The Conference of the Independent Data Protection Authorities of the Federal and State Governments (DSK, Data Protection Conference) is a frame that offers and feedback on modern statistics protection problems in Germany. One of DSK’s principal duties is to achieve uniform utility of European and countrywide statistics safety regulation. Although DSK resolutions and statements are non-binding, they need to be considered via facts protection managers while transposing the statutory provisions. These resolutions and reports specify an additional element of the supervisory authorities’ perspectives on facts protection problems.
On April five, 2019, the Data Protection Conference “Technical and Organizational Data Protection Issues” Working Group published an orientation guide on measures to be taken through online services with admire to at easy access. The report is geared toward providers of online offerings which might be processing private information of customers. Such agencies fall beneath the provisions of the GDPR and should, therefore, comply especially with the requirements on the safety of processing.
(Article 32 GDPR). This includes measures to at ease get right of entry to to the offerings. In the opinion of the data protection supervisory government, the steps described in the file correspond to state of the art and guarantee powerful protection of users’ records.
The following measures are defined inside the orientation guide:
- measuring and showing password electricity
- forcing password trade best in unique cases
- method for managing failed login tries
- coping with compromised offerings
- significant notifications
- relaxed password reset
- encrypted transmission of passwords
- encrypted storage of passwords
- securing password databases towards unauthorized get admission to
- training of personnel
- presenting -thing authentication
- separation of authentication and user records
- information approximately password supervisor
- security as an incorporated project
In addition to the measures mentioned above, DSK expressly refers to the hints of the Federal Office for Information Security (BSI) in the IT Baseline Protection Compendium on Identity and Authorization Management (which includes Basic Requirement ORP.Four.A8 “Rules on password use” or ORP.4.A11 “Resetting passwords”)