Decoupling of user data and encryption in compliance with the GDPR
Regulatory measures such as the General Data Protection Regulation (GDPR) place an obligation on companies and organizations to ensure comprehensive protection of the personal data they process in cloud platforms. In this regard, it is not enough to rely on the measures or promises of the cloud service providers.
So-called data exporters, i.e. any entity that transfers personal data to the sphere of influence of a third country, must check whether the European legal obligations can nevertheless be complied with and an adequate level of protection is guaranteed. If this is not the case, as for example in the case of the USA due to the scope of Section 702 FISA, E.O. 12333 or the CLOUD Act, concrete compensatory measures must be taken to ensure that the level of protection is really met. The relocation of the cloud providers' servers to Europe as the sole measure is not considered sufficient in this respect by current legal scholarship, as access by third-country authorities cannot be ruled out.
This poses a dilemma for all companies and public authorities that need to process personal data and do not want to do without the use of modern and efficient cloud platforms.
Our Cloud Data Protection Gateway R&S®Trusted Gate offers a tailored solution for this: by decoupling user data from the services of the cloud platforms, users can continue to use their daily workflows in the cloud applications, while the data to be protected is encrypted in compliance with the GDPR and stored in freely definable local or cloud-based data storage.
The cloud service providers do not have access to the protected data at any time, effectively preventing third party access. The legal security of this patented approach is confirmed by a detailed legal opinion by Prof. Dr. Heckmann (TU Munich).
Application example:
The Microsoft® 365 solution including Teams is already in use throughout the company. Employees appreciate the simplicity and functionality of this solution. The company wants to implement the GDPR requirements without restricting the user experience.
R&S®Trusted Gate meets these requirements by encrypting all chats and conversations in Teams. All files uploaded to teams are encrypted, fragmented and stored in self-defined locations. Important additional workflow functions such as full-text search, versioning or data exchange even with external partners continue to function without data content reaching Microsoft.
