Open Telekom Cloud for Business Customers

GDPR: Storing data securely in the public cloud

by Editorial team

On May 25, 2018 the General Data Protection Regulation (GDPR) will come into force across Europe. It will ensure better protection of personal data and at the same time it will bring immense challenges: Companies have to ensure that they comply with the stricter rules. And that is even if they host data in public clouds and operate across countries and continents. In a speech at the OpenStack Summit 2017 in Boston Sebastian Wenner of T-Systems explained what companies that want to use the public cloud have to do now to comply with the new regulation.

Tougher penalties for data protection violations

The GDPR is replacing the old EU Data Protection Directive, which has been in place for 22 years. Its aim is to clearly regulate how personal data is collected, processed, stored, deleted, transferred and used. Violations of the new regulation will result in severe penalties, something that poses a serious risk to companies. However, Wenner has tips for how companies can protect themselves: “Anyone using cloud technology should definitely be using open source products rather than proprietary solutions.” For example the Open Telekom Cloud, which is based on the OpenStack operating system. “There are no backdoors here through which the manufacturer has unnoticed access. The user has a complete view of every element and can check the security protections,” the cloud expert says.

It depends on the country’s laws: cloud location is decisive

Who, though, is actually affected by the GDPR? “It’s really quite simple,” Wenner says. “If a company does any business within the EU or stores data here, then the place of jurisdiction is the EU and the GDPR applies.” Many companies, however, have their headquarters in countries with relatively weak data protection laws, such as Ireland. Other countries also have long failed to meet the EU standards, as this interactive map by the market research firm Forrester Research shows. “There’s a lot of work to be done here until the new rules are implemented,” Wenner says.

How it works: Securing all cloud levels sufficiently

The solution? “Companies have to take responsibility,” Wenner says. To do that, they have to take a close look at all the different layers of their own cloud solution.

Image shows all 4 layers of a cloud solution: Internet, datacenter, cloud provider, virutal machine
Only when all the layers of a cloud solution are secure can the data stored there have optimal protection.

How it’s done: It is important to pay attention to secure encryption at the lowest level – that of the operating virtual machine (VM).  Furthermore, the cloud provider should have the correct certificates issued by trusted organizations such as the TÜV or the Cloud Security Alliance.  The operator’s team must be made up of trained, attentive and certified personnel. When it comes to the data centers, apart from trained staff, it is essential that there are physical security measures, such as access controls. Of the utmost importance, however, is a secure Internet transfer: If the connection is not sufficiently protected and encrypted, then data or systems could be compromised – regardless of how well the other layers are protected. “The bottom line: Think about all the access points where your data could be threatened and secure them,” Wenner says.

Sebastian Wenner’s full speech on the subject of GDPR is on YouTube. You can find further interesting information on the topic here: The 4 most important questions about the EU’s new data protection regulations.

Book now and claim starting credit of EUR 250


Do you have questions?

We answer your questions about testing, booking and use – free of charge and individually. Try it! 
Hotline: 24 hours a day, 7 days a week
0800 3304477 from Germany / 00800 33044770 from abroad

  • Communities

    The Open Telekom Cloud Community

    This is where users, developers and product owners meet to help each other, share knowledge and discuss.

    Discover now

  • Telefon

    Free expert hotline

    Our certified cloud experts provide you with personal service free of charge.

     0800 3304477 (from Germany)

    +800 33044770 (from abroad)

    24 hours a day, seven days a week

  • E-Mail

    Our customer service is available free of charge via E-Mail

    Write an E-Mail