DSFA stands for data protection impact assessment. According to the GDPR, a documented decision must be made for each processing activity (VT) as to whether a data protection impact assessment (DSFA) is to be carried out. This is done in the course of a so-called DSFA requirement assessment. This DSFA and DSFA requirement check can be performed in HITGuard under "Data Protection → DSFA".

Experts are a user role in HITGuard. For more on user roles, see "Administration → Users / User Roles".

In HITGuard, it is possible to import existing data, e.g. hazard situations or organizational units, from other sources (e.g. SAP). The ID makes it possible to keep data consistent across applications. If an import is performed and the ID of the import data set matches an existing ID, then a new data set is not imported, but the existing data set is updated with the import data set. Example: You use SAP to manage organizational units and import them monthly to HITGuard to bring all changes from SAP into HITGuard. For more information, see Data import.

LDAP or Lightweight Directory Access Protocol is a network protocol standard that can be used in HITGuard to authenticate users. This allows users to log in using the credentials from your Authentication Provider. For more information about this, see Login Options and Global Settings.

OrgUn or organizational units map the structure of a company. A company usually consists of several organizational units that participate in the individual processing steps, which in turn take place in one or more organizational units. The creation and processing of data in these organizational units during the individual process steps is predominantly IT-supported using IT systems. In HITGuard, the process steps occurring in the OrgUn, the data and resources used in the process can be mapped with the Structure Analysis.

Practitioner is a user role in HITGuard. For more on user roles, see "Administration → Users / User Roles".

Professionals is a user role in HITGuard. For more on user roles, see "Administration → Users / User Roles".

RPO or Recovery Point Objective indicates how much data loss can be accepted. The RPO specifies the period of time that can elapse between two data backups. In other words, the maximum amount of data/transactions that can be lost between the last backup and the system failure. If no data loss is acceptable, the RPO is 0 seconds.

RTO or Recovery Time Objective specifies how long a business process/system may be down. The RTO specifies the time that may pass from the time of damage until the complete recovery of the business processes (recovery of: Infrastructure - Data - Reprocessing of data - Resumption of activities) may pass. The time period can range from 0 minutes (systems must be available immediately) to several days, in some cases weeks.

If a review, protection needs analysis or processing activity in HITGuard is of the Self Assessment type, then this means that this activity is to be carried out by the officer or interviewee, for example. The responsible party can then request a response to the activity from the case worker or interview partner. The clerk or interview partner answers this and returns it to the responsible person. The latter can then check and accept the response or request a new response.

TOMs are technical and organizational measures or controls used for handling personal data. According to Art. 32 GDPR, data controllers and the processor are required to take appropriate technical and organizational measures (TOMs for short) to ensure a level of protection appropriate to the risk. The criteria that the TOM must meet, as well as some examples of appropriate measures, are described in Art. 32(1) of the GDPR. For more on the creation and use of TOMs in HITGuard, see "Data Protection → TOMs".

VTs ist die Abkürzung für Verarbeitungstätigkeiten. Eine gesetzliche Definition des Begriffs findet sich in Art. 4 der DSGVO, dort wird der Begriff „Verarbeitung“ wie folgt definiert:

• jeder mit oder ohne Hilfe automatisierter Verfahren ausgeführter Vorgang oder jede solche Vorgangsreihe im Zusammenhang mit personenbezogenen Daten. D.h. jeder Vorgang oder Prozess, der in irgendeiner Form personenbezogene Daten verarbeitet, egal ob sie nur gespeichert oder für Auswertungen verwendet werden, ist eine Verarbeitungstätigkeit.