• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

Information security as a success factor: Why it pays off!

3. January 2023
in Other
Reading Time: 4 mins read
0 0
A A
0
secret 3037639 1920
Key Facts
  • Information security protects data from unauthorized access and manipulation.
  • Secure handling of sensitive data is essential for companies.
  • A high level of protection against cybercrime minimizes the risk of financial losses.
  • A good information security policy increases customer confidence.
  • Legal requirements demand compliance with safety standards.
  • TISAX certification promotes the protection of sensitive information in the automotive industry.
  • Investments in information security can offer decisive competitive advantages.

What does information security mean?

Content Hide
1. What does information security mean?
2. Why is information security essential?
2.1. Protection against economic damage
2.2. Ensuring business continuity
2.3. Legal conformity and contractual compliance
2.4. Confidence building and market positioning
3. Advantages of a practiced information security policy
4. How can information security be improved in the company?
4.1. Establishment of a safety culture
4.2. Development of a company-wide security strategy
4.3. Technical measures
4.4. Organizational measures
5. Legal requirements: When is information security mandatory?
6. TISAX: Industry standard for information security in the automotive industry
6.1. Objectives of the TISAX certification:
7. Conclusion: Information security is not an IT issue – it is corporate management
7.1. Author: Marian Härtel

Information security refers to the entirety of technical and organizational measures that serve to protect information and data from loss, unauthorized access, manipulation or other compromises. The aim is to permanently guarantee the confidentiality, integrity and availability of information – also known as the “CIA triad” (Confidentiality, Integrity, Availability).

Unlike pure IT security, information security refers not only to digital systems, but to all forms of information, including printed documents, conversations, prototypes and organizational knowledge.

It is not just a technical issue, but also encompasses business, legal and organizational aspects. Especially in an environment of increasing digitalization, international business activities and stricter regulation, information security is a key competitive factor – and is also legally binding.

Why is information security essential?

Protection against economic damage

  • Loss of sensitive customer data or intellectual property can lead to considerable reputational and financial damage.
  • Data protection violations under Art. 32 GDPR can result in fines of up to €20 million or 4% of annual global turnover.

Ensuring business continuity

  • Information security reduces downtimes, protects against business interruptions and increases reliability – e.g. through backups and emergency plans (business continuity management).

Legal conformity and contractual compliance

  • Companies are legally obliged to implement suitable technical and organizational measures to protect personal data (see Art. 32 GDPR).
  • Increased requirements apply to the processing of particularly sensitive data (e.g. health data, trade secrets).
  • Proof of an appropriate level of information security is also increasingly becoming a prerequisite in contractual business relationships (e.g. with corporations, authorities or automotive OEMs).

Confidence building and market positioning

  • Information security creates trust among customers, partners and investors – especially in data-driven business models.
  • It is increasingly a component of ESG ratings and corporate compliance.

Advantages of a practiced information security policy

  • Reduction of the liability risk
  • Strengthening customer loyalty through trustworthy data processing
  • Compliance with legal requirements (e.g. GDPR, TKG, BDSG, Supply Chain Duty of Care Act)
  • Reputation protection in crisis situations
  • Compliance with industry-specific standards (e.g. TISAX, ISO/IEC 27001, BAIT, VAIT)

How can information security be improved in the company?

Establishment of a safety culture

  • Information security does not start with the firewall, but with the attitude of the employees.
  • Training, guidelines, regular awareness campaigns and clear responsibilities are essential.

Development of a company-wide security strategy

  • Definition of protection goals and risk analysis (e.g. through BSI basic protection, ISO 27001, VDA ISA)
  • Establishment of an ISMS (information security management system)

Technical measures

  • End-to-end encryption
  • Access restrictions and rights concepts
  • Two-factor authentication (2FA)
  • Monitoring and intrusion detection systems (IDS)

Organizational measures

  • Emergency and recovery plans (disaster recovery)
  • Employee training (regular and mandatory)
  • Audit-proof documentation of access rights, incidents and measures

Legal requirements: When is information security mandatory?

Information security is not only good practice, but also a legal requirement in many areas:

  • Art. 32 GDPR requires the implementation of appropriate technical and organizational measures to protect personal data.
  • The IT Security Act 2.0 (Germany) places special requirements on companies in the KRITIS sector.
  • Companies with processing operations in third countries must also provide special guarantees (Art. 44 et seq. GDPR).
  • Increased regulatory requirements apply in the financial sector, healthcare, transport and telecommunications (e.g. Section 8a BSIG, BAIT/VAIT, Section 75b SGB V).

TISAX: Industry standard for information security in the automotive industry

TISAX (Trusted Information Security Assessment Exchange) is a standard developed by the German automotive industry for the assessment and recognition of information security. It is based on the ISA catalog developed by the VDA, which is based on ISO/IEC 27001, among others.

TISAX is mandatory for all companies that work with sensitive information from automotive manufacturers (OEMs) – e.g. design data, production documents, personal data or prototype information.

Objectives of the TISAX certification:

  • Standardization of security requirements within the supply chain
  • Avoidance of multiple security checks by third parties
  • Proof of safe processing for OEMs

Companies from outside the industry are also increasingly using TISAX or ISO standards to document their security architecture to business partners.

Conclusion: Information security is not an IT issue – it is corporate management

Today, information security is an integral part of governance, risk and compliance. It affects not only the IT department, but all processes, systems and people in the company. Its implementation is not only legally required, but also makes strategic sense – and is ultimately a prerequisite for long-term competitiveness and trustworthiness.

The requirements may seem complex – but they are feasible. It is crucial to act early, to involve competent support and to see information security not as a project, but as a permanent management system.

Note: I support companies in the implementation of information security concepts, including TISAX preparations, training concepts and legal support in accordance with the GDPR. Feel free to contact me if you need support – both legally and organizationally.

 

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: AuthenticationCompetitive advantageComplianceData protection LawDevelopmentdigitalInformationinternetInvestmentLawsPrivacySicherheit

Weitere spannende Blogposts

NFT and prospectus requirement

nft g2a667756c 1920
7. November 2022

The issue of whether and when the sale or trading of NFTs is subject to the prospectus requirement is brand...

Read moreDetails

Cancellation button must be possible without login

Online services: Don’t forget the cancellation button!
24. September 2024

In its final judgment of 30.07.2024 (Ref. 3 U 2214/23), the Nuremberg Higher Regional Court made important clarifications regarding the...

Read moreDetails

Cologne Regional Court bans advertising for online gambling on TV

Prohibition of illegal gambling in Schleswig Holstein
7. November 2022

Many people are probably already annoyed by the commercials, at least outside Schleswig-Holstein. The latter can rejoice, as advertising for...

Read moreDetails

Retailers don’t need to point out smartphone vulnerabilities

Retailers don’t need to point out smartphone vulnerabilities
1. November 2019

A very interesting verdict for dealers of all kinds comes today from Cologne. The versions can probably be transferred to...

Read moreDetails

OVG Lüneburg on data minimization in online stores

District Court Frankfurt a.M. on the right to be forgotten
17. May 2024

Insight into the case With its ruling (decision 14 LA 1/24), the Lüneburg Higher Administrative Court has made a landmark...

Read moreDetails

VG Media loses at the ECJ over performance protection law

Publication of sales advertisements and classification as a trader
13. September 2019

VG Media brought an action for damages against Google before the Berlin Regional Court, alleging that Google had infringed the...

Read moreDetails

How companies master the legal framework of digital transformation

How companies master the legal framework of digital transformation
27. January 2023

Digital transformation is one of the most discussed topics of the present day. It presents companies with new challenges and...

Read moreDetails

Reaction videos allowed on YouTube/Twitch?

Interstate Broadcasting Treaty: Probably no gamer privilege for streamers!
9. February 2023

If you follow my blog regularly, you will have noticed that I always like to include real proceedings or legal...

Read moreDetails

Attention: Affiliates on YouTube, gaming websites and other networks

Attention: Affiliates on YouTube, gaming websites and other networks
17. July 2019

All affiliates affected After my article yesterday on the judgment of the OLG Dresden(see here) that a website must also...

Read moreDetails
Kapitalertragsteuer

Kapitalertragsteuer

16. October 2024

Definition und rechtliche Grundlagen: Die Kapitalertragsteuer ist eine besondere Erhebungsform der Einkommensteuer bzw. Körperschaftsteuer auf Kapitalerträge. Sie wird direkt an...

Read moreDetails
Steuerliche Forschungszulage

Steuerliche Forschungszulage

16. October 2024
DPMA

DPMA

25. June 2023
Privacy by Default

Privacy by Default

15. October 2024
Hosting contract

Hosting contract

16. October 2024

Podcast Folgen

Rechtliche Basics für Startup-Gründer – So startest du auf der sicheren Seite!

Rechtliche Basics für Startup-Gründer – So startest du auf der sicheren Seite!

1. November 2024

In dieser Episode des Itmedialaw Podcasts nimmt euch Rechtsanwalt und Unternehmer Marian Härtel mit auf eine Reise durch den rechtlichen...

Rechtskette beim Spieleentwickler

Rechtskette beim Spieleentwickler

19. April 2025

In dieser kurzen Episode diskutieren Anna und Max die Bedeutung der Rechtekette im Game Development – ein zentraler Aspekt für...

Rechtliche Herausforderungen im Gaming-Universum: Ein Leitfaden für Entwickler, Esportler und Gamer

Was wird 2025 für Startups juristisch bringen? Chancen? Risiken?

24. January 2025

In dieser spannenden Episode des itmedialaw-Podcasts tauchen wir tief in die rechtlichen Entwicklungen ein, die die Startup-Welt im Jahr 2025...

Der unkonventionelle Anwalt: Ein Nerd im Dienste des Rechts

Der unkonventionelle Anwalt: Ein Nerd im Dienste des Rechts

25. September 2024

In dieser fesselnden Episode des Podcasts "Der Unkonventionelle Anwalt" tauchen wir ein in die Welt eines Juristen, der die traditionellen...

  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung