{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T04:48:53Z","timestamp":1763959733711,"version":"3.37.3"},"reference-count":19,"publisher":"Springer Fachmedien Wiesbaden GmbH","issue":"4","license":[{"start":{"date-parts":[[2022,9,5]],"date-time":"2022-09-05T00:00:00Z","timestamp":1662336000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,9,5]],"date-time":"2022-09-05T00:00:00Z","timestamp":1662336000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100002347","name":"Bundesministerium f\u00fcr Bildung und Forschung","doi-asserted-by":"publisher","award":["16KIS1361K","FKZ 13N16251"],"award-info":[{"award-number":["16KIS1361K","FKZ 13N16251"]}],"id":[{"id":"10.13039\/501100002347","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100018452","name":"Fraunhofer-Institut f\u00fcr Sichere Informationstechnologie SIT","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100018452","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["HMD"],"published-print":{"date-parts":[[2023,8]]},"abstract":"<jats:title>Zusammenfassung<\/jats:title><jats:p>Plant eine Organisation ein neues IT-System, mit dem es personenbezogene Daten ihrer Kunden oder Mitarbeiter verarbeiten m\u00f6chte, so stellt es den Planer des IT-Systems h\u00e4ufig vor gro\u00dfe Herausforderungen, die Entwicklung und Inbetriebnahme des neuen IT-Systems unter Beachtung der einschl\u00e4gigen datenschutzrechtlichen Anforderungen umzusetzen. H\u00e4ufigster Hemmschuh f\u00fcr eine datenschutzkonforme Entwicklung und Inbetriebnahme eines neuen IT-Systems sind einerseits fehlende Fachkenntnisse zu datenschutzrechtlichen Rahmenbedingungen \u2013\u00a0insbesondere die datenschutzrechtlichen Anforderungen, die sich aus der Datenschutz-Grundverordnung ergeben und die entsprechend des darin verankerten risikobasierten Ansatzes <jats:italic>angemessen<\/jats:italic> umzusetzen sind\u00a0\u2013 sowie andererseits fehlende Erfahrungen zur Gestaltung der Umsetzung dieser Anforderungen, auch hinsichtlich der Einbindung von Funktionstr\u00e4gern innerhalb der Organisation seitens des Planers des IT-Systems. Der vorliegende Aufsatz m\u00f6chte vor diesem Hintergrund einen Beitrag dazu leisten, Planern von IT-Systemen die wichtigsten einschl\u00e4gigen Datenschutzanforderungen aufzuzeigen sowie Empfehlungen zur Umsetzung dieser Anforderungen zu geben.<\/jats:p>","DOI":"10.1365\/s40702-022-00897-2","type":"journal-article","created":{"date-parts":[[2022,10,24]],"date-time":"2022-10-24T16:03:56Z","timestamp":1666627436000},"page":"923-939","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Ein Vorschlag f\u00fcr die datenschutzkonforme Gestaltung von Datenschutz-Grunds\u00e4tzen und -Schutzma\u00dfnahmen in IT-Systemen\u00a0\u2013 Angemessene technische und organisatorische Schutzma\u00dfnahmen nach Art.\u00a032 DSGVO","A proposal for the data protection-compliant design of data protection principles and measures in IT systems\u2014Appropriate technical and organizational measures according to Art.\u00a032 GDPR"],"prefix":"10.1365","volume":"60","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8859-4808","authenticated-orcid":false,"given":"Annika","family":"Selzer","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ingo J.","family":"Timm","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"93","published-online":{"date-parts":[[2022,9,5]]},"reference":[{"key":"897_CR2","unstructured":"BfDI (2020) Das Standard-Datenschutzmodell. https:\/\/www.bfdi.bund.de\/DE\/Fachthemen\/Inhalte\/Technik\/SDM.html. Zugegriffen: 13. Febr. 2022"},{"key":"897_CR1","unstructured":"BSI (2017) BSI-Standard 100\u20112 \u2013 IT-Grundschutz-Vorgehen. https:\/\/www.bsi.bund.de\/DE\/Themen\/Unternehmen-und-Organisationen\/Standards-und-Zertifizierung\/IT-Grundschutz\/BSI-Standards\/BSI-Standard-200-1-Managementsysteme-fuer-Informationssicherheit\/bsi-standard-200-1-managementsysteme-fuer-informationssicherheit_node.html. Zugegriffen: 5. Jan. 2022"},{"key":"897_CR3","doi-asserted-by":"publisher","first-page":"786","DOI":"10.1007\/s11623-019-1206-3","volume":"43","author":"E Durmus","year":"2019","unstructured":"Durmus\u00a0E, Selzer\u00a0A, Pordesch\u00a0U (2019) Das L\u00f6schen nach der DSGVO \u2013 Eine Diskussion der datenschutzkonformen Umsetzung bei E\u2011Mails. Datenschutz Datensich 43:786\u2013791","journal-title":"Datenschutz Datensich"},{"key":"897_CR4","volume-title":"Datenschutz-Grundverordnung","author":"E Ehmann","year":"2017","unstructured":"Ehmann\u00a0E, Selmayr\u00a0M (2017) Datenschutz-Grundverordnung. C.H. Beck, M\u00fcnchen"},{"key":"897_CR5","volume-title":"Datenschutz-Grundverordnung \u2013 Kommentar","author":"P Gola","year":"2018","unstructured":"Gola\u00a0P (2018) Datenschutz-Grundverordnung \u2013 Kommentar. C.H. Beck, M\u00fcnchen"},{"key":"897_CR6","first-page":"2608","volume":"71","author":"P Gola","year":"2018","unstructured":"Gola\u00a0P, Klug\u00a0C (2018) Die Entwicklung des Datenschutzrechts im ersten Halbjahr 2018. Neue Jurist Wochenschr 71:2608\u20132611","journal-title":"Neue Jurist Wochenschr"},{"key":"897_CR7","volume-title":"Formularhandbuch Datenschutzrecht","author":"A Koreng","year":"2018","unstructured":"Koreng\u00a0A, Lachenmann\u00a0M (2018) Formularhandbuch Datenschutzrecht. M\u00fcnchen, C.H. Beck"},{"key":"897_CR8","volume-title":"Datenschutz-Grundverordnung Kommentar","author":"J K\u00fchling","year":"2020","unstructured":"K\u00fchling\u00a0J, Buchner\u00a0B (2020) Datenschutz-Grundverordnung Kommentar. C. H. Beck, M\u00fcnchen"},{"key":"897_CR9","volume-title":"Datenschutz-Grundverordnung \u2013 Kompakt-Kommentar","author":"B Paal","year":"2021","unstructured":"Paal\u00a0B, Pauly\u00a0D (2021) Datenschutz-Grundverordnung \u2013 Kompakt-Kommentar. C.H. Beck, M\u00fcnchen"},{"key":"897_CR10","first-page":"339","volume":"8","author":"A Ro\u00dfnagel","year":"2018","unstructured":"Ro\u00dfnagel\u00a0A (2018) Datenschutzgrunds\u00e4tze \u2013 unverbindliches Programm oder verbindliches Recht? \u2013 Bedeutung der Grunds\u00e4tze f\u00fcr die datenschutzrechtliche Praxis. Z\u00a0Datenschutz 8:339\u2013344","journal-title":"Z Datenschutz"},{"key":"897_CR11","first-page":"503","volume":"9","author":"M Schr\u00f6der","year":"2019","unstructured":"Schr\u00f6der\u00a0M (2019) Der risikobasierte Ansatz in der DS-GVO \u2013 Risiko oder Chance f\u00fcr den Datenschutz? Z\u00a0Datenschutz 9:503\u2013506","journal-title":"Z Datenschutz"},{"key":"897_CR12","doi-asserted-by":"publisher","first-page":"120","DOI":"10.21552\/edpl\/2021\/1\/16","volume":"7","author":"A Selzer","year":"2021","unstructured":"Selzer\u00a0A (2021) The appropriateness of technical and organisational measures under article 32 GDPR. Eur Data Prot Law Rev 7:120\u2013128","journal-title":"Eur Data Prot Law Rev"},{"key":"897_CR13","first-page":"773","volume-title":"Chances and limitations of personal and Anonymized data processing\u2014implementing appropriate technical and organizational measures and creating added value in smart cities","author":"A Selzer","year":"2021","unstructured":"Selzer\u00a0A, Timm\u00a0IJ (2021a) Chances and limitations of personal and Anonymized data processing\u2014implementing appropriate technical and organizational measures and creating added value in smart cities. GI Informatik, Berlin, S\u00a0773\u2013787"},{"key":"897_CR14","doi-asserted-by":"publisher","first-page":"826","DOI":"10.1007\/s11623-021-1544-9","volume":"45","author":"A Selzer","year":"2021","unstructured":"Selzer\u00a0A, Timm\u00a0IJ (2021b) Gestaltung eines Systems zum anonymen Datenaustausch \u2013 Gestaltung angemessener Schutzma\u00dfnahmen. Datenschutz Datensich 45:826\u2013830","journal-title":"Datenschutz Datensich"},{"key":"897_CR15","doi-asserted-by":"publisher","first-page":"456","DOI":"10.21552\/edpl\/2021\/3\/15","volume":"7","author":"A Selzer","year":"2021","unstructured":"Selzer\u00a0A, Woods\u00a0D, B\u00f6hme\u00a0R (2021) An economic analysis of appropriateness under article 32 GDPR. Eur Data Prot Law Rev 7:456\u2013470","journal-title":"Eur Data Prot Law Rev"},{"key":"897_CR16","volume-title":"Datenschutzrecht \u2013 DSGVO mit BDSG (Kommentar)","author":"S Simitis","year":"2019","unstructured":"Simitis\u00a0S, Hornung\u00a0G, Spiecker\u00a0I (2019) Datenschutzrecht \u2013 DSGVO mit BDSG (Kommentar). Nomos, Baden Baden"},{"key":"897_CR17","volume-title":"Europ\u00e4ische Datenschutzgrundverordnung \u2013 Handkommentar","author":"G Sydow","year":"2018","unstructured":"Sydow\u00a0G (2018) Europ\u00e4ische Datenschutzgrundverordnung \u2013 Handkommentar. Nomos, Baden Baden"},{"key":"897_CR18","unstructured":"TeleTrusT, ENISA (2019) IT-Sicherheitsgesetz und Datenschutz-Grundverordnung \u2013 Handreichung zum \u201eStand der Technik\u201c technischer und organisatorischer Ma\u00dfnahmen. https:\/\/www.teletrust.de\/fileadmin\/docs\/fachgruppen\/2019-02_TeleTrusT_Handreichung_Stand_der_Technik_in_der_IT-Sicherheit_DEU.pdf. Zugegriffen: 5. Jan. 2022"},{"key":"897_CR19","volume-title":"Datenschutzrecht \u2013 Online-Kommentar","author":"H Wolff","year":"2019","unstructured":"Wolff\u00a0H, Brink\u00a0S (2019) Datenschutzrecht \u2013 Online-Kommentar. C.H. Beck, M\u00fcnchen"}],"container-title":["HMD Praxis der Wirtschaftsinformatik"],"original-title":[],"language":"de","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-022-00897-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1365\/s40702-022-00897-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-022-00897-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,28]],"date-time":"2023-08-28T13:05:06Z","timestamp":1693227906000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1365\/s40702-022-00897-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,5]]},"references-count":19,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2023,8]]}},"alternative-id":["897"],"URL":"https:\/\/doi.org\/10.1365\/s40702-022-00897-2","relation":{},"ISSN":["1436-3011","2198-2775"],"issn-type":[{"type":"print","value":"1436-3011"},{"type":"electronic","value":"2198-2775"}],"subject":[],"published":{"date-parts":[[2022,9,5]]},"assertion":[{"value":"6 April 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 August 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 September 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}