IT & Data Protection
Often IT emergencies and IT catastrophes can be the immediate trigger for a thorough evaluation of a public institution's IT security strategies and systems.
On the whole, a rapidly changing information technology and software, or viruses and worms are still a big challenge.
The most significant risk factor for all this, however, remains the human factor, the own employee, who usually has little interest in security problems and who first has to be sensitised to questions of IT security and sometimes also of information security in general. For example, many newly hired or newly appointed IT security officers currently need to sensitise not only their colleagues, but also their supervisors and the VIPs of their public institution for IT security, and raise awareness, for questions of optimal data protection or adequate internet security.
Many IT security officers who have sound theoretical knowledge from their studies currently need to take part in continuing education, training and IT security training courses to find or develop solutions that work in practice.
The management of an institution's IT security as well as the preparation for internal and external audits pose significant challenges for public IT managers and IT security officers. Thus, not only a few public institutions - especially those that are part of critical infrastructure - must select, implement and certify security concepts and standards.
Many Public IT security managers are currently busy in finding out what improvements IT innovations have to offer and what tools they should use in the future.
In the course of the changes to the EU General Data Protection Regulation, there are currently difficult challenges for public data protection officers.
This is not only due to the requirements arising from the transfer of the EU requirements into national law, but above all, because of the challenges of the practical implementation of these requirements. There is much uncertainty about what penalties public institutions that do not comply with the new requirements have to expect.
Another challenge that deserves special attention is the requirement of the EU General Data Protection Regulation for risk management in data protection. Since data protection, IT and IT security can hardly be seen independent from each other (especially technically), many more questions arise for the IT managers, IT security officers, information security officers and sometimes also for the security guards. How should optimal data protection risk management be set up in compliance with the rules and then actually implemented? What effects will this have, for example, on the work of the Risk Management or Internal Audit departments?
The "megatrend" of digitisation poses challenges not only to IT managers, IT security officers and data protection officers but also has an impact on the various adjacent departments ( e.g. personnel or finance).
Vital challenges are legally compliant scanning, digitising and cryptographically signed documents.
Many specialist departments in public institutions and companies are increasingly struggling with the implementation of e-laws Other departments, such as human resources departments have their issues with the introduction of specialised applications such as electronic files. Again, it is not the technology that proves to be the show-stopper, but the human factor.
The successful selection of an electronic file system, its introduction and use must therefore always be supported by optimal change management, employee training and acceptance management to make the project a success.
But how is this to be implemented in practice?
Further challenges for the various departments and the IT managers result from the requirement of legally compliant electronic communication, especially with the courts (electronic legal relations).
Many innovative solutions are either not yet fully understood by authorities in this area or are not always being used properly.
This is where the events and seminars of the European Academy for Taxes, Economics and Law are focussing on. Through practical examples, workshops and lectures representatives of public institutions learn how IT security, data protection and digitalisation can be successfully implemented in the public sector in practice.