Office building is connected by lines and points with cloud

EU data protection for Microsoft 365

Cloud Privacy Service encrypts all content data and content meta data saved in Microsoft 365 and pseudonymizes the user’s information on its way to the cloud.

23. August 2021

More data protection in the public cloud

T-Systems encrypts all content data and content meta data saved in Microsoft 365 and pseudonymizes the user’s information on its way to the cloud. This allows Microsoft public cloud users to take advantage of the benefits offered by a cloud infrastructure while at the same time fulfilling the highest requirements stated in the General Data Protection Regulation (GDPR), including for personal data. Once it’s been set up, the Cloud Privacy Service will run unnoticed in the background. Thanks to encrypted storage, it is not possible for unauthorized third-parties to gain access to the data.

Man operating laptop in office with skyscrapers visible in window and cloud icon with lock in foreground

The Cloud Privacy Service encrypts and decrypts all data between the user and Microsoft’s servers. Only encrypted data is saved there. Despite this, Microsoft 365 can still function fully – this includes the full-text search and collaboration on documents. The user doesn’t notice the encryption at all. All they need is internet access. The solution employs highly-secure cryptographic keys with a key length of 256-bit (AES 256) in accordance with the Advanced Encryption Standard. T-Systems operates the Cloud Privacy Service from its own data center in Germany. The solution was developed in cooperation with Germany-based eperi GmbH, who specialize in data security, and builds on their gateway technology.

From 1.99 euros per employee per month 

The Cloud Privacy Service offer is aimed at companies with 250 or more employees. The costs comprise a one-time set-up charge in the amount of 4,999 euros (net) and a monthly charge per employee. The rates for this start at 1.99 euros (net).

Data protection authorities audit companies

With the Schrems II judgement, the European Court of Justice (ECJ) determined that U.S. cloud services could no longer be operated in compliance with the General Data Protection Regulation (GDPR) based on the “Privacy Shield”, even if the servers were located in Europe. The standard contractual clauses are still generally permissible, although they alone are often not sufficient for protecting personal data. Data protection authorities in Germany have been spot-checking the implementation of the ECJ’s Schrems II judgment in companies by means of a questionnaire since June 2021.

More about this topic

We look forward to your project!

Do you have any questions concerning the planning, implementation or maintenance of your digitalization project? Contact us and one of our experts will be in touch with you to answers all your questions.

Do you visit t-systems.com outside of Denmark? Visit the local website for more information and offers for your country.