Holiday photos or business databases – using a cloud service means to trust the provider. This is easier when the provider’s security measures are certified. The market of cloud service providers and certifications, however, is vast and unmanageable. The AUDITOR research project coordinated by Karlsruhe Institute of Technology (KIT) will provide clarity: The project partners design a data protection certification of cloud services for Europe-wide use in accordance with the new EU General Data Protection Regulation (GDPR).
Holiday photos or business databases – using a cloud service means to trust the provider. This is easier when the provider’s security measures are certified. The market of cloud service providers and certifications, however, is vast and unmanageable. The AUDITOR research project coordinated by Karlsruhe Institute of Technology (KIT) will provide clarity: The project partners design a data protection certification of cloud services for Europe-wide use in accordance with the new EU General Data Protection Regulation (GDPR).
Group photo of the kick-off meeting of the AUDITOR project in Karlsruhe. (Photo: KIT)
To reach the objective of a standardized certification, more than 25 partners of industry and science cooperate under the project funded with EUR 1.7 million by the Federal Ministry for Economic Affairs and Energy (BMWi). Among these partners are the German Federal Office for Information Security, Microsoft Deutschland, SAP, and TÜV.
First, scientists will develop a catalog of criteria for a certification according to GDPR. These criteria are to be standardized to form the basis of a DIN-SPEC (a preliminary DIN standard). It will serve as a basis of a European standard and the development of an EU-wide acknowledged data protection certification scheme.
Then, the project partners will develop a concept for using this certification scheme and will focus in particular on organizational structures and processes for certification. For this, modular certification and auditing processes will be specified and business models will be analyzed for the process.
In the course of the project of two years’ duration, the developed certification process and the catalog of criteria are planned to be tested and validated in practice.
More about the KIT Information · Systems · Technologies Center: http://www.kcist.kit.edu
Being “The Research University in the Helmholtz Association”, KIT creates and imparts knowledge for the society and the environment. It is the objective to make significant contributions to the global challenges in the fields of energy, mobility, and information. For this, about 10,000 employees cooperate in a broad range of disciplines in natural sciences, engineering sciences, economics, and the humanities and social sciences. KIT prepares its 22,800 students for responsible tasks in society, industry, and science by offering research-based study programs. Innovation efforts at KIT build a bridge between important scientific findings and their application for the benefit of society, economic prosperity, and the preservation of our natural basis of life. KIT is one of the German universities of excellence.