The requirements demanded of the security of information are based on the objectives of data protection. The emphasis is not on the protection of the information but ensuring its confidentiality, integrity , availability and authenticity insofar as this is required for protecting the rights to privacy of the individuals concerned.

In addition to the objectives addressed by the individuals controls , the section on the information security does however also contain specific measures that have to be implemented . In this context these are primarily oriented towards the ISO /IEC 17799 standard.