On 1 February 2017, the German federal cabinet adopted a draft data protection bill. (“new BDSG”)
to replace the existing Federal Data Protection Act of 2003. The new BDSG is intended to adapt
the current German data protection law to the EU General Data Protection Regulation (“GDPR”).
The planned implementation statute aims to supplement and further define the EU General Data
The new BDSG includes specific requirements that deviate from the GDPR in some respects, including with respect to the appointment of a Data Protection Officer and the processing of employee personal data.
Companies operating in Germany should analyse the BDSG requirements and make sure that German operations comply with them.
The scope of TCL’s BDSG assessment is limited to privacy and information security requirements of IPC and ICS services and their supporting infrastructure that are applicable to Data Processor. We have also assessed the controls related to physical security and environmental safeguards of Command Centre. We have also assessed the controls related to physical security and environmental safeguards of Chennai Command Centre.
|Control Type||No. of Controls|
|Technical and organizational Control||43|
|IZO Private Cloud||In-Scope services|
|Compute||Cloud services, Virtual Services, Auto Scaling|
|Network||VPN Gateway, Load balancer, switches, router, WAF, Firewall, NFV|
|Storage/Backup||Block, File and ICS (Object) backup
Scheduled data backup and data restoration
|Database||Managed Oracle, MS-SQL, DB2 or MySQL database administration|
|Middleware||Managed Middleware service is offered on
applications including JBOSS; TOMCAT; Apache
|Hypervisor||VMware, Hyper-V and KVM|
|Load balancer||Static, Dynamic, Persistence : NFV-Virtual Appliance, Physical Appliance|
|Security||SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth|