The main task of information security management is to protect the basic values:
integrity (authenticity and non-repudiation) and
This includes not only securing traditional IT but also all systems, such as IoT systems, industrial control systems and overall all systems and processes in which information is processed, retrieved or stored.
In the context of data protection, the following are then usually also considered.
Intervenability (enabling data subjects' rights to be carried out at any time, for example, the execution of deletion requests),
so called non-chaining (as a safeguard for purpose limitation)
Purpose limitation here means that personal data may only be used for the purpose for which it was collected. If the purpose has been fulfilled and the data is then no longer required, it must be deleted.