WTF is DSGVO
The Datenschutzgrundverordnung (DSGVO) is called GDPR (EU General Data Protection Regulation) in English and will replace the Directive 95/46/EC formerly in place on 25. May 2018. If you did not know that before you are most likely not prepared, right? The GDPR requires processors of personal data in Article 32 to “take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk”. There is no further specification, but the GDPR has some protection goals instead:
- the pseudonymisation and encryption of personal data
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing
Cloud services are regulated via Auftragsdatenverarbeitung in Germany by the way. The cloud user must therefore check the data protection level and the data security of the cloud provider. For example, are subcontractors used or is the data transmitted to or through third countries? For cloud users who want to comply with the European data protection guidelines, the only option is to choose European cloud providers with a data center within the EU.