Security

Data protection

The protection of personal data is of central importance at HWR Berlin. We place great value on respecting and safeguarding the data of all university members. The Data Protection Office supports and advises all members of the university on data protection matters. This is particularly true for the contents, processes, and guidelines outlined in the data protection manual:

• Strategies and measures for the protection of personal data:
• Data protection in the procurement of services, devices, and software (especially cloud software)
• Anonymization and pseudonymization
• Data protection legal assessment of situations within the university context / preparation of data protection legal opinions
• Assignment of data protection responsibilities / establishment of an appropriate data protection organization / data protection management
• Raising awareness and training of employees involved in data processing activities
• Deletion concept / retention periods
• Creation of processing directories
• Creation of privacy statements
• Creation of consent forms
• Coordination of requests from affected individuals (access, deletion, etc.)
• Inquiries from external parties regarding data transfers (law enforcement, cooperation partners, companies, media)
• Conducting data protection impact assessments
• Data protection breaches – Incident response

Information security

Information security aims to protect all critical data and information, regardless of the form or system in which they are stored or processed (whether analog or digital). In the context of the university, this means that all measures and processes must be organized in a way that ensures the availability, integrity, and confidentiality of this information at all times.

In contrast to pure IT security, which focuses on the protection of computer-based systems and networks, information security also includes non-technical aspects and organizational structures.

It encompasses both technical and physical as well as administrative measures to protect the university from potential risks and threats and to ensure its continuous functionality.

Examples of such threats include:

• Violations of laws, regulations, or contracts that could lead to legal or financial consequences.
• Impacts on the right to informational self-determination, such as unauthorized access to personal information.
• Risks to personal safety that could arise from the misuse of information.
• Disruptions to the university’s ability to perform its tasks if important data is unavailable or unreliable.
• Negative effects on the university’s reputation, both internally and externally.
• Financial losses that could result from data loss, theft, or manipulation.

By implementing information security measures, the university is enabled to effectively carry out its core tasks while maintaining the trust of students, staff, and partners. The strategy includes policies, procedures, and technologies for identifying, assessing, and mitigating risks associated with the storage and processing of information.