GDPR and IT Security – common misunderstanding

On the 25th of May 2018 General Data Protection Regulation (GDPR) came into effect for all countries within the European Union.

It is a common misunderstanding that IT Security and GDPR are compared to one another. It is the technical and organisational measures that are implemented for GDPR readiness that can cause this confusion. Some of these measures include, for example, the encryption of data and two-factor authentication which are recommended for GDPR compliance. Although, these are technical measures that are also relevant for secure IT operations, the focus is different. GDPR focuses on the protection, integrity and handling of personal data regardless of whether this is available within IT systems or on paper. IT Security is implemented to ensure the secure and reliable operations within the IT environment.

In some cases GDPR even contradicts IT Security. Personal data needs to be deleted on request. This needs to be done also in logfiles. Outside of this IT Security perspective, companies want to have an overview of all activities within logfiles therefore, deleting information doesn’t make sense.

What GDPR and IT Security have in common is their shared concern for ensuring continuous IT operations and maintaining the integrity of data. Both topics also are part of our Zero Outage Industry Standard. For more details see our homepage.


The information contained in this document is contributed and shared as thought leadership in order to evolve the Zero Outage Best Practices. It represents the personal view of the author and not the view of the Zero Outage Industry Standard Association.