Quiz Entry - updated: 2026.07.14
How does information security differ from data protection / privacy law (Datenschutz)?
Information security protects all data from threats; data protection protects people's control over their personal data.
| Information security | Data protection (Datenschutz) | |
|---|---|---|
| Purpose | protect all data & information via measures | protect personal data |
| Rooted in | risk reduction, business value | the right to informational self-determination |
| Governed by | standards/norms (e.g. ISO/IEC 27001) | laws (Swiss DSG, EU GDPR/DSGVO) |
The relationship: they overlap but aren't the same. You can have strong information security and still violate data protection (e.g. perfectly secured servers that nonetheless collect personal data without consent). Conversely, data protection relies on good security to be effective.
Tip: Security asks "is the data protected from attackers?" Data protection asks "does the person control how their data is used?"