German companies in the sights of data protection officers

Beware of warnings and fines: In the future, data protection supervisory authorities will carry out random checks without any indication of a violation. Read everything that German companies are facing in this blog post.

Back in August of last year, we discussed the Failure of the EU-US data protection agreement Privacy Shield reported. At that time, the European Court of Justice had declared the legal basis for the transfer of personal data from EU citizens to the USA to be null and void. The background was the inadequate data protection standards and the possibility for the US secret services to access the data.

In the future, random checks

Now there are increasing indications that the German data protection supervisory authorities are taking a closer look at companies that use US cloud services. Apparently, a group from the data protection conference of the federal states and the federal government is currently working on several catalogs of questions on this topic.

What is new in this context is that there is no longer any need for an express complaint about a possible violation of the European Data Protection Regulation (GDPR). “The aim of the campaign is to proactively address companies within the framework of a random sample,” says Hamburg data protection officer Johannes Caspar.

As part of this process, German companies must disclose the basis on which they use cloud services from the USA. If the supervisory authority does not like the answer, it can force the company concerned to switch providers. It gets even more devastating when the auditors discover a serious violation of the GDPR. In the worst case, fines of up to 20 million euros are due. According to the DSK, office software, video conferencing services and survey tools are particularly frequently affected by data breaches.

Cloud from Germany: the attractive alternative

Many large German companies, including Deutsche Bank, have recently moved their IT infrastructure to the US cloud. This could now become a pitfall.

“Privacy Shield and Save Harbor have taught us that the tug-of-war between the USA and the EU is far from settled. The topic of data protection will remain a major focus in the future. If you want to be on the safe side, choose a cloud provider from Germany – there companies get by far the best data protection.”
Sean Steuart, IT security officer at centron

The flight of many companies to the USA is surprising insofar as there are worthwhile alternatives, especially on the German market. Data centers with ISO 27001 certification, such as the centron data center, far surpass the high German level of data protection, which is already among the best in the world. With such a provider behind them, IT managers literally no longer have to worry about compliance with applicable data protection regulations.

Our tip: If you are currently still working with cloud services from abroad, look around immediately for alternatives – because in an emergency there is a risk of severe fines. Our IT consultants will be happy to answer your questions. You can reach our team of consultants via the following channels: Contact & Learn more. Companies in the sights of data protection officers.