About Dr. Sebastian Kraska
Dr. Sebastian Kraska founded the IITR Datenschutz GmbH, which specializes in corporate data protection and provides data protection management systems to help companies manage compliance with data protection regulations.
Dr. Kraska, can you describe your role as a lawyer specializing in data protection and as a data protection officer?
As a data protection officer, we help companies structure their processes in compliance with the GDPR. Changing the perception of data protection within companies—not fearing the topic—is a central part of my daily work. We try to show companies practical and effective ways to implement data protection internally.
Why should leaders be particularly sensitive to data protection issues?
Being a leader means taking responsibility, setting the direction, guiding and motivating the team, and setting an example for others. Therefore, they play a key role in a company’s data protection management. It’s their duty to set the right priorities to address company-specific risks.
What legal obligations do leaders have when it comes to protecting sensitive data?
Leaders have a crucial role in protecting sensitive data, which includes not only customer and employee information but also confidential business data. They are responsible for recognizing and mitigating company-specific risks and ensuring the frameworks necessary to comply with the GDPR are in place.
What are the most common data protection breaches that leaders encounter?
Common issues include insecure passwords and the lack of multi-factor authentication, which make it easier for hackers to gain access, and inadequate employee training, which can unintentionally create security risks.
In addition to internal threats from employees, such as opening infected email attachments, phishing attacks can also lead to the exposure of sensitive information. Malware and ransomware also pose threats if they enter the corporate network. Data protection breaches can also result from insecure data handling by third-party vendors or within the supply chain.
What are the potential consequences for an organization due to data protection breaches?
Data protection breaches can have both financial and non-financial consequences for organizations. Failure to comply with data protection laws can lead to substantial fines and high costs associated with restoring systems and implementing security measures.
Moreover, the loss of trust from customers and partners due to a breach can result in long-term business losses. The loss of intellectual property and sensitive information can create a significant competitive disadvantage. Such incidents can also cause operational disruptions, which may be temporary or permanent.
What personal consequences can leaders face?
Leaders are often unaware that data protection breaches can carry serious consequences. These range from personal liability and significant reputational damage to professional consequences like termination. The severity of the repercussions depends on various factors, such as the nature of the breach, the legal context, and their specific role in the company. That’s why it’s essential for companies and their leaders to take data protection seriously and implement preventive measures to avoid such violations and their consequences.
How can leaders proactively ensure that their organization complies with data protection regulations?
It’s essential to train and raise awareness among all employees regularly about data protection practices. Additionally, appointing a data protection officer who can serve as a point of contact and oversee process compliance is advisable. Third, conducting regular audits is crucial to manage risks and continuously review practices.
Data protection should also be integrated into products and services from the outset, by incorporating technical design and data-friendly default settings. Finally, leaders should implement technical and organizational measures, initiate processing activities, and establish effective data protection agreements with partners.
What steps should leaders take if they discover or suspect a data protection breach?
The most important thing at the beginning is to stay calm and get an overview. It can be helpful to have a defined process in place that outlines the actions to be taken and the people to involve at each stage.
To be prepared for an emergency, it’s a good idea to test this process once in a dry run. It’s essential to react calmly and implement a comprehensive strategy that includes preventive measures as well as effective response plans.
This post is part of Stackfield's expert interview series. The responses reflect the views of the interviewed expert and do not necessarily represent Stackfield's opinion. Participation in this interview series is voluntary and unpaid. We thank Dr. Kraska for his responses.
Almost finished...Please click the link in the email and confirm your email adress to complete the subscription process.
Never miss a post. Get awesome insights in your inbox.