AUDITOR
European Cloud Service Data Protection Certification
The European General Data Protection Regulation (GDPR) came into force on 25th of May 2018 and brings new data protection requirements to cloud users and providers.
Due to the concomitant effects, a consortium has formed to use a research project to conceptualize, implement and test a sustainable, EU-wide data protection certification of cloud services.
This would prove to be profitable for all concerned, e.g. certain cloud customers who only rely on the offer of cloud providers who can demonstrate that compliance with data protection is guaranteed.
Cloud vendors could provide the security they need based on meaningful certification. The certifiers and auditors would also benefit because the GDPR sets out certain rules for their business field and these are reflected in the certification basis that will be developed.
The conception of a sustainable data protection certification requires the development of a set of criteria for the certification of cloud services according to the GDPR. As a consortium partner, DIN will pursue the goal of translating the project results into a standard in order to facilitate or accelerate the transition to practice.
Project duration
1st November 2017 until 31 October 2019
Consortium
Consortium Partners
- Universität Kassel, Fachgebiet Öffentliches Recht mit Schwerpunkt Recht der Technik und des Umweltschutzes
- CLOUD&HEAT Technologies GmbH
- datenschutz cert GMbH
- DIN e.V.
- ecsec GmbH
- EuroCloud Deutschland_eco e.V., eco – Verband der Internetwirtschaft
- Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB), Karlsruher Institut für Technologie (KIT)
Associated Partners
- Kompetenznetzwerk Trusted Cloud e.V.
- Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
- Hornetsecurity GmbH
- VOICE-Bundesverband der IT-Anwender e. V.
- Bundesamt für Sicherheit in der Informationstechnik (BSI)
- Consultix GmbH
- CRM!ADDON Factory GmbH
- Deutsche Telekom AG
- Fabasoft Austria GmbH
- Fujitsu Technology Solutions GmbH
- mediaBEAM GmbH
- Microsoft Deutschland GmbH
- Mitteldeutsche Gesellschaft für Informationssicherheit und Datenschutz mbH
- Landesbeauftragte für den Datenschutz Niedersachsen
- PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
- ProfitBricks GmbH
- Propstack GmbH
- SAP SE
- SCOPE Europe b.v.b.a/s.p.r.l.
- TÜV Informationstechnik GmbH
- Uniscon GmbH
- VIVAI Software AG,
- Smart Service Power
Advisory Board
- Bitkom e.V.
- Netzwerk Datenschutzexpertise
- Technische Universität München Lehrstuhl für Wirtschaftsinformatik
- Universität des Saarlandes - Institut für Rechtsinformatik
- Stiftung Datenschutz
Project funding
The research project is being financed by Federal Ministry for Economic Affairs and Energy (BMWi).