In this article you will read about,
- which companies the GDPR applies to,
- what impact the regulation has on IT security, and
- why the location of the hosting provider is important.
Since spring 2018, the European General Data Protection Regulation (GDPR) has applied in all EU member states. The most important questions about the current data protection law for companies at a glance:
Who does the GDPR affect?
The European General Data Protection Regulation affects anyone who processes personal data – companies, associations, public offices, government authorities, and schools. It doesn't matter whether an organization collects, stores, or "only" forwards the data.
What does the GDPR mean for companies?
Since 2018, the General Data Protection Regulation has been binding and legally effective in all EU member states. This means that anyone and everyone affected can directly sue for their rights set out in the GDPR before the national courts of the EU member states. Any company that violates this applicable law will face severe sanctions from the supervisory authorities.
Who determines whether fines are due, and if so to what extent, according to the GDPR?
The level of fines is uniformly regulated and can be up to 4 percent of annual turnover or 20 million euros. This can become a serious economic risk even for large companies. When it comes to sanctions, the supervisory authorities must agree on a common approach among themselves. Their task is to impose sanctions that are proportionate, but also dissuasive.
What impact does the GDPR have on the IT security of companies?
The General Data Protection Regulation contains a comprehensive catalog of data security measures. This is the first time that IT security has been demanded as a standard – an important step, because inadequately secured companies sometimes don’t even realize that they have been the victim of a hacker attack with data theft. Such negligence would be punished by the GDPR, which imposes a reporting obligation: A loss of personal data must be reported within 24 hours.
How important is the question of location for cloud providers?
In order to comply with the GDPR, the issue of where a cloud provider’s data centers are located or where the storage and processing of personal data takes place is crucial.
This is because in the summer of 2020 the European Court of Justice overturned the Privacy Shield with its Schrems II judgement. As a result, the data protection agreement between Europe and the United States no longer exists. Therefore, companies can no longer rely on this agreement, which was intended to ensure compliance with European data protection standards outside the EU, when storing data in third countries.
Does the Open Telekom Cloud comply with the General Data Protection Regulation?
All data in the Open Telekom Cloud is stored in multi-certified, highly-secure data centers in Germany and the Netherlands. This means that all data remains on European soil and in the European legal area at all times.
Telekom and T-Systems also had the GDPR-compliant nature of their public cloud independently audited and certified at an early stage. The Trusted Cloud Data Protection Profile 1.0 (TCDP 1.0) shows that the offering fully meets the strict requirements. It certifies that the Open Telekom Cloud has a legally-compliant data protection certification for defined cloud services. In the future, the TCDP certification will be replaced by the "GDPR CC" certification. The goal: to apply European data protection sustainably. "GDPR CC" enables us to demonstrate the compatibility of your data processing operations with the GDPR data protection requirements.
Do you have questions?
We answer your questions about testing, booking and use - free of charge and individually. Try it! Hotline: 24 hours a day, 7 days a week
0800 33 04477 from Germany / 00800 33 04 47 70 from abroad