Our services fully meet the stringent requirements of GDPR. That’s why we made our product the first to be certified by an independent institute. As such, we can guarantee that Open Telekom Cloud offers the very highest security standards.
Because the data centers of the Open Telekom Cloud are located in Germany and the Netherlands, your data will never leave Europe. As a result, you can rest assured that the General Data Protection Regulation (GDPR) is fully complied with at all times.
Compliance with the GDPR depends on the location of a cloud provider’s data centers or where the personal data is stored and processed.
Does your business model only allow for data processing in Germany? Then we will provide your resources in the Open Telekom Cloud together with data backup in German data centers. Are you planning a project across multiple countries or do you value geo-redundancy with a distance of more than 200 kilometers between the data centers? Then our twin-core data center in Amsterdam is also available to you.
The Service Organization Controls (SOC) reports, known as SOC 1, SOC 2, and SOC 3, are standardized frameworks for auditing service providers. SOC 1 focuses on internal controls over financial reporting. SOC 2 covers the five Trust Service Criteria: security, confidentiality, process integrity, availability, and privacy. SOC 3 is an abbreviated version of SOC 2 and, unlike the latter, is publicly available.
With the Schrems II ruling of July 2020, which overturned the EU/US Privacy Shield, it is clear that cloud offerings serving European users must comply with European standards. At the same time, it is also in the interest of many European companies to retain full control over their data - this is one of the key points addressed by the European GAIA-X initiative. With the Open Telekom Cloud, companies kill two birds with one stone: they retain full data sovereignty and avoid risks arising from the US Cloud Act or Schrems II.
The Open Telekom Cloud facilitates the secure processing of data of professional secrecy holders according to § 203 of the German Criminal Code (StGB), e.g., elected attorneys, doctors, auditors or legal departments in companies and social data in accordance with Section 35 of the German Social Security Code I (§ 35 SGB I), e.g., data from health insurance companies or medical clearinghouses.
Read our articles:
Secure cloud for professional secrecy holders
Secure cloud for social service providers
Following a resolution by the German Bundestag, the Federal Ministry for Economic Affairs and Energy can award cloud providers the Trusted Cloud seal. Open Telekom Cloud fully complies with the comprehensive requirements and can officially carry this title.
Find out more (only in German)
We generate recommendations that are highly sensitive for our customers and have an impact on competition. Therefore, data security and protection are of enormous importance to us.
To meet the very latest security and data protection requirements, all of our services are subject to strict rules and are regularly checked by independent specialists.
PSA takes an integral part of ensuring data privacy and security for our customers, which is validated in the ISO27001 Audits by DEKRA.
Find out more
As part of the audit, relevant checks for financial reporting are tested for their effectiveness.
Request report
As part of the audit, relevant checks to ensure the Trust Service Criteria - security, availability, integrity, confidentiality and data protection - are performed and tested for their effectiveness.
Request report
This report is intended for public distribution. It summarizes the results of SOC 2 and includes an assessment by our external auditor.
Download report*
*Please open the report with a fully fledged PDF reader, such as Acrobat Reader or Foxit PDF.
This report verifies the minimum information security requirements for cloud services of the BSI Cloud Computing Compliance Criteria Catalogue (BSI C5).
Request report
The EU Cloud Code of Conduct (EU Cloud CoC) provides independently verified evidence that data is processed in accordance with the requirements of Art. 28 and Art. 40 GDPR.
Download report
Tier III certified data centers use redundant components. The servers are multiple. The identical architecture of the Magdeburg and Biere data centers meet the criteria for TIER III certification.
Request report
GxP is an industry-specific certificate that covers the implementation of "good work practice" guidelines in the pharmaceutical sector.
Request report
Certification of additional information security controls for the use of cloud services.
Download certificate
Certification of establishing, implementing, maintaining and continually improving an information security management system (ISMS).
Certification of protection of personally identifiable information (PII) in public clouds acting as PII processors with a Data Protection Management.
Download certificate
Certification to establish, implement, maintain and continually improve a privacy information management system (PIMS).
Download certificate
The ISO 27000 family stands for a worldwide recognized framework on best practices of security standards. Instead of three separate certificates, the ISO/IEC 27017 and ISO/IEC 27018 is now included in the ISO/IEC 27001.
Certification of establishing, implementing, maintaining and continually improving a quality management system (QMS).
Download certificate
Certification of establishing, implementing, maintaining and continually improving an environmental management system (EMS).
Download certificate
Certification of establishing, implementing, maintaining and continually improving a service management system (SMS).
Download certificate
Certification of establishing, implementing, maintaining and continually improving a business continuity management system (BCMS).
Download certificate
The multi-certified data centers, the high level of data protection and Deutsche Telekom as a reliable and reputable partner convinced us.
Florian Schild, founder and CEO of boot.AI
* Voucher can be redeemed until December 31, 2023. Please contact us when using the voucher for booking. The discount is only valid for customers with a billing address in Germany and expires two months after conclusion of the contract. The credit is deducted according to the valid list prices as per the service description. Payment of the credit in cash is excluded.
