Interview: German Institute for Data Protection, our Digital Trust Hero of August!
We finally get to introduce you to our next Digital Trust Hero of the Month August: DID — German Institute for Data Protection.
In a world which is becoming more and more digitalized with various progressing innovations, the protection of personal data is increasingly important.
The German Institute for Data Protection supports companies in making their data protection transparent. They advise companies from different industries and implement sustainable solutions.
Sounds interesting, doesn’t it? That’s what we’re interviewing you about today: Andreas Ebbersmeyer, founder of the German Institute for Data Protection, data protection officer and IT security officer:
Hi Andreas! Why don’t you start by telling us 3 facts about your career so far?
I have been a data protection officer since 1997, when it was still a very small and manageable industry. During this time, I trained data protection officers at TÜV and IHK educational institutions. As a business economist and lawyer, the assumption of activities as an external data protection officer was a logical consequence of the teaching activities. Personal highlights include, for example, recognition under Schleswig-Holstein state law as an expert with the local supervisory authority for data protection, the Independent State Center for Data Protection in Schleswig-Holstein (ULD), or ISO 17024 certification. But I was also very pleased to receive the “Privacy Law — Lawyer of the Year” award this year, of course, and it confirmed to me that data protection is also becoming increasingly important in the public eye.
How long has the German Institute for Data Protection been in existence and how did it come about?
We founded the German Institute for Data Protection last year in order to establish a certification body for data protection. Since there are currently no DSGVO certifications in Europe, we are hereby leading the way and offering transparent and comprehensible certifications for corporate data protection for the DACH region. We have also created a data protection award so that companies that have implemented data protection can also present this to their customers. For customers, this can then be seen as a seal of approval that their personal data is being processed properly here.
What is the vision of the German Institute for Data Protection?
Our goal is for all consumers to be able to immediately see which companies actually implement data protection at their sites and thus offer protection for the personal data of their customers and prospects. This is the only way to achieve real transparency. And only with transparent processes do consumers have the opportunity to remain in control of their data and decide freely to whom they want to give which data in the first place. In most cases, we as data subjects do not even know what is happening with our data. And this is where our vision of transparency comes in.
Why do you think it is important to deal with the topic of data protection? What is particularly important to you when dealing with sensitive data?
Personal data has become a currency in its own right. Although there are sufficient data protection laws, there are unfortunately still companies that do not comply with these regulations at all. Ubiquitous IT can create any number of profiles, the linking of which is definitely not in the interests of those affected. If my car stores how my acceleration behavior is when I drive onto the highway, my car insurance company or my health insurance company do not need to know this for a long time, even though they certainly have a great interest in such data. This would make it possible to calculate completely new policies, because the risk of the car insurance can now perhaps be assessed differently. Health insurance companies could also recategorize their members on the basis of such data. Depending on one’s driving style, it could be assumed that one becomes more agitated while driving. If so, one would be a possible candidate for a heart attack. Ultimately, there are already immense amounts of data about all of us in various places, which, when combined, would make us completely transparent. Therefore, the protection of our data is elementary in order to be able to preserve our basic right to the free development of our personality. Speaking of health data, many medical practices still have a lot of room for improvement in terms of data protection. Recently, we received faxes from a practice with Corona test results. However, these were not intended for us.
What is your recommendation to our community? What simple tips can they use to better protect their personal data?
Think about who you want to give what data to. One data protection principle is that everyone should only receive as much data as they need to achieve their purpose. In concrete terms, this means, for example, that a car dealership may check your driver’s license (look at it, don’t copy it) during a test drive, but should not be required to provide your e-mail address, as this is not necessary for a test drive. On social networks, don’t accept all friend requests, only those from people you really know.
When dealing with e-mails in general, there are also simple ways to expose so-called phishing e-mails that want to spy out your passwords: before you click on the link in the e-mail, take a closer look at the actual e-mail address of the sender. In most cases, you can already tell that it is not eBay, Telekom, Sparkasse or any other well-known company, but a combination of letters and numbers. Then you should simply delete the corresponding mail.
And last but not least, our famous final question: If you could spend an evening with a famous person, who would it be and why?
Preferably an evening with Mark Wahlberg. Then maybe I can get him excited about making a privacy action movie. Then data protection will really be the order of the day ;-)
Thank you very much for the interesting interview, Andreas!
With our monthly series “Digital Trust Heroes” we want to give innovative and privacy-oriented startups and companies a digital stage to help present their vision, their project and the people behind it and make them more visible.
Our focus is clearly on companies that, like us, deal with topics such as data protection, data security, digital identity and the secure handling of personal data and want to make the digital world a little bit better.
Our goal is to create a trustworthy ecosystem of pan-European “Digital Trust Heroes” who want to enable people to live a comfortable and secure life on the Internet.