The first GDPR-based data privacy certificate for cloud services is here.
In view of the systematic sanctions for data privacy incidents issued by the supervisory authorities under GDPR, such a data privacy certification for cloud services is not only important for Deutsche Telekom; it is also significant for customers. Therefore, Deutsche Telekom places great value on the official recognition of the standards by the supervisory authorities responsible for data privacy. The supervisory authorities provided advice during the development of the standard and are currently drafting an audit catalog to test such a standard.
Quick recognition
“If German cloud products are to remain competitive in the long-term, we quickly need recognition by the supervisory authorities. Documented audit criteria are important but we cannot get bogged down by detail,” says Dr. Claus-Dieter Ulmer, Global Data Privacy Officer at Deutsche Telekom.
Auditor is a data privacy certificate. This means that, once completed, an external inspection body such as DEKRA or TÜV will examine and confirm compliance with the requirements. In this respect, a data privacy certificate differs from a Code of Conduct, where the company submits a self-declaration.
Auditor also cooperates with the “GAIA-X” project from the German Federal Ministry for Economic Affairs and Energy. GAIA-X is a project to set up a high-performance, competitive, secure, and trustworthy data infrastructure in Europe. Auditor can make a valuable contribution here by confirming compliance with GDPR via a certificate.
With us from the beginning
The data privacy certificate managed under the “Auditor” project name is the successor to the Federal Data Protection Act-based – and now expiring – certificates according to the TCDP (Trusted Cloud Data Protection) standard. Both standards were developed by the German Federal Ministry for Economic Affairs and Energy in close collaboration with the data privacy supervisory authorities, the Federal Ministry of the Interior and the Federal Office for Information Security. Deutsche Telekom played an active role in development from the very start.
