One year has now passed since the DSGVO came into force and its introduction caused a lot of unrest and has been hotly debated in recent years, as has the topic of data protection in public clouds. In an interview with Frank and Philip from Fresh Compliance, we explained how these two topics are related and how you can work in the cloud in accordance with the DSGVO. You can find all three parts of the interview here:
Fresh Compliance acts as a consulting company for data protection and data security and was founded in the time frame of the DSGVO. Frank and Philip had previously worked in the larger consulting companies and the law buisness, and soon noticed, that this very dusty consulting environment needed some fresh ideas. Fresh Compliance has made it its business, to help companies to understand and approach the DSGVO issue by providing practical advice. The topic of data protection and data security is important and affects all of us - both private individuals who provide their data and those who process the data accordingly. Thus, the topic has gained in importance especially for companies. This is also reflected in Fresh Compliance's customer base. Here a broad pallet of enterprises belong to the clientele: young enterprises, start-ups, KMUs up to large enterprises and companies groups.
Although the DSGVO came into force in 2016, the two-year transition period was not even known to many companies. This is due in particular to the media hype, which started only half a year before the deadline and caused unrest through panic-mongering. The companies came under time pressure and were often afraid of being warned. However, the wave of warnings has so far failed to materialise and, of course, even after the cut-off date the companies work diligently on DSGVO conformity.
The DSGVO is a European law in which 28 member states have participated in order to guarantee the harmonisation of the protection of personal data in all member states and to offer EU citizens a uniform level of data protection. After a long legislative process, combined with a lot of lobbying by various interest groups, the DSGVO has now been effective in all EU countries since 25 May 2018. The affected parties include both European and non-European companies that process data in Europe. The complexity of the issue is due to the fact that the DSGVO contains so-called opening clauses which enable the individual member states to draw up their own additional rules in various areas. For example, Germany has also enacted its own law in addition to the DSGVO: the Federal Data Protection Act. For companies, this means that they must observe two laws side by side: the DSGVO and the Federal Data Protection Act.
How business customers in particular move securely in the cloud and what you should pay attention to when choosing your cloud provider, is explained in part 2 of the interview.
Author: Christina Gluch