Interview with Eike Auferkamp, Owner of Auferkamp IT Consulting
2020-05-26, by Julia Bialek, Head of GDPR Conference, EIPS
1. Eike, in your opinion: what is the difference between data privacy and data protection?
First of all its often used in the mix. Sometimes in the wrong context. Data Privacy is more a personell sphere context and a wider definition and protection is more about how to handle stored information in a DB for example. In the end both happens often in the same time. One is defining the level of confidentiality the data reached and the other is the protection level.
2. You are working in the field of IT-security, which is infrastructure security as well as data security; very often, people like you are accused to be against innovation - what is your position on this?
Like my Trainer said once: "you first need to learn the basics". Innovation is very important in the fast changing field of Cyberattacks. But the Trust customers feel when they invested in innovative Technologies is deceptive. If they are not really good in security basics, an innovative „Add on“ will not raise the security level. In the end IT Security is not (only) about solutions, its a question of mindset. If you think/live security, the benefit for your security level is much higher than the best solution. Awareness, right Configurations, and not by last a direct and honest internal reporting are things that come to mind you need to do/feel/act like, before you invest in the next big thing. But don’t get me wrong: Cybersecurity is a very dynamic field in IT and Innovations are important as a Reaction - just don’t only trust on that.
3. In your opinion: what is the biggest upcoming topic for companies in terms of data protection in the next 12 months?
The same as before: internal Investigation. This is not a very exciting answer, but what I see so far, is that the companies often don’t know where the sensible data is stored (spoiler alert: often not only on the server) and often sensible Informations like Customer-Password are stored in clear text or MD5, which is basically clear text in the end. GDPR came with a shock for most of the big customers, internal Lawyers invested months to change details in contracts…but this wave of the shock is shrinking. In the end I have the feeling that most of the companies are again or still working like before - this will change when a few new cases will be seen in public.
Thank you very much for the interview, Eike.