Custom made or internally developed software and hardware

The protection of internally developed soft- and hardware requires a far-reaching foundation of security and from the start. Therefore, internally developed soft- and hardware is beyond the scope of this scheme.

Organizations are encouraged to implement technical and organizational measures, at the earliest stages of the design of the processing operations in such a way that safeguards privacy and data protection principles right from the start (‘data protection by design’). Organizations should ensure that personal data has a risk-based approach, so that all personal data is protected according to their risk.

Internally developed soft- and hardware is beyond the scope of this scheme.