T-Systems-Claim-Logo
Search
Office building is connected by lines and points with cloud

EU data protection for Microsoft 365

Cloud Privacy Service encrypts all content data and content meta data saved in Microsoft 365 and pseudonymizes the user’s information on its way to the cloud.

August 23 2021

More data protection in the public cloud

T-Systems encrypts all content data and content meta data saved in Microsoft 365 and pseudonymizes the user’s information on its way to the cloud. This allows Microsoft public cloud users to take advantage of the benefits offered by a cloud infrastructure while at the same time fulfilling the highest requirements stated in the General Data Protection Regulation (GDPR), including for personal data. Once it’s been set up, the Cloud Privacy Service will run unnoticed in the background. Thanks to encrypted storage, it is not possible for unauthorized third-parties to gain access to the data.

Man operating laptop in office with skyscrapers visible in window and cloud icon with lock in foreground

The Cloud Privacy Service encrypts and decrypts all data between the user and Microsoft’s servers. Only encrypted data is saved there. Despite this, Microsoft 365 can still function fully – this includes the full-text search and collaboration on documents. The user doesn’t notice the encryption at all. All they need is internet access. The solution employs highly-secure cryptographic keys with a key length of 256-bit (AES 256) in accordance with the Advanced Encryption Standard. T-Systems operates the Cloud Privacy Service from its own data center in Germany. The solution was developed in cooperation with Germany-based eperi GmbH, who specialize in data security, and builds on their gateway technology.

Data protection authorities audit companies

With the Schrems II judgement, the European Court of Justice (ECJ) determined that U.S. cloud services could no longer be operated in compliance with the General Data Protection Regulation (GDPR) based on the “Privacy Shield”, even if the servers were located in Europe. The standard contractual clauses are still generally permissible, although they alone are often not sufficient for protecting personal data. Data protection authorities in Germany have been spot-checking the implementation of the ECJ’s Schrems II judgment in companies by means of a questionnaire since June 2021.

More about this topic

We look forward to your project!

We are happy to provide you with the right experts and to answer your questions about planning, implementation, and maintenance for your digitization plans. Get in touch!

Do you visit t-systems.com outside of Germany? Visit the local website for more information and offers for your country.