AUDITOR certificate as proof of GDPR conformity for cloud providers
The AUDITOR research project was launched in 2017 as a follow-up project to the Trusted Cloud Data Protection Profile for Cloud Services (TCDP) by a selected team of experts led by Prof. Dr. Ali Sunyaev from Karlsruhe Institute of Technology (KIT) and with the support of ecsec GmbH, in order to develop a uniform certification procedure for cloud services throughout Europe, taking into account relevant standards.
In the first project phase (2017 to 2019) a conceptual design, exemplary implementation and testing of a sustainably applicable national data protection certification for cloud services was researched and developed with the support of experts from ecsec GmbH. Since cloud services are regularly offered in a cross-border setting, national certification procedures only provide limited benefits. The cloud provider would have to undergo a national certification procedure in each of the EU Member States in which it operates if it wished to prove the GDPR conformity of its service by a certificate. The AUDITOR certification procedure will therefore be further developed to become a European Data Protection Seal in the second project phase, which follows now.
"The AUDITOR project has already been very well perceived at national level and within our international activities, such as a workshop in Brussels. We are now looking forward to raising the results to the European level in the forthcoming project phase. In addition to the adaptation of the certification procedure, this also includes the advancement of the existing DIN-SPEC to a European standard. Data protection certifications such as these are an important part of the future development of the cloud market and ensure that the General Data Protection Regulation can unfold its full potential at European level," reports Prof. Dr. Ali Sunyaev.
"AUDITOR will create an internationally recognised certification procedure with which compliance to the General Data Protection Regulation can be proven in accordance to Art. 42 GDPR" adds Dr. Detlef Hühnlein. "This provides a solid foundation for the development of a trustworthy cloud service ecosystem and makes a significant contribution to the successful and sustainable digitalisation of Europe".
AUDITOR builds upon already existing data protection standards, such as the Trusted Cloud Data Protection Profile for Cloud Services (TCDP), which has already been fulfilled since some time by the internationally awarded and certified SkIDentity service of ecsec GmbH. The project, with a total volume of EUR 3.4 million, now has a duration of four years, was officially launched on November 1, 2017 and has now been extended by two years on November 1, 2019. A project meeting to present the results of the first project phase was already held on 18th of September 2019 at the KIT Campus in Karlsruhe with participation of all project partners, the DLR project sponsor (represented by Dr. Regine Gernert) and the Federal Ministry of Economics and Energy (represented by Dr. Alexander Tettenborn).
About the AUDITOR Project
The AUDITOR project, funded by the Federal Ministry of Economics and Energy (BMWi), develops under the direction of Karlsruhe Institute of Technology (KIT) and with the participation of selected experts from CLOUD&HEAT Technologies GmbH, datenschutz cert GmbH, DIN-Normenausschuss Informationstechnik und Anwendungen (NIA), DIN e.V., ecsec GmbH, EuroCloud Deutschland_eco e.V., eco - Verband der Internetwirtschaft and the University of Kassel a data protection specific certification procedure, with which the fulfilment of the requirements of the General Data Protection Regulation can be proven.
About ecsec GmbH
ecsec (https://ecsec.de/en) is a specialized vendor of innovative solutions in the sector of security in the infor-mation and communication technology, security management, smart card technology, identity management, web security and electronic signature technology. Based on experiences from several consulting projects with international reach ecsec GmbH counts to the leading providers in this sector and supports well known customers within the conception and implementation of tailor-made solutions. Due to the observance of current results of science and technology and current and future international standards, an excellent consulting quality and sustainable customer prosperity are guaranteed. For example, ecsec developed the Open eCard App and the Open eCard Library, which was the world's first Open Source "eID-Client" or "eID-Kernel" to be certified by the German Federal Office for Information Security and received numerous international awards for its innovative SkIDentity service, which enables "Mobile eID as a Service".
Number of words: 813
Dr. Detlef Hühnlein
Prof. Dr. Ali Sunyaev
Karlsruher Institut für Technologie (KIT)