Virtual representation of a cloud with a magnifying glass in front of it, through which binary codes can be seen.

Perfect match: cloud, data protection, and compliance

Compliance with data protection requirements and security in the cloud? Sure it's possible, but there are quite a few things to consider!

The challenge: You need to know all of the respective laws and guidelines

The judgment of the European Court of Justice (ECJ) against the Transatlantic Privacy Shield triggered many discussions on data privacy and cloud computing. Data privacy specialists now recommend that precise checks are made as to whether personal data still in the public cloud is allowed to be processed by cloud providers outside of Europe. Often those responsible are not even aware when processes or technical solutions violate laws or internal compliance guidelines. Or do you know...

  • which data may be stored in a private cloud but not in a public cloud?
  • which information must remain within the jurisdiction of the EU?
  • which IT services are in use in the company – keyword "shadow IT"?

Corporate Governance: avoid compliance violations

Shield with a padlock against a dark blue background.

In order to bring your IT and applications in line with legal requirements (e.g. the GDPR) and compliance guidelines, you should clarify the following questions:

  • Which of your data may be transferred to a public cloud which processes and stores your data in data centers worldwide?
  • Which personal data may be transferred to a public cloud, but only within Germany?
  • When is it better to keep data in a private cloud or in on-premises systems?
  • How can a CRM system be used in the public cloud without violating the EU General Data Protection Regulation (GDPR)?
  • How can your data be encrypted in accordance with compliance requirements?
  • How do you ensure only authorized employees obtain access to the data – even if the data is located in different cloud systems around the world?

Benefit from the cloud and observe compliance guidelines and laws

A virtual graphic of the cloud, from which lines stretch out over a map of the world.

At T-Systems, we are aware of all of these challenges thanks to the experience we have gained during thousands of projects with large companies. Together with you, we create the technical framework needed to support your relevant compliance and legal requirements - also in the cloud. To achieve this, we operate some of the most secure data centers in the world. Such as the highly secure twin-core data center of T-Systems in Biere in Saxony-Anhalt – the "Fort Knox for data".

T-Systems migrates and operates cloud projects in accordance with the following principles and standards

We ensure the IT-security and integrity of your information, processes, and systems around the clock. And in doing so, we rely on our own standards. With our security standards such as ESARIS (Enterprise Security Architecture for Reliable ICT Services), we not only fulfill GDPR requirements, but also set the tone. Many other IT service providers now use our ESARIS approach to ensure secure and traceable service delivery themselves. The following additional principles and standards also apply to us:

SOC 1 and SOC 2

Service Organization Controls (SOC) 1 reports check the effectiveness of control systems via a historic review period of at least six months and facilitate company financial reporting tasks, such as year-end audits. The SOC 2 report assesses a market service to guarantee the ‘Trust Service Principles.’


The criteria catalog C5 (Cloud Computing Compliance Criteria Catalog) specifies minimum requirements of secure cloud computing. C5 offers cloud customers an important guide for choosing a provider.

ISAE 3000

The International Standard on Assurance Engagements 3000 from the International Federation of Accountants (IFAC) regulates the procedure for business audits beyond the audit reviews of financial information such as year-end accounts.

ISAE 3402

The International Standard on Assurance Engagements 3402 (see also SOC 1) is an international audit standard which regulates the auditing of an internal control system at a service provider by an auditor. It is particularly relevant for auditing financially pertinent systems.

Privacy and Security Assessment Procedure

At Deutsche Telekom, the PSA procedure is a key component of guaranteeing security and data privacy. It ensures that all projects focused on the development and launch of new technologies and products meet the high demands of technical security and data privacy.

Zero Outage

Zero Outage is a holistic quality assurance program from T-Systems. It has the clear aim of reducing outage times down to zero. To do this, measures are put in place on all levels: from state-of-the-art platforms and globally uniform processes with short fault clearance times to specially trained personnel and tried-and-tested risk management.

GDPR compliant and secure with the cloud: This is how we provide the technical requirements to meet your specifications

Ensure you play it safe!

We can help you: Work with us to establish the technical requirements for ensuring compliance and legally compliant data processing. Contact us!
Do you visit t-systems.com outside of China? Visit the local website for more information and offers for your country.