The GDPR and the BSIG require "state of the art" precautionary measures. In some cases, institutions face high fines for non-compliance. Regardless of whether you manage data in your own data center or enlist the help of a contract processor, your institution always remains the responsible party in the legal sense.
The obligation to exercise due diligence also gives rise to an individual liability risk for management personnel if they deliberately decide not to take the necessary technical and organizational measures (e.g., for budgetary reasons).

According to the German Federal Office for Information Security (BSI), a data security concept is the most important protective measure against elementary threats in order to ensure the permanent availability of data. In ad ...