The Federal Commissioner for Data Protection and Freedom of Information

Navigation and service

The standard data protection model

Guidance from the DSK on the implementation of concrete technical and organisational measures

a shield with a hook in the middle is held by two hands below and above
Source: Adobe Stock

What is the standard data protection model?

The standard data protection model (SDM) is a procedure allowing to translate the legal requirements of the General Data Protection Regulation (GDPR) into concrete technical and organisational measures. It is being developed by a sub-group of the Data Protection Conference (DSK).

The latest versions of the adopted documents can be downloaded from the web pages of the LfDI Mecklenburg-Western Pomerania.

The starting point: The GDPR

Article 5 of the GDPR lays down essential principles for the processing of personal data: The processing must be lawful, fair, transparent, restricted to the purpose, limited to the necessary extent. It shall be conducted on the basis of correct data while respecting integrity and confidentiality. In addition, personal data may normally only be kept in a form which permits identification of data subjects for no longer than is necessary. Compliance with the principles must be verifiable (“accountability”).

The guarantees to be achieved

In the SDM, the aforementioned legal requirements are transformed into seven so-called “guarantees to be achieved” providing the controller with guidance to ensure the legally compliant processing of personal data within his area of responsibility. These guarantees to be achieved are the following:

Data minimisation

The processing of personal data shall be limited to the extent appropriate and necessary for the purpose.


Access to personal data and their processing must be possible without delay. Furthermore, proper use in the planned process must be ensured.


Personal data may only be processed in such a way as to ensure protection against accidental loss, accidental destruction or accidental damage by appropriate technical and organisational measures. Any modification of the stored data by unauthorised third parties should be excluded or at least made visible in such a way that they can be rectified.


No unauthorised person may take note of or use personal data.

No concatenation

Personal data collected for different purposes may not be merged, i.e. concatenated.


It must be recognisable which data are collected and processed when and for what purpose in a processing activity, which systems and processes are used, the destination to which the data flow and for what purpose, and who has the legal responsibility for the data and systems in the various phases of data processing.

Possibility of intervention

Data subjects must be able to exercise their rights relating to their personal data. In concrete terms, this means: The data subjects receive information about their stored data, they can have rectifications made and they can have their personal data blocked or deleted. The data processing processes must be designed in such a way that this is possible.


The SDM transfers the legal requirements of the GDPR into technical and organisational measures by means of the guarantees to be achieved. It thus supports the transformation of abstract legal requirements into concrete technical and organizational measures.