Worth reading:

The updated Standard Data Protection Model (SDM) – Version 2.0



In November 2019, the federal and state data protection authorities agreed on a revised version of the Standard Data Protection Model (SDM).

The purpose of the SDM

On 68 pages, a test method is documented, with which not only data protection officers but also companies and authorities can assess whether their applications process personal data in a data protection-compliant manner.

The working group goes on to detail: “The Standard Data Protection Model (SDM) provides a tool to support the selection and evaluation of technical and organizational measures that ensure and provide evidence that personal data is processed in accordance with the requirements of the GDPR.”

To this end, the SDM first captures the legal requirements of the GDPR and then maps them to the assurance objectives of

  • Data minimization
  • Availability
  • Integrity
  • Confidentiality
  • Transparency
  • Non-interconnectivity and
  • Intervenability


What is new in the updated version now?

The requirements of the GDPR with regard to the above-mentioned objectives are formulated and described more comprehensively
More attention is paid to the management of consent, as well as to the implementation of supervisory orders

As before

the establishment of a data protection management system in compliance with a Plan-Do-Check-Act cycle (PDCA) is described and recommended:

Source: Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder (Datenschutzkonferenz)

In activeMind’s view, what is really interesting for data protection practice are “the generic measures for the assurance objectives already laid out in the methodology, which are named in Part D. This is because what is named here is likely to be regarded as standard by the supervisory authorities. This is because what is mentioned here is likely to be regarded as standard by the supervisory authorities. A critical examination of the measures listed here is therefore necessary in any case, even if one decides against implementation as a result.”

The more detailed catalogs of generic measures, on the other hand, are not yet available across countries at the moment. Currently, there are only building blocks from individual states for individual goals (e.g., from Mecklenburg-Vorpommern).

It is not (yet) known when these announced catalogs will appear. What is certain, however, is that these catalogs will be very helpful to companies in complying with the minimum standards.

Image: Conference of the Independent Data Protection Authorities of the Federal Government and the Länder (Data Protection Conference)

Note: This is a machine translation. It is neither 100% complete or 100% correct. We can therefore not guarantee the result.



Related articles

TecArt CRM Pro

CRM software: TecArt at a Glance

Presentation TecArt Based in Erfurt, The company TecArt, founded in 1999, is one of the German CRM pioneers. In the meantime, the medium-sized company is

Microsoft Dynamics / Nimble CRM

CRM software: Nimble CRM at a glance

##Update from 21.09.2020 Nimble CRM is a small CRM tool from America that can be assigned to the Social CRM area. It offers many interfaces,

German CRM Landscape

The first German CRM Landscape

The first German CRM Landscape Update: 17.09.2020 Superoffice has now a new logo design. #Update: 05.05.2020 Our CRM Landscape has grown! We have now included

Our newsletter is free, but not for nothing..

…you will receive exclusive benefits such as analyses and comments on software products,
Legal and Marketing Technology, and much more…