shall, on the basis of a risk assessment, take measures designed to: 1. deny unauthorised persons access to processing systems used for the processing (access control), 2. prevent the unauthorised reading, copying, alteration, deletion or removal of data carriers (data carrier control), 3. prevent the unauthorised entry of personal data and the unauthorised reading, alteration or deletion of stored personal data (storage control), 4. prevent the use of automated processing systems by means of data transmission facilities by unauthorised persons (user control), 5. ensure that persons authorised to use an automated processing system can only access those personal data that are covered by their access authorisation (access rights control), 6. ensure that it can be verified and established to which bodies personal data have been transmitted or made available by means of data transmission facilities (transmission control), 7. ensure that it can subsequently be verified and established which personal data have been entered into or altered in automated processing systems, at what time and by whom (input control), 8. ensure that the confidentiality and integrity of data are protected during the transmission of personal data and the transport of data carriers (transport control), 9. ensure that systems deployed can be restored in the event of a malfunction (recoverability), 10. ensure that all functions of the system are available and malfunctions that occur are reported (reliability), 11. ensure that stored personal data cannot be damaged by system malfunctions (data integrity), 12. ensure that personal data processed on behalf of others can only be processed in accordance with the instructions of the commissioning party (processing control), 13. ensure that personal data are protected against destruction or loss (availability control), 14. ensure that personal data collected for different purposes can be processed separately (separability). An appropriate measure contributing to the achievement of the objectives referred to in sentence 1 nos. 2 to 5 and 8 shall be the use of encryption methods corresponding to the state of the art.
(4)Before a decision on the deployment or a material change to an automated processing of personal data, the technical and organisational measures to be taken shall be determined on the basis of a risk analysis and documented in a data protection concept. In accordance with technological developments and changes in the risks associated with the processing operations, the determination of measures shall be repeated at appropriate intervals.
(5)Where systems and services used for automated processing are maintained, suitable technical and organisational measures shall be taken to ensure that only the personal data absolutely necessary for the maintenance can be accessed. These measures must in particular ensure the following: 1. maintenance may only be carried out by authorised personnel, 2. each maintenance operation may only be carried out with the knowledge and consent of the storing body, 3. the unauthorised removal or transfer of personal data during maintenance shall be prevented, 4. it shall be ensured that all maintenance operations can be monitored and verified after completion. Insofar as maintenance is carried out by a processor, the contract or legal instrument pursuant to Section 48(5) must contain provisions ensuring that the processor does not transmit personal data that come to its knowledge to other bodies. The performance of maintenance work with the possibility that personal data may come to the knowledge of bodies outside the territorial scope of Directive (EU) 2016/680 shall only be permissible where it is necessary and, in the case of a transmission, the conditions of Section 64 or 65 are met. zur Einzelansicht § 50