AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Turn data subjects request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Data Privacy vs. Data Security [definitions and comparisons]

Data Privacy vs. Data Security

When it comes to data privacy vs data security, we can frequently hear or read those terms being used interchangeably. However, are these indeed synonyms, or do they denote slightly different concepts?

We will briefly touch on both their similarities and differences in this post. We will also see how one of them cannot exist without the other.visual representation of data privacy and data security areas

What is Data Privacy

There are various privacy definitions online. Data privacy or Information privacy is concerned with proper handling, processing, storage and usage of personal information. It is all about the rights of individuals with respect to their personal information.

The most common concerns regarding data privacy are:

Privacy, in general, is an individual’s right to freedom from intrusion and prying eyes or the right of the person to be left alone.

It is guaranteed under the constitution in many developed countries, which makes it a fundamental human right and one of the core principles of human dignity, the idea most people will agree about.

Any risk assessment conducted for the purpose of enhancing the privacy of individuals’ personal data is performed from the perspective of protecting the rights and freedoms of those individuals.

What is Data Security

Data security is focused on protecting personal data from any unauthorized third-party access or malicious attacks and exploitation of data. It is set up to protect personal data using different methods and techniques to ensure data privacy.

Data security ensures the integrity of the data, meaning data is accurate, reliable, and available to authorized parties.

Data Security methods practices and processes can include:

  • activity monitoring
  • network security
  • access control
  • breach response
  • encryption
  • multi-factor authentication

Similarities and differences between Data security and Data privacy

In short, data privacy and data security are, by no means, the same terms. Data privacy is about proper usage, collection, retention, deletion, and storage of data. Data security is policies, methods, and means to secure personal data.

So, if you are using a Google Gmail account, your password would be a method of data security, while the way Google uses your data to administer your account, would be data privacy.

Difference between data privacy and data security

Think for example of a window on a building; without it being in place an intruder can sneak in and violate both the privacy and security of the occupants.

Once the window is mounted it will perform a pretty decent job in keeping unwanted parties from getting into the building. It will, however, not prevent them from peeking in, interfering thus with the occupants’ privacy. At least not without a curtain.

In this (oversimplified) example the window is a security control, while the curtain is privacy control.

The former can exist without the latter, but not vice versa. Data security is a prerequisite for data privacy. And information security is the main prerequisite to data privacy.


When it comes to cybersecurity (i.e. computer, digital), we can agree that it refers to protective measures that we put in place to protect our digital assets from harmful events such as human and technical errors, malicious individuals, and unauthorized users.

However, for the sake of completeness, we have to admit that even in this day and age not all information is digital.

We still deal with numerous paper documents, which in turn hold very valuable information worth protecting.

This is exactly where the term information security comes in handy, denoting the practice of preventing unauthorized access, use, disclosure, modification or destruction of information in whatever form.

The three pillars of information security:

  1. Confidentiality – prevents sensitive information from reaching wrong people, while making sure that the right people can use it;
  2. Integrity – maintains the consistency, accuracy, and trustworthiness of information over its lifecycle; and
  3. Availability – ensures that the information is available when it is needed.

These are very often referred to as the C-I-A triad, and they all have to be addressed in order to achieve a satisfactory level of information security.

Like many things in life where nothing is perfect, the same goes for security; there is no such thing as a 100% secure system. There are only acceptable levels of risk.

This means that in order to secure information an organization must first conduct a formal risk assessment.

The risk assessment will then be cross-referenced with the organization’s risk acceptance criteria (these are developed in line with the organization’s risk appetite, i.e. their willingness to accept a predefined level of risk) and consequently, a risk treatment plan can be developed.

Only then security controls will be chosen with the aim to mitigate specific residual risks. In information security, this is known as a risk-based approach to security.

When you think about it, it makes sense – it would be very difficult to justify spending 100 euros to protect an asset that only costs 10 euros.

What about data protection?

Assuming that we have done a decent job explaining what data security and data privacy are, you might be wondering about the term data protection and how it fits in the whole picture.

Data protection is essentially amalgamated security and privacy.

With each of the two dealing with their own set of challenges, when combined it delivers protected usable data as the result.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top