Compliance

Compliance means adhering to legal, regulatory and internal requirements. In the cloud it mainly concerns data protection, information security and evidence obligations.

What does compliance mean?

Compliance means adhering to laws, standards, contracts and internal policies. The goal is to avoid legal and financial risk and to create trust and verifiability towards customers, partners and regulators.

Compliance in the cloud

With cloud services, responsibility for compliance stays with the customer. The provider must demonstrably support data protection and information security, for example through a data processing agreement (DPA), recognized certifications and attestations, and a transparent server location.

Relevant frameworks

  • GDPR: protection of personal data
  • NIS2 and DORA: cybersecurity and digital resilience
  • KRITIS: protection of critical infrastructure
  • ISO 27001 (certified) and BSI C5 (attested): information security
  • TISAX: information security in the automotive industry

How companies ensure cloud compliance

Key steps are choosing a provider based in Germany or the EU with suitable evidence, signing a DPA, using encryption, access control and logging, and excluding access from third countries.

Compliance with SecureCloud

SecureCloud is a German company hosting in Germany and subject only to German and EU law. The service is GDPR-compliant, BSI C5-attested, ISO 27001-certified and Trusted Cloud-certified; a data processing agreement is included.

Frequently asked questions

What is the difference between compliance and data protection?

Data protection is a subset of compliance and concerns the protection of personal data (GDPR). Compliance also covers all other legal, regulatory and internal requirements.

Is an EU server location enough for compliance?

An EU location is important but not sufficient on its own. If the provider belongs to a US group, the US CLOUD Act can compel access regardless of location. The operator and applicable law are decisive.

Which certifications matter for cloud compliance?

Key evidence includes ISO 27001 (certified), BSI C5 (attested) and Trusted Cloud. Depending on the industry, TISAX or evidence of GDPR compliance are also relevant.

Erfahren Sie mehr!

Unsere Experten beantworten Ihnen gerne alle Fragen.

Elevating business.