Launch of AUDITOR: First GDPR Certification Specifically for Cloud Services Now Available

After the European Data Protection Board (EDPB) and the data protection supervisory authority LDI NRW already recognised AUDITOR as a data protection certification according to Article 42 of the GDPR in June 2024, the final step for its market deployment has now been completed. The German Accreditation Body (DAkkS) has accredited datenschutz cert GmbH as the first accreditation authority of the Federal Republic of Germany. This accreditation confirms that datenschutz cert GmbH meets the requirements for the conformity assessment of cloud services and is therefore authorised to assign the AUDITOR data protection certification.

With the successful examination, datenschutz cert GmbH is now registered for AUDITOR in the database of accredited conformity assessment bodies of the DAkkS.

The AUDITOR certification was developed as part of a project funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK) by a consortium of experts led by the Karlsruhe Institute of Technology (KIT) and the University of Kassel. It is the first certification specifically tailored to cloud services in accordance with Article 42 of the General Data Protection Regulation (GDPR).

The procedure has already been tested and validated in practice using several use cases and audited by the DAkkS, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW) and the European Data Protection Board (EDPB). Cloud service providers can now use the AUDITOR certificate to demonstrate their compliance with the requirements of the GDPR on the market.

The AUDITOR certification in accordance with the GDPR is in the interest of all parties:

• Cloud service providers can offer security and transparency with certification.

• Cloud customers are only allowed to work with cloud service providers who can provide sufficient guarantees for data protection compliance.

• The protection of personal data from end consumers is central to the AUDITOR certification for cloud services.

Independent audits and certifications

Independent audits and certifications have become well-established worldwide to provide objective proof that data protection and information security requirements are being adequately implemented.

“With AUDITOR, we finally have a certification developed specifically for cloud services based on GDPR standards. This strengthens European data sovereignty and provides users, businesses and public institutions with more legal certainty. Cloud customers can now specifically collaborate with providers that demonstrably meet high data protection standards,” says Andreas Weiss, Managing Director of eco – Association of the Internet Industry.

Further information about AUDITOR can be found here.