Obligation to social confidentiality: secure cloud for 
social service providers

In this article you will read about,

• why social service data must be particularly well protected, 
• how Telekom meets this requirement with its commitment to maintaining social service data secrecy, 
• and why social service providers can use the Open Telekom Cloud without hesitation.

In order for social service agencies such as the providers of statutory health insurance, pension insurance, long-term care insurance, as well as employment and social welfare offices, to be able to do their work, they need to collect a lot of personal and sometimes sensitive data from those being insured. Social service providers collect personal data such as name, address, and date of birth, but also information such as pension insurance or tax identification number, in order to be able to provide their services properly. All of this information is summarized under the collective term “social data”. The legislator classifies this personal data of natural persons as particularly worthy of protection. It is therefore subject to social secrecy in accordance with Section 35 of the German Social Code I (SGB I). "The laws stipulate that social insurance providers may only process the personal data stored and processed by them within a very narrow and purpose-bound framework and must protect this data by taking correspondingly high technical and organizational measures," says Antje Rom, a specialist in-house lawyer at Deutsche Telekom. They must protect the sensitive information from unauthorized access and misuse in the course of data processing and may only disclose it to authorized persons.

If, for example, a statutory health insurance provider or a social insurance agency wants to host such information in an external cloud solution, this is not straightforward. "The IT service provider and its subcontractors must not only comply with the strict requirements of the German Social Code (SGB) and the GDPR, but also fulfill the obligation to maintain social service data secrecy if they process the personal data of individuals in the course of their services," says Antje Rom. In order to implement the data processing guidelines in compliance with the law, social service providers must take many legal as well as technical precautions. But individual agreements, contract adjustments, and lengthy coordination processes cost time and slow down digitalization plans. The Open Telekom Cloud has therefore already included the obligation to maintain social confidentiality in accordance with Section 35 SGB I as standard in all contracts in 2021. The cloud provider and all subcontractors involved in the service throughout the Group are thus committed to maintaining social confidentiality.

"The standard social data secrecy obligation for employees and service providers operating on the Open Telekom Cloud means that those providing social benefits can use the Open Telekom Cloud to host data covered by social service data secrecy in the cloud without any contractual adjustments or legal coordination," says Antje Rom. This gives insurers and public authorities a flexible, GDPR-compliant, and secure basis for their digitalization processes. To meet the high data protection requirements of laws, case law, and regulatory recommendations in the public administration, healthcare, and insurance sectors, Telekom hosts the Open Telekom Cloud exclusively in European data centers that are among the most secure and modern of their kind. It ensures that data processing only takes place within the European Union and that customers can take full advantage of the cloud's performance.

In addition to meeting high data protection requirements and using state-of-the-art services, the cloud offers further advantages. An adaptable IT infrastructure is essential for responding quickly and as needed to new requirements and unforeseeable events. The cloud offers social service providers a reliable and flexible basis for absorbing spontaneous peak loads without having to permanently reserve IT resources. This cuts costs and makes it easier to provide digital services to customers. But employees also benefit. With the cloud, government agencies and insurance providers can roll out the technological basis for digital processes and modern forms of work within a very short time. The result: increased efficiency, better customer centricity and increased value creation.

For many customers, these extensive security and data protection components of the Open Telekom Cloud are crucial. One example is the Widas Group, one of the leading European providers of Cloud Identity & Access Management. "With our login and multi-factor authentication solutions, we offer an IT security product ourselves. Of course, the security of the underlying infrastructure is crucial," explains Sadrick Widmann, CEO of Widas. In addition to a GDPR-compliant basis and hosting in Germany, the cloud for providing the services should cover as many regulatory requirements as possible, including meeting the requirements of social confidentiality bodies.
This is ensured by the obligation to maintain social confidentiality in accordance with Section 35 SGB I. In addition, the Open Telekom Cloud with the Financial Addendum also offers the possibility of use by BaFin-regulated companies as well as by professional secrecy holders through the obligation to protect secrets in accordance with Section 203 of the German Criminal Code (StGB).