Organizations face the risk of financial, legal and reputational damages if they do not take care of security for their data and IT systems. Enterprise Data Governance rules, European legal restrictions like the GDPR but also national or industry-specific data privacy laws such as BDSG or TKG in Germany clearly define how data needs to be protected in IT systems in order to avoid data security breaches. Additionally, regulations like the German BSI security law and the international ISO/IEC 27000-series define standards for minimizing threats to IT systems.