Data Protection Germany

IT Security Made in Germany

In Germany there are good standards and concrete laws concerning data protection. Every German company must comply with these laws. The management is personally responsible for compliance and can be held responsible for this. When outsourcing your data to a cloud provider, the issue of data protection is therefore of particular importance.
ProfitBricks sensitive data

Risks for the protection of your sensitive data

Due to the legal responsibility for the protection of personal data, you should be aware of the risks and specifically check your provider.
  • As a company that outsources personal data to a cloud provider, you are responsible for ensuring that this provider complies with the German data protection laws.
  • Foreign companies, even if their data center is located in Germany, are subject to the law of their respective country and may therefore be required to disclose data (e.g. the Patriot Act in the USA).
  • Specific auditing requirements arise when you choose a cloud provider. You should also be aware of the problems that may arise when you have to take legal action and the provider's jurisdiction is located in a foreign country.
German Laws

German law offers you the best protection

For you as a user of cloud services it is important to think about trust, transparency, where your data is stored and how it is protected against loss, misuse and spying on data by unauthorized persons. The German legal framework is a very clear. Especially in the case of personal data (e.g. your customer information), the laws in Germany are particularly stringent. The handling of such data is clearly defined in the Federal Data Protection Act. Due to the difficult separation of personal and non-personal data, a uniformly high level of data protection is recommended for all your data according to the German legal situation.

Although the EU is now engaged, for example, in the promotion of cloud computing, the current privacy guidelines still leave many details open. And the Safe Harbor Agreement, which regulates the transfer of personal data from European companies to American companies, is a voluntary certification whereby once registered US companies are often no longer subject to compliance with data protection principles.
Data Security

If you want to be safe, you have to check

If you want to take advantage of cloud computing without taking compliance and security risks, you need to take a closer look at a number of aspects of your cloud vendor.

1. Data protection aspects
  • To what kind of national law is your provider amendable?
  • Where and how does the provider support you in your user responsibility according to the Federal Data Protection Act (eg specific test obligations pursuant to §§ 4b and 4c BDSG)?
  • How is the order data processing of your provider (correction, blocking, deletion of data etc.)

2. Control the cloud provider 
  • How can you check the technical and organizational measures of your supplier?
  • What certificates can the provider provide (e.g. ISO certifications)?
  • What is the security concept of the provider in detail?

3. Data encryption
  • How is the encryption of data?
  • What is the ratio of anonymized / pseudoanonymized data?
  • How does the provider prevent the unauthorized access to your data?
Data Protection Cloud

The peculiarities of data protection in the cloud

Data processing in the cloud is not tied to a specific region. Although you as a cloud user have the right to get information about the location of your data processing. But you can not prevent that even if the foreign provider has its data center located in Germany, The Patriot Act, the Foreign Surveillance Act or judicial orders, third parties get access to your data.

The decisive factor is not where the data are stored and processed, but the laws to which the cloud provider is amendable. A current examples show that U.S. authorities repeatedly access personal data in Germany. This is why speculations about industry espionage arise. However, a user (eg a customer of you) may, as a user company, make you liable under applicable German law if the cloud provider releases your data. In the case of a US provider, for example, you are then forced to claim your right again, with all the difficulties that the US jurisdiction entails.
ProfitBricks, a German company

The risk-free solution for you: ProfitBricks, a German company

ProfitBricks as a German cloud provider is entirely subject to German law. Our managing directors are personally responsible and are liable for the security of your data. Please check our privacy policy and our comprehensive ProfitBricks data protection package. The ISO 27001 certifications of our data centers in Karlsruhe and Frankfurt provide additional security. Frankfurt is also ISO 9001 certified.
We have summarized the most important comparison criteria in a checklist for selecting a cloud provider.

You still have questions about data protection and security in the ProfitBricks cloud? Then get in touch with us.