Two years ago on May 25th, the general data protection regulation or GDPR went into effect in the EU. It has been stretching the patience of nearly everyone involved, but also created a sense of urgency around data protection rarely seen before, says Tobias Gerlinger, CEO of ownCloud. Yet for many organizations it remains frustratingly elusive to judge which platforms, products and services comply with GDPR. Clear guidance from data protection commissioners could help clear things up for those in the market for software that stores and processes relevant user data.
In one recent example, Office 365 was judged to be fit for use in schools of the German federal state of Hesse only if any transmission of diagnostic data to Microsoft is prevented by administrators. Such band-aid solutions put an undue strain on IT departments. Schools as well as companies and other institutions need a thorough, comprehensive and dependable list of platforms, products and services deemed in compliance with GDPR by state and federal data protection commissioners.