Transformation Quarterly 01_2023

In an interview with Transformation Quarterly Professor Ulrich Kelber, Federal Data Protection Commissioner, describes the challenges companies and government are facing in the area of cyber security and emphasises that everyone in a position of responsibility needs to address them. 

To what extent do you think German companies are prepared for the growing threat of cyber attacks?

As the Federal Commissioner for Data Protection and Freedom of Information (BfDI), I am only responsible for telecommunications and postal service providers. In these domains, there is at least an awareness of the problem because of the large amount of data that is processed. This is very much lacking in other companies. It is said that there are only two types of companies – those that have been hacked and those that will be. I think this is a good starting point for planning preventive measures. Those who do not seriously address the risk of cyber attacks are cutting costs in the wrong area.

What needs to be done to improve cyber resilience in the long term?

Systems and solutions are needed where data protection and data security are factored in from the outset. This entails public authorities and companies having staff and expertise in this field, such as regulatory and company data protection officers. Coming up with solutions on the fly is not a suitable strategy for addressing Germany’s shortcomings in terms of digital transformation. What we need instead are consistent and sustainable projects.

What is the relationship between cyber-security and data protection in your opinion?

There is no data protection without cyber-security. Systems need to be protected by introducing technical and organisational measures so that internal and external attacks are prevented using state-of-the-art technology. The more sensitive the processed data are, the more the systems need to be protected. In this respect, cyber security is a key component of legally compliant data protection. Anyone who fails to adequately protect their system is committing a data protection breach.

What does the Federal Commissioner for Data Protection expect from the federal government’s cyber-security legislation?

It is very important to me that cyber-security legislation protects and respects the rights and freedoms of citizens in equal measure and that legislation does not impose unreasonable cuts and bans on security technologies. More specifically, there must be no ban or watering down of encryption, no telecommunications data retention and, generally speaking, no regulations that undermine sensible security safeguards for the general public. The government also needs to commit to closing security gaps as quickly as possible and not withhold them for use by security authorities.

Professor Ulrich Kelber has been the Federal Commissioner for Data Protection and Freedom of Information since January 2019. Prior to that, he was a member of the German Parliament from 2000 to 2018 and Parliamentary State Secretary to the Federal Minister of Justice and Consumer Protection from 2013 to 2018. Kelber is a computer scientist and biologist and became honorary professor of data ethics at Bonn-Rhein-Sieg University of Applied Sciences in July 2019.

Photo: Jens Gyarmaty (press photo)