With StackWorks and Google, strict data protection is also easy

Data protection checklist

Do the new Data Protection Act coming into force on September 1, 2023, the implementing provisions in the new Data Protection Ordinance and the new Data Protection Certification Ordinance make you sleep badly at night because you still have a few tasks on the docket? Then you can now sit back and relax. Because we have educated ourselves for you as a Google Cloud customer or interested party and provide you with pragmatic support in technical matters. After all, the IT infrastructure is essential for secure data.

"Privacy by Design" and "Privacy by Default" are the magic words that make many people despair due to their complexity, but make our eyes light up as Cloud Consultants and Cloud Engineers of a Google Cloud Partner. Because this is what we are passionate about. Privacy by Design" is about fundamental technology design including measures and "Privacy by Default" here means the default configuration setting to "most private" - i.e. the selection of the most data-preserving option for the Data Subject. Only if the IT infrastructure is organized in such a way that it adequately protects personal data at all times can the provisions in the Data Protection Act, including measures for implementation, be complied with. Examples are:

• Correct data classification
  It enables to identify to which category which data belong and to recognize and handle all personal data safely.
  ‍
• ‍Legally compliant data processing
  All data processing should be legally compliant, for example with regard to the retention period of data and its deletion.
  ‍
• ‍Location in connection with data storage
  You need to know to which countries the data is transferred, even for cloud solutions. They should be on the Federal Data Protection Commissioner's list of secure third countries.
  ‍
• ‍Secure Access Management
  Managing the entire inflow and outflow of data involves controlling how your team accesses data and how it is output, such as in the form of reports, emails, and dashboards.
  ‍
• ‍Explainability
  The processing of personal data must be transparent, comprehensible and explainable. This also applies with regard to processing using AI and automated decisions.
  ‍
• ‍Contractual arrangements with service providers
  A contract is a contract. Make sure that all your data processors give you the necessary rights to fulfill your obligations under the Data Protection Act!
  ‍
• ‍Always check, even externally
  Have regular security audits performed to ensure that the latest adaptations and best practices are taken into account! For example, we offer a workspace audit and a Kubernetes security audit.

We are happy to take care of all these and other tasks related to your IT infrastructure. You can concentrate on the less complex steps with peace of mind! To ensure that you think of everything important, we have a checklist for you at the start.