Open Telekom Cloud for professional secrecy holders

In this article you will read,

• why professional secrecy holders can use the Open Telekom Cloud without hesitation,
• how Telekom is committed to protecting confidential information in accordance with Section 203 of the German Criminal Code (StGB) and
• how the Open Telekom Cloud meets the highest security standards.

From doctors to lawyers and auditors to journalists – all these professions have one thing in common: they are subject to professional confidentiality, meaning that it is forbidden to disclose confided secrets to third parties. In the case of doctors, for example, this could be information about their patients. Section 203 of the German Criminal Code (StGB) stipulates that data on patients or clients of professional secrecy holders must be given special protection. Violations of these obligations can be punished with fines or imprisonment.

For a long time, therefore, new technologies such as the cloud could not be used by professional secrecy holders without further ado – and thus also the advantages of cloud computing. Outsourcing data was practically inconceivable. It was only with the revision of Section 203 StGB in 2017 that it became easier for professional secrecy holders to use external IT services such as cloud services.

However, professional secrecy holders can only use the cloud without hesitation if the cloud provider signs an additional agreement on the protection of secrets in accordance with Section 203 StGB. Deutsche Telekom has made this possible for the Open Telekom Cloud since the beginning of 2021: "With the agreement on the protection of confidential information, Telekom commits itself to the professional secrecy holder to keep the specially protected data private and thus also takes into account the requirements under professional law for the use of cloud services," says attorney Dr. Melanie Stein from Telekom's Law & Integrity department. "Access to the protected data on the part of Telekom as a cloud provider is limited to what is most necessary for the use of the service. The obligation to maintain confidentiality applies equally to the subcontractors involved in providing the service." The data can also be encrypted, which means that professional secrecy holders can use the Open Telekom Cloud without hesitation for storing and processing information that requires special protection.

One way to tell whether an IT service provider meets the highest security requirements is by looking at its Certificates. T-Systems' services, for example, are certified in accordance with ISO 27001 and TCDP 1.0/AUDITOR. In addition, the Open Telekom Cloud has been awarded the Trusted Cloud Seal of the Federal Ministry for Economic Affairs and Climate Action. This enables Telekom to demonstrate the compatibility of data processing operations with data protection requirements of the GDPR.

Telekom's data centers in Magdeburg and Biere are also among the most modern and secure facilities in the world. The goal: the greatest possible security for data in compliance with strict German data protection and the GDPR. The buildings are protected by state-of-the-art security systems. Access is strictly controlled; powerful emergency power generators ensure the power supply at all times. Telekom also protects its data centers from cyberattacks at the highest technical level. Permanent data availability is up to 99.999 percent ensured – this corresponds to the Tier 3+ security level.

Sensitive information is processed via the Open Telekom Cloud, which is also interesting as an operating platform for public corporations, for example. One example of this is the Chamber of Industry and Commerce for Munich and Upper Bavaria. Sensitive information is also processed there – for example, topics relating to trade law – and the chamber is legally obliged to provide special protection for this data. In concrete terms, this means that employees who come into contact with this data are bound to professional secrecy. "This goes beyond the basic data protection regulations and the GDPR. And we attach great importance to the fact that this also applies to the employees of our cloud service provider,” explains Roberto Schumann, Head of the IT Services department at the Munich Chamber of Industry and Commerce.