InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Com-Sys GmbH
Frankfurter Straße 233
63263 Neu-Isenburg
Germany
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
InfoGuard Com-Sys GmbH
Am Gierath 20A
40885 Ratingen
Germany
The dual role of Chief Information Security Officers (CISOs) and Data Protection Officers (under EU law) or the Data Protection Officer (DPO) in accordance with Art. 10 of the Swiss Data Protection Act (DPA) does not have to be a balancing act. But how can this dual role be managed efficiently? This earlier article provides answers to this question and shows how an integrated management system (IMS) can create synergies and significantly reduce the workload for companies.
An integrated management system (IMS) combines the processes and guidelines from the information security management system (ISMS) and the data protection management system (DSMS). This creates a central structure in which companies:
Especially when personnel resources are scarce, an IMS offers an efficient way of managing security and data protection requirements under one roof.
Although the CISO and DPO both have sound technical and legal knowledge, their main responsibilities differ:
An overview of the synergies:
Possible conflicts that should be taken into account:
If a critical security vulnerability is discovered that could allow customer data to fall into the wrong hands, two roles must act quickly and purposefully:
In a dual role, it is particularly important that roles and responsibilities are clearly defined - especially for security-relevant measures that affect personal data. It is crucial that it is clearly documented at all times whether an action is carried out in the role of CISO or DPO. This is the only way to independently check data protection requirements and identify potential conflicts of interest at an early stage.
To ensure the independence of the DPO in accordance with Art. 10 DPA, decision-making and escalation channels must be structured accordingly. In addition, automatic review processes should be implemented - for example through internal audits or regular external checks - to ensure that security measures relating to data protection are identified and correctly assessed in good time.
A dual role of CISO and DPO can bridge staff shortages and at the same time provide a holistic view of security and data protection risks.
For this balancing act to succeed in practice, it is essential:
If companies meet these three requirements, they benefit from:
The growing complexity of cyber security and data protection calls for integrated solutions instead of isolated silos. A combined CISO/DPO role can do just that - provided it is well thought out and clearly anchored strategically.
Companies that take action now and review their structures will benefit twice: they will gain efficiency and at the same time strengthen their compliance - towards customers, partners and supervisory authorities.
If you want to know how to design such a key role in a lean, effective and legally compliant way, InfoGuard is the right place for you. Our experts will show you in a practical way how you can seamlessly combine information security and data protection - whether you are setting up or optimizing your existing management system.
Regardless of how you are currently set up, we will support your CISO/DPO specialist with the necessary CISO or DPO skills. Contact us without obligation.
Caption: Image generated with AI