This page is a compilation of information on the Trusted Cloud Data Protection Profile (TCDP) currently available in English. Documents are available for download below.

Preparations are underway to adapt TCDP to the European Data Protection Regulation, which will come into effect in May, 2018

Stiftung Datenschutz supports the AUDITOR project sponsored by the Federal Ministry of Economics and Technology.

Information on the Cloud Computing Compliance Control Catalogue (C5) is available at the website of the Federal Office of Information Security (BSI).

Why TCDP?

Cloud computing services are typically considered to be Commissioned Collection, Processing or Use of Personal Data according to Section 11 of the Federal Data Protection Act.

The FDPA requires organizations using cloud services to implement and follow technical and organizational measures to protect personal data. In practice, organizations must ensure that the cloud computing providers follow these procedures, which might put significant strain on their resources, especially if the organization is a small or medium sized enterprise and uses a large multinational service provider. Relying on the cloud computing provider’s assurance to protect personal data according to legal standards does not mean that the obligation to control the compliance is efficiently fulfilled. If this is the case, cloud computing does not meet the legal requirements according to Section 11.

The TCDP standard was developed to create a certification standard that meets all criteria defined in the FDPA. A cloud service provider with the TCDP certificate can be considered compliant with FDPA requirements, saving their clients the obligation to control the technical and organizational measures. The certification process can be tailored to the needs of the cloud service provider.

Supported by the Federal Ministry of Economics, a consortium consisting of members from enterprises, data protection authorities and legal scholars developed  a framework for a free and secure standard. The standard is currently under the administration of Stiftung Datenschutz, an independent German Foundation for Data Protection. Preparations are underway to adapt TCDP to the European Data Protection Regulation, which will come into effect in May, 2018.

Available documents (Only the German version is authoritative.)

Trusted Cloud Data Protection Profile for Cloud Services (TCDP) Version 1.0 Date of Publication: September 2016 Download [pdf]
TCDP Version 1.O Rules of Procedure for Certification According to the Trusted Cloud Data Protection Profile for Cloud Services Date of Publication: September 2016 Download [pdf]
Trusted Cloud Data Protection Profile for Cloud Services (TCDP) Version 0.9 Date of Publication: April 2015 Download [pdf]
Cloud Computing: Solutions in the Field of Data Procetion Law Date of issue: Octrober 2014 Download [pdf]	Working Paper – Modular Certification of Cloud Services Date of issue: March 2014 Download [pdf]
Working Paper – Protection Categories in Data Protection Certification Date of issue: April 2015 Download [pdf]	Position Paper – Basic Principles of a Certification Procedure for Cloud Services Date of issue: April 2015 Download [pdf]