BDSG
On 1 February 2017, the German federal cabinet adopted a draft data protection bill. (“new BDSG”) to replace the existing Federal Data Protection Act of 2003. The new BDSG is intended to adapt the current German data protection law to the EU General Data Protection Regulation (“GDPR”). The planned implementation statute aims to supplement and further define the EU General Data Protection Regulation.
The new BDSG includes specific requirements that deviate from the GDPR in some respects, including with respect to the appointment of a Data Protection Officer and the processing of employee personal data.
Review our global compliance programs
Is Tata Communications BDSG compliant?
Companies operating in Germany should analyse the BDSG requirements and make sure that German operations comply with them.
The scope of TCL’s BDSG assessment is limited to privacy and information security requirements of IPC and ICS services and their supporting infrastructure that are applicable to Data Processor. We have also assessed the controls related to physical security and environmental safeguards of Command Centre. We have also assessed the controls related to physical security and environmental safeguards of Chennai Command Centre.
| Control Type | No. of Controls |
| Data Privacy | 9 |
| Technical and organizational Control | 43 |
| Tata Communications Vayu Cloud | In-Scope services |
| Compute | Cloud services, Virtual Services, Auto Scaling |
| Network | VPN Gateway, Load balancer, switches, router, WAF, Firewall, NFV |
| Storage/Backup | Block, File and ICS (Object) backup Scheduled data backup and data restoration |
| Database | Managed Oracle, MS-SQL, DB2 or MySQL database administration |
| Middleware | Managed Middleware service is offered on applications including JBOSS; TOMCAT; Apache Application maintenance |
| Hypervisor | VMware, Hyper-V and KVM |
| Load balancer | Static, Dynamic, Persistence : NFV-Virtual Appliance, Physical Appliance |
| Security | SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth |
ABOUT BDSG
The new BDSG is intended to adapt the current German data protection law to the EU General Data Protection Regulation (“GDPR”).
Other certifications
We offer a wealth of experience and a wide portfolio of products designed to help your business grow. Discover more exciting opportunities and create a truly bespoke solution.
Frequently asked questions
What is BDSG compliance and why is it important for cloud services?
BDSG compliance ensures that cloud services follow Germany’s national data protection requirements alongside the GDPR. It helps protect personal data, especially in areas such as employee information and technical controls. For businesses operating in Germany, it is essential for maintaining trust, meeting legal obligations, and ensuring secure, compliant data processing.
Which types of businesses require BDSG-compliant cloud services?
Any organisation operating in Germany or processing data belonging to individuals in Germany benefits from BDSG compliance. This includes sectors such as technology, finance, retail, manufacturing, telecom, and service providers handling employee or customer data. Compliance is key for meeting regulatory expectations and reducing privacy risks.
How can companies ensure their cloud infrastructure aligns with German data protection laws?
Businesses can maintain BDSG compliance by assessing their cloud environment, implementing strong technical and organisational controls, ensuring secure processing, and following strict access, security, and privacy requirements. Regular audits, monitoring, and alignment with GDPR principles also help maintain a compliant and resilient cloud infrastructure.
How does Tata Communications ensure its cloud infrastructure is BDSG-compliant?
Tata Communications supports BDSG compliance through structured assessments covering data privacy, technical controls, physical security, and environmental safeguards. Our in-scope services include compute, network, storage, backup, middleware, databases, and security. By evaluating 50+ controls, we ensure our platform aligns with German data protection expectations for processors.
Can Tata Communications provide BDSG compliance across compute, storage, and network services?
Yes, Tata Communications delivers BDSG compliance across a wide range of cloud services—including compute, storage, backup, VPN gateways, load balancers, firewalls, hypervisors, managed databases, and security services. Our compliance framework ensures that all key layers of infrastructure follow required privacy and security controls.
What role does a cloud provider play in maintaining BDSG compliance for its clients?
A cloud provider helps clients maintain BDSG compliance by offering secure infrastructure, audited controls, strong data protection measures, and transparent processes. This includes monitoring, encryption, access management, and physical safeguards. Providers also supply documentation and support needed for organisations to meet their legal responsibilities.
How does Tata Communications support businesses in managing compliance risks under BDSG?
Tata Communications strengthens BDSG compliance by offering robust privacy controls, technical security measures, and regular assessments of environments like IPC and ICS. We provide secure services across compute, storage, network, and security layers, helping businesses reduce risk, maintain data integrity, and meet German regulatory obligations with confidence.
What’s next?
Experience our solutions
Engage with interactive demos, insightful surveys, and calculators to uncover how our solutions fit your needs.
Exclusively for You
Stay updated on our Cloud Fabric and other platforms and solutions
Disclaimer: IZO™ Cloud is now Tata Communications Vayu Cloud. TATA COMMUNICATIONS VAYU branded services are available in India only.