German DPA Releases English Translation of the Standard Data Protection Model

A German data protection authority (DPA) has published an English translation of the draft Standard Data Protection Model (SDM), which addresses the data protection goals of data minimization, availability, integrity, confidentiality, transparency, unlinkability and intervenability.

Specifically, the SDM provides an analysis of the relationship between the legal requirements found in the EU General Data Protection Regulation (GDPR), and the selection and implementation of data protection measures. In doing so, it includes a specific set of data security measures, as well as a methodology for the practical implementation of the GDPR’s requirements.

The goal of the SDM is two-fold:

• First, it is designed to assist DPAs in conducting “more transparent and upright reviews of technical and organizational data protection measures” in an effort to ensure that “transparent plausible, [and] reliable judgments” are reached.

• Second, it provides companies with “a methodology for assessing the efficacy of data protection measures required by data protection regulations” and guidance on how to “systematically plan, implement and continuously monitor” those measures.

An international version of the SDM is also being prepared. It will “focus even more closely on the aspects of the operationalization of fundamental rights by an appropriate selection and implementation of organizational measures and technical functionalities.”

The SDM is currently being reviewed by German DPAs, after being unanimously and affirmatively acknowledged (under abstention by Bavaria) by the 92nd Conference of the Independent Data Protection Authorities of the Bund and the Länder.

A final draft is expected to be released later this year, with revisions set to take place after May 2018, when the GDPR comes into force.

Read the full draft here.